• The form #10 does not exist or it is not published.
  • The form #15 does not exist or it is not published.


Imagine Blog

What We learned From an FBI Guy About Data Security

We won’t disclose his name or show you a picture of his face, but we will share with you, some of the most eye-opening secrets he shared, about things you should never do, and ways to increase your chances of staying safe from hackers who want to steal your information.

Data security is an increasingly hot topic now, especially with the recent data breaches in the healthcare industry. Hackers are smart, and they want your personal information including your credit card data, social security number and health records. What’s really scary is that the reality of the situation can best be described in a saying from our government friend stating, “There are those that have been hacked, and those that don’t know they’ve been hacked.” So how do you stay safe from these savvy hackers?

Here are some secrets you should start implementing today.

1. Stay clear of free Wi-Fi. “If it’s free, it’s NOT for me,” should be your new motto. Free networks are a breeding ground for easy hacks. Many hackers will disguise their data-stealing networks with one that mimics one that you trust. An example of this would be when you see multiple networks with similar but different names such as Starbucks2 vs Starbucks1. If you fall victim to logging in to a fraudulent network, they can start hacking and stealing your personal information. Next time you’re at a hotel, airport, or local coffee shop, don’t trust the free Wi-Fi, use your data instead. While your data plan may be pricy, the cost of having your identity or personal information stolen is far more expensive.

2. Lock down your home Wi-Fi or you can be held liable if someone uses your network to commit crimes. Pick a tough password and change it often. Passwords need to be complex, at least 14 characters in length with a combination of upper and lowercase letters, numbers and symbols.

3. Got spam? Have you ever been asked to receive or send money electronically by someone you don’t know? These offers are almost always scams and you can be held liable for a criminal offense if you follow through with the requests. Report such emails to http://www.ic3.gov/

4. Stop using your debit card to make purchases. Debit cards are incredibly more risky than using a credit card. Debit cards should be restricted for ATM use only. Because your debit card is tied directly to your checking account, when your information is stolen, real money is taken, unlike a credit card which is the bank’s money. While your bank may reimburse you for fraudulent charges on your debit card, you could end up waiting up-to two weeks for reimbursement.

5. You need a Company Security Policy- this policy should be handed out and signed by each employee so they are aware of what is expected of them. Expectations should include no passwords on post-it-notes, computers are locked down when employees are away from their desks, and employees shouldn’t open attachments or emails from people they don’t know.

6. Have a data breach plan. Are you compliant? If you’re unsure, be proactive and work with a team to uncover any risks or vulnerabilities in your network. A plan is vital, so that if a breach occurs, you’re not caught off guard and your plan should include your legal staff, media contacts, and staff members who understand your process. Practice your plan and host routine drills.

“Terrorism remains the FBI’s top priority. But in the not too distant future, we anticipate that the cyber threat will pose the number one threat to our country.” –Robert Mueller III, Former FBI Director. These hackers aren’t going away anytime soon, and educating staff is an easy and low-cost way to fortify your network. Host a monthly lunch and learn, teaching employees how to protect laptops and mobile devices. Being proactive versus reactive may not help you stay completely safe from hackers, but it does give you a better chance to decrease your risks. 


Data Security for your Medical Practice

My Password is Password!
In today’s age of “Cybersecurity”, “Cyber-Attacks”, and “Cyber insert any word here”, many companies find themselves datasecuritypicstruggling to keep up with the cutting edge techniques used to breach safeguards.  Malware, spyware, adware, rootkits, and the list goes on and on.  Your IT staff has been tasked ith the impossible task of staying ahead of the “bad guys” by preventing attacks from every angle.  Countless hours researching techniques and discovering new ways that the hackers might get in.  However, the most dangerous person to your company’s valuable information might just be sitting in front of your computer screen right now!

It is estimated that 75-80% of the 40+ million cyber-attacks in 2014 involved weak passwords, with the average “cyber” incident costing $720,000, most companies just can’t afford a loss of that magnitude.  In the medical industry the costs can grow exponentially with patient privacy at risk.  As we saw with the Target in 2013, just one data breach can throw a $145 million wrench in the cogs.  By ensuring that employees have a strong password, a company can all but eliminate the 75-80% of cyber-attacks that prey on weak passwords and I’ll prove it!

In 2014, the top two passwords were 123456 and password, which would be determined within the first second of a brute force attack.  Below, I’ll give you some sample passwords, and the maximum amount of time that it would take to figure it out with today’s technology.

dog – .000004394 seconds
sparky – Instantly (Top 100 most used passwords)
barks -  Instantly (Top 10,000 most used passwords)

There are three passwords above that are highly logical for a person that has a dog named Sparky who barks.  If you were to put them together while adding a number and special character, the time required to crack the password changes drastically:

Myd0gSp@rkyBarKs – 12 trillion years

At ImagineSoftware, we have a password policy that requires 14 characters with an uppercase, lowercase, special character, and number to be changed every 30 days. 

With just a little bit of consideration about your password, YOU can be your company’s most valuable asset in the fight against cyber-attacks.  With the medical industry constantly having to be diligent with HIPPA standards, this is a no-brainer.  So next time you change your password, make sure to remember that you could be the deciding factor on whether your data is breached or remains safe, as well as that of your patients.  

As a tip:  Choose a password that is reasonably long and is not made up of simple words.   Do not use things that are obvious such as your name, children or pets names and stay away from easily found dates like birthdays and anniversaries.  Make sure to mix it up and use symbols, punctuation and numbers to help.  Above all else, don't write it down where it can be found, and don't give it out.  YOU are the first and biggest line of defense!

An Interview with Imagine CEO, Sam Khashman

Imagine’s fearless leader and CEO, Sam Khashman, sat down with the team at the RBMA Bulletin to talk about taking business risks, data security, and the changing trend in practice collections. Take a look at what he had to say in the RBMA May-June Bulletin Thought Leader spotlight:

When you founded the company, did you have a sense of what it would grow into and that you would still be running it today?
Thinking back to the beginning, our vision, endless ideas and drive would have had us bigger and more successful in our own minds. I think we always thought of super success without an end in sight. We probably didn’t quite think about all the mountains we would have to climb and the hurdles that we would have to overcome; and that endless ideas and drive command an equal amount of resources. I am certain that every entrepreneur firmly believes in their success and the immortality of their idea, their company and their team. In our case, we set nonnegotiable goals. Success and servant leadership are on top, and we are grateful that they have been well received for 15 years.

How important has taking risks and innovating been to your company’s overall success?
I believe that taking more risks than anyone else thinks is practical and surrounding yourself with a very creative team that can execute is key to any company’s success. The French romantic Victor Hugo wrote, “nothing is as powerful as an idea whose time has come.” In modern times we might add “…and a strong team and likeminded partners that can execute and maintain relationships.” Additionally, we believe that servant leadership and continuous innovation of systems, processes and products play a vital role.

Data security is becoming a big challenge for healthcare. Have you seen the need for security go up since ImagineSoftware was launched?
The healthcare IT landscape has changed significantly and the need for security has dramatically increased since we first began our journey. Cybersecurity was a Star Trek, insider, geek term in 2000. Today cyber-attack, -breach, -security are on the minds of most Americans and front and center for any business with sensitive data. Particularly scary breaches are the ones that involve PHI and surrounding information because these constitute the most severe breach of privacy. It seems that not a week goes by without news breaking of a healthcare system, practice or cloud provider being breached. Unfortunately, most breaches are successful on the attacker’s end and a failure on the side of the folks charged with safeguarding the data. The short version is that if an individual actor, an organization or even a foreign government spends enough time and resources, they will likely be able to get in.

Our company has implemented multilevel systems to include intrusion prevention and intrusion detection at the n-point in addition to putting in place the proper protocols for stop-of service and risk mitigation. We have added an entire department of high powered cyber folks headed up by our chief strategy officer, a veteran in the cyber field who has implemented mission-critical systems for national interests. These folks are available to our clients and assist in critical infrastructure design well beyond the Imagine system. Finally, we have built our own data center to ensure that we provide clients who like the convenience that cloud-based systems bring but don’t want to take a gamble on a third party with a viable alternative.

What do you anticipate will happen to practice collections and how will Imagine play a role?
The recent reimbursement cuts and the combination of procedures that hit radiologists’ pocket books may have been just a preview to what the mounting patient responsibility component will become. The theory was that true self-pay would disappear, but the reality is that the dollar volume simply shifted from one bucket to the next. Deductible, self-pay after insurance, enrollment periods, etc. impact collections more now than ever before. In anticipation of this shift, we helped create a number of patient payment solutions that assist our clients in the collection effort while maintaining a healthy and positive relationship with the patients. Imagine makes these options and systems available to its clients without the need or cost of additional software licensing. Our clients have had great success in not just the mitigation but also the increase of income on this journey.

8757 Red Oak Blvd.
Charlotte, NC 28217
Tel: 704.553.1004
Fax: 704.553.1006