How the Ransomware Crisis Is Impacting Healthcare Data Security

August Blog # 4 (1)A recent string of high-profile cyberattacks is renewing fears of the increasingly coordinated and sophisticated attacks that can be used against healthcare organizations. According to a recent report from IBM’s worldwide security services operations, the healthcare industry broke back into the top five of the most frequently targeted industries in 2015.

A growing number of these attacks have come in the form of ransomware, where malware programs are unknowingly introduced through e-mails and e-mail attachments are used to hold critical data systems hostage.

Businesses Under Siege

Clinical information systems at hospitals, clinics, and treatment centers handle a wealth of personal and confidential data found in electronic health records (EHR), including Social Security numbers, credit card data, and medical history — making them prime targets for a variety of cyberattacks, including ransomware attacks.

One hospital had its clinical information systems shut down for over a week due to a ransomware attack. The cybercriminals behind it held these systems hostage for $3.6 million before settling on $17,000 paid in Bitcoins and restoring access to the hospital’s data. Another health system had its clinical information system shut down due to a virus-based hacking attack, complete with a digital ransom note. It took weeks for officials to restore access to its data.

New Threats, But Little Preparation

The drastic surge in cyber security threats has left healthcare IT leaders throughout the U.S. struggling to keep pace. Unfortunately, the healthcare industry has seemed ill-prepared to combat ransomware and other cyber security threats. Current challenges facing patient care organizations and the healthcare industry in general include:

  • Little to no awareness of the magnitude and intensity of the ransomware problem in U.S. healthcare
  • Minimal investment in data security when compared to other industries
  • Little to no data security strategic planning and an inability to execute strategic plans
  • Insufficient training, expertise, and preparedness among those tasked with data security
  • Insufficient staffing within information security departments
  • Reluctance among C-level executives and boards of directors to directly address ransomware and other cyber security threats

What Can Be Done

In an effort to protect themselves against cyberattacks, a growing number of patient care organizations in the U.S. are hiring chief information security officers (CISOs) to lead anti-cyberattack efforts. However, the effectiveness of the CISO relies on sufficient funding, support personnel, and support at the C-suite and board levels. A lack of buy-in and support from C-level executives and board members can stymie efforts to develop an effective force against ransomware and other cyberattacks.

In addition to guaranteeing funding, staffing, and top-level support, healthcare IT leaders should focus on developing a comprehensive strategic cyber security plan. Such plans should include common-sense security measures, including:

  • Daily backup of core information systems
  • Use of security operations centers (SOCs) and other external services
  • Implementation of role-based access systems
  • Enterprise-wide training of all IS end-users on a regular basis

These efforts to implement a successful data security/cyber security apparatus can help the healthcare sector overcome its vulnerability to ransomware and other malicious attacks.

If your company is dealing with its own cybersecurity issues, ROI Networks can help it move in the right direction. Contact us today for a no-obligation security session.

Using UC in a Contact Center: Two Key Factors to Consider

August Blog # 3 (1)Unified communications (UC) provides a perfect solution to the everyday needs of contact center agents, who often juggle many different types of communications while serving customers. Considering that many call centers deal with incoming requests from dissatisfied customers, the need for an efficient and high-performing UC system is amplified.

By correctly identifying core capability needs and potential challenges, the system will be more robust and more reliable, helping agents provide superior customer service. With that in mind, there are two key factors to consider when planning a contact center UC strategy: integration and channel usage.

 
Integrating Contact Center UC Systems with Other Parts of the Business

Some contact centers use service platforms that run separately from other key business systems, while others are directly integrated. Currently, separate platforms are the norm in call centers, since agents have communications needs that are far more complex than those of most other staff members. However, as cloud computing continues to penetrate deeper and deeper into prevailing enterprise models, integration considerations become increasingly necessary.

Think of the UC solution as a means of linking contact center communication platforms with the core capabilities used by the rest of the business. Larger-scale operations — particularly those that maintain multiple call centers across broad geographic areas — have more complex needs in this regard. In such cases, it’s even more important to ensure that contact center agents have all the tools they need at their fingertips, at all times.

 
Which Modes of Communication Are the Contact Center Agents Using?

In a typical customer service center, agents are simultaneously using multiple modes of communication to handle incoming requests. Though telephone services still remain at the core of the contemporary contact center, email, social media, and other Internet-based communication systems are becoming increasingly intertwined with CMS software.

Take stock of the channels agents are using, and make sure they are all integrated into the UC strategy. It’s also a good idea to speak to agents to see if there are any capabilities that don’t currently exist that would help them do a better job of serving customers going forward.

The advice and direction of an experienced and knowledgeable channel partner or telecom agent can be a big help to businesses of all sizes looking to leverage the power of UC to improve customer service. To learn more about the emerging range of dynamic customer service center solutions, please contact the experts at ROI Networks.

Healthcare Security Needs a Remedy

August Blog # 2 (1)Nearly every industry has seen a breach occur in the last decade, and healthcare is no exception. Sadly, the frequency of healthcare-related identity theft and fraud has increased exponentially in just the past few years. Security is a critical issue at this point — and one that does not yet have a clear solution.

 

Threats

The tricks used by cybercriminals to hack into retail and financial businesses are the same used to target healthcare companies. Theft of computer equipment, social engineering and phishing attempts to obtain login credentials, and virus and malware exposure are just a few of the ways that hackers gain access to healthcare data. Ransomware is the newest tool, where a piece of software shuts down access to the system or PC and demands a fee to unlock it again.

The methods may vary but the goal is the same: Obtain sensitive information that can be used for financial gain. Social security numbers and private health information are easily used in identity theft attempts to acquire loans, credit cards, or other assets in the name of the patient. The victims suffer severely from this crime, and it can take months or years to recover from the financial devastation.

Lack of Focus

Security has not been enough of a topic of discussion in healthcare to date. Well known organizations that recognize healthcare providers and facilities for excellence do not extend that to healthcare security companies at this time. Great importance is placed on stability and uptime rather than on locking down data and reducing risk exposure.

The Industry Problem

Managed service providers that specialize in security encounter major complexity when trying to extend their offerings to the healthcare realm. Many of the systems involved in healthcare are antiquated legacy systems that should have expired long ago, yet are still up and running due to the cost of updating the technology.

In addition, so many layers exist that securing every end point is a serious effort:

  • Payers – Insurance companies, Medicare, etc.
  • Providers – Doctors, hospitals, surgeons
  • Billing service providers – All healthcare services are billed to an individual or an insurance company/government entity for payment
  • Software – EHR systems, supply chain software, patient registration systems, and more
  • Personnel – Not all computer users are experienced or properly trained on how to handle security issues

While diagnosis and treatment tools have leapt light years in the past decade, the applications used for patient management have not followed this trend. Many practices are resistant to change, and as a result will use unsecured applications or fail to prevent less technical breach attempts.

Immediate Solutions

IT departments must work hard to educate ALL personnel about privacy laws and the methods that criminals use to gain intel. Employees should be granted only the minimum level of system access needed for their job responsibilities. Network access points must be secure. Typical best practices for remote access, encryption, and storage should be followed.

Healthcare security is a problem that is growing quickly, and treatment is desperately needed. For more discussion on securing patient data in smart, effective ways, contact ROI Networks today.

The Focus on Services in a Virtual Networking Environment

August Blog # 1 (1)The recent widespread transition to the DevOps mindset in organizations places heavy focus on producing applications and services quickly and efficiently. Networking in a virtual environment does not change this fact and emphasizes the importance of services. Following are a few key points to note about virtual networks.

Service Types

Services are typically broken into three segments:

  • Connection Services – Those that move traffic from endpoint to endpoint within the network
  • Hosting services on the network – Websites and cloud services
  • Services for endpoints – Those necessary pieces holding critical knowledge or function such as firewall protection, configuration standards, and network addressing information

A crucial consideration in virtual networking is the relationship among the three categories. All three types must work together seamlessly and understand where the others lie as well as the current condition of each. Services are heavily reliant on the protocols and devices of the network to function, which is sometimes complex to manage when changes must be made.

Benefits of a Virtual Network

Virtual networking comes with a long list of advantages, but possibly the most valuable is its nearly limitless scaling potential. As global markets expand and connect, this flexibility is a major asset to allow communication, collaboration, and efficient transmission of information. Networks can be both segregated and shared in extremely specific ways, keeping information secure while facilitating work.

Intelligent networks can be constructed using this virtual networking approach, and feature composition benefits from it. Network functions can be easily rearranged and upgraded as desired without the need to switch out any devices. All pieces are software-defined and are thus centrally managed, deployed, and linked together. The complexity of performing such intricate and specialized management functions in a cloud system becomes much simpler in a virtual network environment.

Internet of Things

As the IoT realm continues to grow, increased use of virtual networking will naturally occur. Network functions virtualization uses a grouping method for connection-point services to handle high-level areas such as navigation or commerce activities rather than requiring each device to query every point individually for information. Employing this approach, security can be applied on a global scale instead of application by application or device by device.

Virtual networks offer great flexibility, scalability, and high performance as well as complete specialization of the connected networks. As commerce spreads across the globe and the IoT expands further, this solution will become more valuable.To discuss virtual networks in greater depth, contact ROI Networks today.