Paubox blog: HIPAA compliant email made easy

Paubox Weekly: Zero-day flaw in Barracuda's Email Security Gateway

Written by Dean Levitt | May 27, 2023

Hello world!

Today’s Paubox Weekly is 485 words - a 2 minute read.

 

1. Zero-day flaw in Barracuda's Email Security Gateway

Barracuda, an email and network security provider, recently identified a vulnerability in its Email Security Gateway Appliance (ESG). The flaw was found in a module that initially scans the attachments of incoming emails.

What they're saying: “If a customer has not received notice from us via the ESG user interface, we have no reason to believe their environment has been impacted at this time and there are no actions for the customer to take,” the company said.

However, according to CRN, Barracuda didn’t specify how many customers were affected, and said that it’s not sharing further details.

The company continues to monitor the situation

 

 

Did you know?

You can earn $250 for every organization you send our way. Here's how.

 

 

2. Fertility app faces $200,000 penalty for sharing data

Premom Ovulation Tracker has agreed to settle a Federal Trade Commission (FTC) complaint alleging unlawful data sharing. In the worst-case scenario, third parties could track individuals' unique fertility situations. 

Why it matters: The FTC alleged that the company deceived users by sharing personal information with third parties, including AppsFlyer, Google, and two other China-based firms. The incident allegedly violated the Health Breach Notification Rule and affected hundreds of thousands of users.

Banned from sharing PHI

 

 

3. Does my website need to be HIPAA compliant?

Healthcare websites that collect, store, or process PHI are subject to HIPAA regulations and need to be HIPAA compliant. 

The details: Websites facilitating interactions between patients and providers should pay close attention to HIPAA compliance. These interactions may include patient communication, appointment scheduling, and online submission of sensitive health information.

When does a website need to be HIPAA Compliant?

 

 

4. Can software be partially HIPAA compliant?

Some software services claim they can be used in a HIPAA compliant manner, without the need for a BAA. 

The bottom line: There is no partially compliant software. Any software that handles PHI must be fully HIPAA compliant and be willing to sign a business associates agreement.

Get a BAA signed!

 

 

Community links

  • How to create HIPAA compliance policies for a mental health practice. Link
  • How to perform a risk assessment. Link
  • Understanding HIPAA violations and breaches. Link
  • What whiteboard apps are HIPAA compliant? Link
  • How to stay HIPAA compliant on social media. Link

 

Good reads from around the web

  • Network server breaches affected 4,259,256 individuals.
  • Email breaches were the second most common breach, with 127,974 people affected.
  • Paper/films breaches affected 35,025 people, the third most common breach type.

Read the full breach report

 

Good reads from around the web

  • Chinese hackers breach US critical infrastructure in stealthy attacks. Link
  • The FDA will apparently let Elon Musk put a computer in a human’s brain. Link
  • AHA urges OCR to finalize HIPAA privacy proposal, suspend online tracking guidance. Link
  • Scope-of-practice measures improve patient safety. Link
  • FTC proposes changes to Health Breach Notification Rule. Link
  • People too tired to lead healthier lifestyles, UK survey finds. Link