Windows XP will not be supported by Microsoft
after April 8, 2014. This means no more security
fixes, which means it won't be HIPAA-compliant
after that date so you shouldn't use it.
However, it is probably best to upgrade to
Windows 8 now as Windows XP had a lot other
security problems.
There is a more pressing problem for HIPAA
compliance. The Dept. of Homeland Security
recently issued an advisory for all USA computer
users to remove Java software from their
computers.
This is not the typical virus warning that you
might get away ignoring. There are kits
available all over the Internet that allow bad
people to add a simple script to a webpage which
can give them complete remote access to your
computer. This gets launched by you visiting
that web page - you do not even have to click on
anything or approve anything. It can even be
hidden in a banner ad, so it can get placed on
any of the major websites. They can then take
anything off your computer and network, watch
every keystroke - steal your username, and
passwords to banks, online stores, as well as
all of your patient information. They can even
turn on your webcam and watch you. They are also
many cases where they just encrypt your hard
drive so all of your data is lost, and try to
extort money from you to fix it - even if you
give the money, they do not give you back the
data. Scary stuff!
http://www.kb.cert.org/vuls/id/625617
And worst of all, no anti-virus, anti-spyware or
firewall software can stop it.
The easiest way to fix this for now is to remove
Java completely: For older versions of Windows:
Click START, then Control Panel, then Add/Remove
Programs, then Remove JAVA. For Windows 8,
there is no start button anymore. To get to the
control panel, hold down the windows key and
press the C key. (C is for CHARMS). Click
SETTINGS, then CONTROL PANEL, then ADD/ Remove
programs, and remove JAVA.
Search google for other options.
THEN, once Java is removed, do a complete virus
check of your computer, using at least 2
different scanners. If anything serious is
found, do not bother removing it, you need to
back up your data, reformat the drive, and
reinstall windows and change your passwords on
EVERYTHING. This may be a good time to change
your passwords everywhere anyway as there is no
foolproof way of telling if you were hacked.
This might be a good time to discuss backups.
After Super Storm Sandy hit the northeast, I
heard from a few doctors who lost everything
from their computers. Most had only onsite
backups and everything was destroyed. One had
used an online backup system and was shocked to
find that the backups were encrypted and they
didn't know the password. It was in a file on
their computer which was lost. The tips:
1. You need a good backup system which backs up
locally inside your office - as well as an
online back system. You can backup to your home
computer or to the cloud. The backups have to be
encrypted - but you have to remember the
passwords, web address and the log-in
information to the service. Then - you need to
do a regular check (like once a month) that the
backups work and are readable.
Al Musella, DPM, Hewlett, NY, musella@aol.com
