Hackers in Healthcare: Strong in 2017

HackersEvery year brings a fresh new set of security threats and tactics by hackers, and 2017 promises to be no different. Experts in the industry predict that healthcare organizations will continue to be a preferred target for breaches, identity theft, and cyberspying attempts.

Evolution

As cybervillains and hackers develop new strategies and shift between infiltration methods, organizations must also evolve in their security planning. Analytical data can be used to show anomalies and trends that will predict an impending incident. Constantly adding new hack profiles and defenses as well as adopting the most current protection methods reduces the likelihood of a hack’s success.

Desirable Assets

The reason that the healthcare industry is so attractive to cybercriminals is the immense amount of private data that is housed by providers and insurance companies. Consider the information that must be filled out for a simple doctor visit due to a cold. From employment information to social security and credit card numbers, addresses, and insurance policy numbers, data can be easily used for identity theft or medical fraud and spell financial disaster to victims. This data is incredibly valuable on the black market and has proven itself to be easily attainable.

Size Doesn’t Matter

Healthcare organizations large or small may be the target of hackers. Smaller, less tech-savvy providers may fall prey more easily to phishing and malware. Larger businesses could be slow to update their protection software and miss an infiltration attempt. Vendors with lackadaisical practices could cause gaps where systems connect.

Different Aim

While insurers were a common target over the past couple of years, it’s likely that hospital network breaches will increasingly be the objective for thieves in 2017. Given the myriad of old systems and rapid pace of a busy hospital, chances are good that a criminal can stumble upon one vulnerable entry point.

Other Predictions to Note

Some successful hack methods will persist, such as the use of ransomware where company assets are held hostage until a fee is paid to release the records. Effective training programs and internet filters may help reduce exposure to these programs, but the level of expertise displayed by hackers makes it extremely difficult to avoid all attempts.

Healthcare organizations will begin to feel the aftereffects of previous breaches in the form of old passwords and login credentials being used to attempt access across the industry. Government regulations will evolve to penalize hospitals for noncompliant security practices.

The coming year will be a test of defenses across the healthcare industry. Technical resources must be observant, tactical, and prepared for whatever inventive methods hackers will employ. Multi-factor authentication, thorough vendor vetting, and constant evolution of security standards are imperative in this new world of dark web crime. For more information on protecting your company network, contact ROI Networks today.

Big Data and the Future of Healthcare

Big DataBig data has gradually become part of everyday life. From wearable devices and smart phones to vehicles and more, data is collected from just about everywhere and everything. The healthcare industry is slowly coming on board, beginning to use big data in a myriad of ways.

Fraud Prevention

One of the biggest problems in healthcare is fraud. Identity theft, misuse of benefits, and provider payment scams are rapidly increasing, which results in billions of dollars in losses each year. Programs such as Medicare are often the target of such crimes and have taken action by investing in computer systems designed to reduce this hemorrhage of funds. Analytics derived from big data are instrumental in these efforts, able to detect savvy criminals and collusion between patients and providers.

Predicting the Future

Predictive analytics uses big data to foresee the health issues of patients. Information acquired from social media, business networking sites, medical provider visits, family health history, and more are gathered and analyzed. Intricate algorithms assess this data and signal the physician that a medical issue could be oncoming. This advanced notice allows earlier treatment and a much more positive outcome for the patient. In addition, this could help reduce the cost of healthcare by treating patients before they develop a chronic, expensive condition or emergency.

Privacy Concerns

The internet holds a wealth of information that is both public and private. When using predictive analytics to forecast healthcare needs, it is easy to see how privacy is compromised. Private information must be shared with insurers and healthcare providers to truly reap the benefits of the technology. Eventually it may be necessary to create specific privacy laws to help protect patients in this new world.

Other Notes

These programs are still in their infancy, so it’s difficult to know if big data and predictive analytics will ever affect the price of life and health insurance coverage. Current social programs spread expensive claims over a large group of insured patients to attempt to cap premiums. As the political arena changes these programs may as well, making future insurance and healthcare costs difficult to predict.

Big data in healthcare is just beginning to show its power. As technology advances, it’s very likely that this information will be used to save patients and money across the industry. For more information about the future of healthcare IT, contact ROI Networks.

The CMIO: A Profile of Security Leadership in the Healthcare Industry

december-blog-1For organizations working in the healthcare industry, security is — or should be — at or near the top of the priority list. Cyber criminals frequently target healthcare organizations because they have access to a great deal of highly valuable personal information. Public and private sector organizations that fail to implement safeguards are at risk of security breaches, and that, in turn, can lead to potentially irreversible losses in client confidence.

Thus, the role of the Chief Medical Information Officer (CMIO) has taken on added urgency in recent years, as the healthcare industry has made rapid moves towards connected technologies. The role of the CMIO is not well-understood by many lay people. For telecom agents, it’s worth taking the time to understand this role and the responsibility that comes with it in order to build packaged solutions that speak directly to the needs of healthcare organization leaders.

Healthcare Information Security: What a CMIO Does
In most organizations, the CMIO is a licensed physician with specialized training or practical experience in information management and/or technology. His or her core duties typically include:

  • Designing and choosing software technologies used by the organization
  • Ensuring organizational IT systems meet established standards
  • Analyzing and managing health data collected from patients or clients
  • Maintaining quality control standards
  • Improving operations through the judicious management and deployment of data
  • Conducting research using available data and analytics tools
  • Reporting to executives and taking a leadership role in strategic development
  • Training senior staff members in the proper use of IT resources, especially with regard to electronic health and medical records (EHRs/EMRs)

It is important to note that security is not typically part of the CMIO’s list of responsibilities. In some organizations, this can create gaps, as cyber security initiatives are left until the end of the business development cycle rather than being addressed at the outset.

Healthcare Information Security: How the CMIO Role Is Evolving
For a long time, it was standard practice for CMIOs to report to either the Chief Marketing Officer (CMO) or directly to the Chief Executive Officer (CEO). However, a growing number of healthcare organizations are electing to have their CMIOs liaise with their Chief Information Officer (CIO). This reflects the changing nature of the CMIO’s responsibilities, as digital technology is playing an increasing role in healthcare data collection and applications.

As mentioned, security normally does not fall under the CMIO’s portfolio of responsibilities. However, the CMIO is increasingly being expected to partner with the healthcare Chief Information Security Officer (CISO) to build the most effective and robust safeguards possible.

The telecom professionals at ROI Networks offer advanced security solutions for the healthcare industry. To learn more about how ROI Networks can help both public and private sector organizations in the healthcare field improve their cyber security, contact a client services representative today.

The Ongoing Security Crisis in Healthcare

SecurityThe list of healthcare companies that have experienced a breach is growing at an alarming rate, with more continuing to be discovered. Despite the spotlight finally beginning to shine on healthcare security, news stories every week seem to report yet another incident. Here’s a look into why these breaches continue to occur, and what might be done to stop them.

Common Problems

A frequent cause of a breach or data theft is simple error. A patient file is accidentally left out in a public area, a worker steps away from an unsecured computer with patient data left on the screen, or a company laptop in plain sight is stolen from a worker’s vehicle. Applications may not be password protected, or the passwords used by doctors or admin assistants may fail complexity rules and be easily guessed for unbridled access to sensitive data.

Other points of vulnerability are vendor connections to the systems that house healthcare data. In both big box retail and healthcare, breaches have occurred when vendors are linked in but fail to properly protect their own systems or that connectivity.

Other causes are more complex or political. For example, healthcare workers are charged with filling out extensive amounts of paperwork for each patient interaction and test. While the intention is to provide better patient care through communication of all possible details, the result is overburdened nurses who are outnumbered by patients and forms.

Lastly, archaic software systems or components are not up to today’s security standards. Many hospitals do not use modern software due to the expense and effort of implementing changes to systems. This can leave doors open to cybercriminals seeking payment and identity data easily found in patient records.

Solutions

Unfortunately, many workers in the healthcare industry place the entire burden of security on their IT departments. While IT is responsible for ensuring that best practices for application and data protection are implemented, overall security is not a task that can be performed without support from all levels of the company. There must be a partnership between IT and the rest of the organization.

Here are a few easy ways to improve security in healthcare:

  • Security training – Basic principles for physical and technological protection should be covered in annual and new-hire training sessions. Topics should include password strength, ways to easily secure a system or device, and avoiding common hacking or phishing methods.
  • Streamlining processes – So much paperwork is required in patient care. Providing easy, intuitive methods of completing these responsibilities can cut down the time required. Analytics can then be produced from the data collected to further identify how processes for both administration and care may be improved.
  • Control risk – Fully assess vendors who will be connecting to systems, prohibit or limit non-company devices from storing or accessing patient data, and educate the workers who access the systems.

Medical data is incredibly valuable. From the records held by providers, a thief can potentially gain access to credit card information and extensive personal records that facilitate identity theft. Healthcare organizations must do more to protect patients from this growing area of crime. To continue the discussion on healthcare security, contact ROI Networks.

How the Ransomware Crisis Is Impacting Healthcare Data Security

August Blog # 4 (1)A recent string of high-profile cyberattacks is renewing fears of the increasingly coordinated and sophisticated attacks that can be used against healthcare organizations. According to a recent report from IBM’s worldwide security services operations, the healthcare industry broke back into the top five of the most frequently targeted industries in 2015.

A growing number of these attacks have come in the form of ransomware, where malware programs are unknowingly introduced through e-mails and e-mail attachments are used to hold critical data systems hostage.

Businesses Under Siege

Clinical information systems at hospitals, clinics, and treatment centers handle a wealth of personal and confidential data found in electronic health records (EHR), including Social Security numbers, credit card data, and medical history — making them prime targets for a variety of cyberattacks, including ransomware attacks.

One hospital had its clinical information systems shut down for over a week due to a ransomware attack. The cybercriminals behind it held these systems hostage for $3.6 million before settling on $17,000 paid in Bitcoins and restoring access to the hospital’s data. Another health system had its clinical information system shut down due to a virus-based hacking attack, complete with a digital ransom note. It took weeks for officials to restore access to its data.

New Threats, But Little Preparation

The drastic surge in cyber security threats has left healthcare IT leaders throughout the U.S. struggling to keep pace. Unfortunately, the healthcare industry has seemed ill-prepared to combat ransomware and other cyber security threats. Current challenges facing patient care organizations and the healthcare industry in general include:

  • Little to no awareness of the magnitude and intensity of the ransomware problem in U.S. healthcare
  • Minimal investment in data security when compared to other industries
  • Little to no data security strategic planning and an inability to execute strategic plans
  • Insufficient training, expertise, and preparedness among those tasked with data security
  • Insufficient staffing within information security departments
  • Reluctance among C-level executives and boards of directors to directly address ransomware and other cyber security threats

What Can Be Done

In an effort to protect themselves against cyberattacks, a growing number of patient care organizations in the U.S. are hiring chief information security officers (CISOs) to lead anti-cyberattack efforts. However, the effectiveness of the CISO relies on sufficient funding, support personnel, and support at the C-suite and board levels. A lack of buy-in and support from C-level executives and board members can stymie efforts to develop an effective force against ransomware and other cyberattacks.

In addition to guaranteeing funding, staffing, and top-level support, healthcare IT leaders should focus on developing a comprehensive strategic cyber security plan. Such plans should include common-sense security measures, including:

  • Daily backup of core information systems
  • Use of security operations centers (SOCs) and other external services
  • Implementation of role-based access systems
  • Enterprise-wide training of all IS end-users on a regular basis

These efforts to implement a successful data security/cyber security apparatus can help the healthcare sector overcome its vulnerability to ransomware and other malicious attacks.

If your company is dealing with its own cybersecurity issues, ROI Networks can help it move in the right direction. Contact us today for a no-obligation security session.

Healthcare Security Needs a Remedy

August Blog # 2 (1)Nearly every industry has seen a breach occur in the last decade, and healthcare is no exception. Sadly, the frequency of healthcare-related identity theft and fraud has increased exponentially in just the past few years. Security is a critical issue at this point — and one that does not yet have a clear solution.

 

Threats

The tricks used by cybercriminals to hack into retail and financial businesses are the same used to target healthcare companies. Theft of computer equipment, social engineering and phishing attempts to obtain login credentials, and virus and malware exposure are just a few of the ways that hackers gain access to healthcare data. Ransomware is the newest tool, where a piece of software shuts down access to the system or PC and demands a fee to unlock it again.

The methods may vary but the goal is the same: Obtain sensitive information that can be used for financial gain. Social security numbers and private health information are easily used in identity theft attempts to acquire loans, credit cards, or other assets in the name of the patient. The victims suffer severely from this crime, and it can take months or years to recover from the financial devastation.

Lack of Focus

Security has not been enough of a topic of discussion in healthcare to date. Well known organizations that recognize healthcare providers and facilities for excellence do not extend that to healthcare security companies at this time. Great importance is placed on stability and uptime rather than on locking down data and reducing risk exposure.

The Industry Problem

Managed service providers that specialize in security encounter major complexity when trying to extend their offerings to the healthcare realm. Many of the systems involved in healthcare are antiquated legacy systems that should have expired long ago, yet are still up and running due to the cost of updating the technology.

In addition, so many layers exist that securing every end point is a serious effort:

  • Payers – Insurance companies, Medicare, etc.
  • Providers – Doctors, hospitals, surgeons
  • Billing service providers – All healthcare services are billed to an individual or an insurance company/government entity for payment
  • Software – EHR systems, supply chain software, patient registration systems, and more
  • Personnel – Not all computer users are experienced or properly trained on how to handle security issues

While diagnosis and treatment tools have leapt light years in the past decade, the applications used for patient management have not followed this trend. Many practices are resistant to change, and as a result will use unsecured applications or fail to prevent less technical breach attempts.

Immediate Solutions

IT departments must work hard to educate ALL personnel about privacy laws and the methods that criminals use to gain intel. Employees should be granted only the minimum level of system access needed for their job responsibilities. Network access points must be secure. Typical best practices for remote access, encryption, and storage should be followed.

Healthcare security is a problem that is growing quickly, and treatment is desperately needed. For more discussion on securing patient data in smart, effective ways, contact ROI Networks today.

Why the Partnership Between Healthcare and UCaaS Is Revolutionizing the Industry

shutterstock_207428872smUnified Communications as a Service (UCaaS) is transforming networks into highly functioning, collaborative, cost-saving machines. One of the many industries in which a UCaaS arrangement is extraordinarily effective is healthcare. The need for wellness and medical service is a permanent and growing condition around the world, presenting a nearly unlimited market for potential users of UCaaS. Here’s how this impressive tool is reshaping healthcare.

Improving Collaboration

In nearly all organizations, communication is a sore point among teams. In healthcare, failing to communicate effectively can be a life or death matter. Using UC allows medical professionals to provide a complete patient picture and necessary information in one place. The entire team will better connect with each other and brainstorm on complex cases as if everyone was in the same room. Conveying messages is easy, and the information will get to the intended audience much more promptly.

Feature-Rich System Structure

Healthcare teams need to be able to contact one another in a variety of ways. Text, video conferencing, call forwarding, and business continuity are all critically important in ensuring prompt accessibility to doctors and nurses. With UCaaS, important team members will never miss a crucial call again, and patients will be protected against weather or local catastrophes that may cause power outages and lead to communications failure.

Better Patient Care

Consider how long it takes to transfer vital patient records the old way (by courier or mail). Today’s healthcare teams want immediate access to all of a patient’s history so that proper, patient-specific care can be administered. UCaaS allows easy electronic engagement with a patient’s records, even across different hospital systems or physician practices. In addition, specialists can be accessed via video to obtain recommendations for treatment or other valuable expertise. The information is able to reach the care team’s mobile devices quickly so they can analyze the details on the move.

Saving Money

A fast-rising trend in today’s business world is to use services like security, software, data management, and analytics in the cloud for accessibility and reduced expense. UC is no exception to this trend as it can easily replace costly and bulky on-premise solutions. The burden of hardware acquisition and maintenance is handled by the vendor. Valuable features can be enjoyed for very little added cost while providing time-saving and productivity-enhancing benefits. Ultimately overhead is decreased and patient care becomes less expensive. This is a gain for both healthcare providers and the patients they serve.

UCaaS has found a strong market in the corporate sector due to its usefulness and high return on investment. The healthcare industry is a natural extension of this technology’s applicability as it saves money, boosts team cohesion and collaboration, and, consequently, improves patient care. This cutting edge tool provides considerable financial benefits and helps save lives.

Cloud Storage Comes to Healthcare

shutterstock_120227836Over the last several years, the need for data storage has increased exponentially, and it’s not likely to slow down any time soon. Whether due to requirements generated by regulations like HIPAA, or to any of a whole host of new healthcare technologies, healthcare IT is being required to keep up with an ever-increasing requirement for data.

 

Fortunately for those healthcare IT organizations, cloud storage systems have evolved to the point where they can provide enterprise-level capacity, redundancy, and availability, giving IT groups the ability to rapidly scale to meet the pace of expansion required by modern healthcare enterprises.

Healthcare organizations have begun to realize this as well, and cloud technologies continue to increase within the healthcare field. In fact, according to an HIMSS Analytics’ recent survey, SAAS adoption within the healthcare industry have topped 83%, with over 60% allocated to SAAS applications. And, as adoption rates increase, enterprise-level cloud platforms, such as cloud storage, are increasingly being adopted as well.

And for those organizations that make the move to cloud-based storage systems, there are a number of benefits, such as:

Mobility – Unlike traditional storage systems that are tied to a single geographic location, cloud storage systems are more accessible from different locations, so that users and application in diverse locations can all access the same data.

Easier Replication – Traditional storage requires two sets of more or less identical hardware, located close together, and the replication process was fairly complex. With cloud storage systems, data replication is made much easier, with much of the heavy lifting performed by the provider.

Big Data Analytics – Healthcare IT is moving into the field of big data and bioinformatics in a big way, all of which generates the need for storage platforms that are highly scalable and flexible. Cloud-based storage systems fit the bill on both counts.

Security – Cloud storage removes much of the security requirements from your team, and moves that requirement to the cloud provider. And most provider of cloud-based storage have excellent security measures in place, well in advance of most providers.

Health Information Exchange (HIE) Data Support – As more healthcare systems create and participate in health information exchanges, a common cloud-based storage platform can for a critical component to the support of those systems.

Electronic Medical Records (EMR) Storage Support – Perhaps the most fundamental benefit of cloud-based storage systems is the ability to store electronic medical records, and make those records available to different clinics and application in different geographical areas. And while HIPAA is a concern here, the reality is that many cloud-based storage providers understand HIPAA now, and have HIPAA-compliant solutions to meet this set of requirements.

Physician Collaboration Solutions (PCS) Support – Physician collaboration solutions often require access to a common data repository. Cloud-based storage provides a perfect platform for those repositories.

Cloud-based storage technologies continue to evolve and expand in their capabilities – which is a good thing, because the needs of healthcare IT continue to expand as well. But the benefit of this is that, as both continue to become more powerful, it can only result in newer applications in the field of healthcare, which in turns means better healthcare for everyone.