AllCompany NewsNew FeaturesBlog

TherapyNotes™ 4.50: Security Improvements

By TherapyNotes, LLC on July 25, 2019
TherapyNotes 4.50: Security Improvements - TherapyNotes

Improved Login Attempt Throttling

We've adjusted how we handle incorrect password attempts when logging in to make it faster to recover from a mistyped password but just as secure. Now, a typo or two won't cost you any extra time, but additional failed attempts (often more indicative of malicious intent) will make you wait progressively longer.

Protection Against Self-XSS Attacks

Cross-Site Scripting (or XSS) attacks occur when malicious code is injected into a trusted website and then reads or alters the page. While we already have safeguards in place to protect against these kinds of attacks, we've now implemented protection for users who fall victim to self-XSS attacks. A self-XSS attack is a social engineering attempt in which you, as a user of the website, are tricked into injecting malicious code into the page yourself, most often by copying and pasting code into the developer console of your web browser with the promise of some kind of reward or new feature. This almost always results in the attacker stealing your password, changing your password, or otherwise compromising the data in your account.

To help prevent our users from succumbing to a self-XSS attack, we've added a warning in the developer console when viewing TherapyNotes™ to remind you that you should never paste code that is given to you into the console. No code you inject will unlock any hidden TherapyNotes™ features or provide you any value—we promise! But if you do fall victim to this scheme, be sure to reset your password immediately and contact our support team to inform us of the attack.

Bug Fixes and Maintenance

Every release includes fixes for known bugs and general maintenance to keep our software in tip-top shape. Here are the fixes that you may notice:

  • We fixed a bug in which entering an adjustment with an insurance payment continued to show the adjustment amount as due by the payer on the Billing tab for the date of service.
  • We corrected an issue with the "Payments Leading to this Revenue" report in which exporting the data to Excel would, in rare circumstances, include items outside of the selected date range.
  • We fixed a couple of note-related interface inconsistencies, including an issue with line breaks on Psychiatry Progress notes and an issue with extraneous Diagnosis fields on Consultation notes.

In addition to these changes, we've also made major progress on other initiatives which we'll announce as they're released. Stay tuned!

* The content of this post is intended to serve as general advice and information. It is not to be taken as legal advice and may not account for all rules and regulations in every jurisdiction. For legal advice, please contact an attorney.

Never miss a post. Subscribe to receive our monthly newsletter.

Subscribe to Email Updates