EHRs continue to be a challenge for HHS

From: Healthcare IT News, Erin McCann, Managing Editor, November 20, 2014

A report from HHS’ Office of Inspector General outlines the top challenges faced by the Department of Health and Human Services in FY 2014. Among them: meaningful use and interoperability. The office also highlighted several areas HHS continues to struggle with heading into 2015, including electronic health records.

First, HHS oversight of the EHR Incentive Programs has been significantly lacking and ultimately “vulnerable to inappropriate payments to participants that do not meet program requirements.” The Centers for Medicare & Medicaid Services, for instance, has paid out more than $25.4 billion in incentives payments to eligible hospitals and providers that have demonstrated meaningful use, but have failed to implement adequate controls ensuring that those participants were actually entitled to the federal money. <READ MORE>

The Data Guardian: Transforming Legal IT

From: Law Technology Today, Posted by: Anthony Foy September 11, 2014

Just like nearly every other knowledge worker, legal professionals are becoming more mobile than ever. Based on recent research commissioned by Workshare, 96 percent of legal professionals are accessing documents on the move, with as many as 84 percent requiring access to work documents outside of the office to get their jobs done. This requirement for mobile working is being sufficiently met with an abundance of cloud-based file sharing applications in the marketplace, but this is often at the expense of security.

More than half of employees are bypassing corporate policies and opting instead for unsanctioned file sharing applications – like Dropbox and Google Drive – and risk exposing sensitive and high-value legal documents. Not all law firms are equipped with their own security and risk management teams, which leaves essential data protection responsibilities unclaimed. And as consumer-grade apps continue to flood the workplace, it’s time for someone to regain control of corporate data and content. <READ MORE>

Inspiration From 10 Entrepreneurial Heavyweights

From: Intuit QuickBooks, by Leslie Barber on November 11, 2014

A few weeks ago, I attended the QuickBooks Connect conference with thousands of other small business owners, accountants and developers. I listened to many accomplished entrepreneurs share their experiences as well as tips they’ve learned along their journeys. Below are some of my favorite inspirations and tidbits.          <READ MORE>

Am Law Survey — Information Security a Top Concern

From: Law Firm Risk Management Blog, American Lawyer Survey, 11/1/14

The American Lawyer has just published its annual technology survey: “Survey: Data Security Is Tech Chiefs’ Top Worry

  • “Worries about data security have reached new heights, our annual technology survey shows, with potential threats coming from outside the firm, and within.”
  • “Yet one topic dominates the discussion. In response to our question asking technology directors about their biggest challenges, 55 percent cited security, by far the most frequent answer. And overall, 74 percent of the chiefs say they are more concerned about security now than they were two years ago. Their clients are concerned too. While security was a leading topic on last year’s survey [“A Secure Location,” November 2013], the focus has only become more intense—and more time- and budget-consuming.”
  • “‘Five years ago, we didn’t have client security audits,’ says Gary Becker, the chief information officer at Reed Smith. ‘We’ve had over 15 of them this year.'”
  • “For law firm CIOs, the result is often a to-do list of remedial measures—new security hardware and software that must be deployed to satisfy the client, whose hypervigilance, several chiefs said in follow-up interviews, stems from multiple sources, including headlines hammering companies that suffered data breaches and beefed-up regulations, particularly in the finance and health care sectors.”
  • “But it is also time- and resource-consuming. Reed Smith now has three full-time staffers ‘dedicated to meeting the security requirements of clients,’ says Becker. ‘That’s three people I didn’t have five years ago.'”
  • Other firms have similarly bulked up on security experts. Vinson & Elkins, for instance, now has a full-time security director it didn’t have a few years ago. ‘There are a lot of steps we need to do now to meet client expectations on security,’ says the firm’s CIO, Dennis Van Metre. It’s not just a matter of installing the systems the client asks for, he says, but also ‘asking the questions our clients will ask us’ whenever a new tool, service or product is evaluated, from cloud computing to tablets to online deal rooms.

How to Transition from Spreadsheets to Accounting Software

From: Intuit QuickBooks, by Michael Ansaldo on October 27, 2014

Thanks to its presence on just about every business-class computer, Microsoft Excel has become the de facto tool for handling basic small-business accounting tasks. But while spreadsheets can be useful for a startup, they inevitably become cumbersome — and potentially harmful — when managing financial data for a growing business. When you have more than a handful of clients and transactions, it’s time to move on to accounting software. Here’s how to make the transition.

Why You Should Switch to Accounting Software

As your customers, vendors, and transactions increase, managing them in Excel becomes exponentially more complicated. Reporting — which requires you to manually enter specific formulas to get the information you want — becomes particularly time-consuming when working with large amounts of data. Also, spreadsheets are only as accurate as the person entering the information, and studies show the error rate increases with the complexity of the spreadsheet. Just ask JPMorgan about the devastating effect an Excel blunder can have on the integrity of your data.           <READ MORE>

Hackers swipe data of 60K in vendor HIPAA breach

From:Healthcare IT News, by Erin McCann, Associate Editor, 11/12/14

A state insurance plan subcontractor is at the center of a serious security incident after hackers gained three months of unfettered access to its computer system, compromising thousands of members’ health records. What’s more, despite discovering the HIPAA breach in April, it took officials some four months to notify those affected.

The Dallas-based Onsite Health Diagnostics – a medical testing and screening company, which contracts with the state of Tennessee’s wellness plan – notified 60,582 people that their protected health information was accessed and stored by an “unknown source.” The breach affected members from the Tennessee’s State Insurance Plan, Local Government Insurance Plan and Local Education Insurance plan.

[See also: Vendor sacked for HIPAA breach blunder.]

The system accessed, as OHD officials pointed out in an August notification letter, was not in official use since fall 2013. Health benefit member names, dates of birth, addresses, emails, phone numbers and gender were compromised in the incident. <READ MORE>

How the House from “A Christmas Story” Spawned a Small Business

From: Intuit QuickBooks – by Neil Cotiauxon November 10, 2014

Love the movie and the story behind the original house that is now a museum.

Sometimes, the quirkiest things can spark a novel business idea. Like a lamp shaped like a woman’s leg in a now-classic holiday film.

That lamp, along with an ill-fated turkey and other rib-tickling reminders of A Christmas Story, beckons tens of thousands of visitors a year to A Christmas Story House, tucked away on a side street in Cleveland, Ohio.

Spun from radio monologist Jean Shepherd’s memories of his Indiana boyhood, the 1983 movie in which the kitschy lamp appeared has become must-see TV each year for tens of millions of viewers who delight in the hijinks of Ralphie, The Old Man, and other quintessentially American characters.

“It was a hit right out of the gate for our family,” says Brian Jones, founder and owner of A Christmas Story House and several affiliated businesses.

When a failed vision test dashed Jones’s dreams of becoming a Navy pilot, his parents cheered him up with a homemade replica of The Old Man’s leg lamp, an oddball gift that got Jones’s entrepreneurial juices flowing.

Working out of his San Diego condo in 2003, Jones single-handedly assembled hundreds of lamps to sell on his website,, with his pickup  truck serving as collateral for parts. When sales took off, he outsourced production to China. <READ MORE>

Masque Attack – New iOS Vulnerability Allows Hackers to Replace Apps with Malware

From: The Hacker News – November 10, 2014

Android have been a long time target for cyber criminals, but now it seems that they have turned their way towards iOS devices. Apple always says that hacking their devices is too difficult for cyber crooks, but a single app has made it possible for anyone to hack an iPhone.

A security flaw in Apple’s mobile iOS operating system has made most iPhones and iPads vulnerable to cyber attacks by hackers seeking access to sensitive data and control of their devices, security researchers warned.

The details about this new vulnerability was published by the Cyber security firm FireEye on its blog on Monday, saying the flaw allows hackers to access devices by fooling users to download and install malicious iOS applications on their iPhone or iPad via tainted text messages, emails and Web links. <READ MORE>

Alert (TA14-310A) Microsoft Ending Support for Windows Server 2003 Operating System

From: United States Computer Emergency Readiness Team, 11/10/14

Systems Affected

Microsoft Windows Server 2003 operating system


Microsoft is ending support for the Windows Server 2003 operating system on July 14, 2015.[1](link is external) After this date, this product will no longer receive:

  • Security patches that help protect PCs from harmful viruses, spyware, and other malicious software
  • Assisted technical support from Microsoft
  • Software and content updates


All software products have a lifecycle. End of support refers to the date when Microsoft will no longer provide automatic fixes, updates, or online technical assistance.[2](link is external) As of July 2014, there were 12 million physical servers worldwide still running Windows Server 2003.[3](link is external)


Computer systems running unsupported software are exposed to an elevated risk to cybersecurity dangers, such as malicious attacks or electronic data loss.

Users may also encounter problems with software and hardware compatibility since new software applications and hardware devices may not be built for Windows Server 2003.

Organizations that are governed by regulatory obligations may find they are no longer able to satisfy compliance requirements while running Windows Server 2003.


Computers running the Windows Server 2003 operating system will continue to work after support ends. However, using unsupported software may increase the risks of viruses and other security threats. Negative consequences could include loss of confidentiality, integrity, and or availability of data, system resources and business assets.

The Microsoft “Microsoft Support Lifecycle Policy FAQ” page offers additional details.[2](link is external)

Users have the option to upgrade to a currently supported operating system or other cloud-based services. There are software vendors and service providers in the marketplace who offer assistance in migrating from Windows Server 2003 to a currently supported operating system or SaaS (software as a service) / IaaS (infrastructure as a service) products and services.[4(link is external),5(link is external)] US-CERT does not endorse or support any particular product or vendor.



  • November 10, 2014: Initial Release

4 Reasons to Migrate to the Cloud in 2014

From: Intuit QuickBooks, by Angela Stringfellow on January 28, 2014

Good information to consider as 2014 comes to an end.

Thinking of migrating to the cloud in 2014? Many small-business owners are realizing the value of handling essential processes, such as storing data and maintaining the necessary hardware to do so, remotely. Software-as-a-Service (SaaS) and Infrastructure-as-a-Service (IaaS) solutions may be just the ticket to help you ride the waves of change and growth.

What Are IaaS and SaaS?

IaaS refers to the infrastructure of an off-site data center: hard drives, servers, and networking components. An IaaS provider maintains the equipment, renting space and services out to multiple customers. This allows small businesses to share in the costs of maintaining a data center and avoid the hassles of securing real estate and hiring staff to keep it running.

SaaS operates on the same premise but refers to software applications hosted in the cloud and accessed via the internet. Again, the SaaS provider handles all the security, maintenance, and upkeep off-site, allowing multiple customers to share in the costs and reap the benefits of a high-end program, such as a customer relationship management app.

Why Should I Move to the Cloud?

Whether your small business needs a data center or you’re looking for better, more affordable software that can accommodate your company’s evolving needs, here are four compelling reasons to migrate to the cloud in 2014. <READ MORE>