TherapyNotes™ 4.50: Security Improvements

By TherapyNotes, LLC on July 25, 2019
190722-release-450-100x100

Improved Login Attempt Throttling

We've adjusted how we handle incorrect password attempts when logging in to make it faster to recover from a mistyped password but just as secure. Now, a typo or two won't cost you any extra time, but additional failed attempts (often more indicative of malicious intent) will make you wait progressively longer.

Protection Against Self-XSS Attacks

Cross-Site Scripting (or XSS) attacks occur when malicious code is injected into a trusted website and then reads or alters the page. While we already have safeguards in place to protect against these kinds of attacks, we've now implemented protection for users who fall victim to self-XSS attacks. A self-XSS attack is a social engineering attempt in which you, as a user of the website, are tricked into injecting malicious code into the page yourself, most often by copying and pasting code into the developer console of your web browser with the promise of some kind of reward or new feature. This almost always results in the attacker stealing your password, changing your password, or otherwise compromising the data in your account.

To help prevent our users from succumbing to a self-XSS attack, we've added a warning in the developer console when viewing TherapyNotes™ to remind you that you should never paste code that is given to you into the console. No code you inject will unlock any hidden TherapyNotes™ features or provide you any value—we promise! But if you do fall victim to this scheme, be sure to reset your password immediately and contact our support team to inform us of the attack.

Bug Fixes and Maintenance

Every release includes fixes for known bugs and general maintenance to keep our software in tip-top shape. Here are the fixes that you may notice:

  • We fixed a bug in which entering an adjustment with an insurance payment continued to show the adjustment amount as due by the payer on the Billing tab for the date of service.
  • We corrected an issue with the "Payments Leading to this Revenue" report in which exporting the data to Excel would, in rare circumstances, include items outside of the selected date range.
  • We fixed a couple of note-related interface inconsistencies, including an issue with line breaks on Psychiatry Progress notes and an issue with extraneous Diagnosis fields on Consultation notes.

In addition to these changes, we've also made major progress on other initiatives which we'll announce as they're released. Stay tuned!

* The content of this post is intended to serve as general advice and information. It is not to be taken as legal advice and may not account for all rules and regulations in every jurisdiction. For legal advice, please contact an attorney.

Share:

Previous Post:
How to Grow Your Practice With Your Therapy Website
Next Post:
Community Engagement Wins All Day (Marketing Strategies That Actually Work)
Get more content like this, delivered right to your inbox. Subscribe to our newsletter.

More Content You'll Enjoy

What’s New: New Sidebar Navigation, New Security Setting & New Outcome Measure!
We have a few exciting updates for TherapyNotes® to share with you today! Introducing...
What’s New: Enhanced Calendar View Options
We’ve updated the Set Calendar View dialog with several new filters to help group...
Maintenance 2024.10
As with all maintenance releases, TherapyNotes® 2024.10 includes numerous system-wide...
We're here for you every day of the week. (215) 658-4550
What our customers are saying: “I just switched to TN five months ago. Customer service at TN is unmatched and my transition to them was easy. The cost is also awesome! Plus they are taking notes and making new improvements daily. Personally, I love it here!” By Deirdre on April 2, 2024
Highest Rated EHR onTrustpilot
4.8 out of 5 Trustpilot stars 2,006 Reviews
TherapyNotes logo
© TherapyNotes, LLC. All Rights Reserved.
California Consumer Privacy Act (CCPA) Opt-Out Icon Your Privacy Choices
Privacy Policy Terms of Service