by Felicien | Aug 28, 2018 | Education
A recent study conducted by The Harris Poll on behalf of Scout, a healthcare marketing firm, uncovered some interesting statistics about healthcare data security and public perception. It determined that out of 2,000 US adults, about half are extremely or very concerned about the security of their healthcare data.
Another study, conducted by Protenus Breach Barometer, found that in the second quarter of 2018, from April to June, more than 3.15 million patient records were compromised across a total of 142 healthcare data breaches. The report reinforces the need for strong security measures in the healthcare system, concluding that healthcare organizations must maintain vigilance and be constantly on the lookout for best practices in healthcare privacy.
Examining The Data
Protenus Breach Barometer joined forces with Databreaches.com to gather data from a number of sources, including press reports, HHS, and nonpublic data from Protenus’ AI platform. According to incidents reported to the HHS or by the media, 31% of these breaches were executed by insiders.
According to the report published by Protenus, it’s believed that an individual healthcare employee who has breached patient privacy once is more than 30 percent more likely to repeat the offense within a three-month time frame. The chances that the employee will do so again within one year rises to more than 66%. Therefore, a delay in identifying and reporting these offenses is further putting institutions at risk.
The company estimated that out of 1,000 healthcare employees, more than nine are responsible for breaching patient privacy — an estimate up from five employees in the previous quarter.
One of the most common insider-related data breaches was family snooping, which accounted for a whopping 71% of the reported privacy violations. This number is down from 77 during Q1 of 2018.
According to the report, it can take organizations, on average, 204 days to identify a breach once it has occurred. Out of 61 incidents in which data was disclosed, the average time between when a data breach is identified, to the time it is reported to HHS or other sources, is 71 days. According to HHS requirements, a healthcare organization must report a breach involving 500 or more individuals no later than 60 days of discovery of the breach. Coincidentally, the largest gaps between the occurrence of the breach and discovery were reported with insider-related cases.
Out of the 143 healthcare data breaches disclosed, healthcare providers reported 99 of them, whereas 15 of them were disclosed by an insurance company or health plan. Business associates and third-party vendors were responsible for disclosing 18 of the cases, and ten were reported by other organizations.
It’s well known that healthcare security teams are lacking in manpower. It was reported that in hospital teams responsible for identifying insider threats, one investigator may be responsible for monitoring nearly 4,000 employees on average. This individual is responsible for 2.5 hospitals and handles a median of 25 cases.
With cyber threats on the rise within the industry, it’s vital that healthcare organizations do more to more to protect patient data. Thirty-eight states were included in the report’s 142 disclosed health data breaches. Out of these, California was responsible for the largest number of data breaches, with 20 incidents. Texas reported 13 incidents, ranking it the second highest.
The Rise Of Healthcare Hacking
Cyber threats are common in the digital world, but the stakes are particularly high in healthcare systems. According to the report, healthcare hacking accounted for 52 data breaches in Q2, which is a figure up from 30 during Q1.
Forty-four of these hacking incidents affected 2,065,813 patient records, with seven of them involving malware or ransomware. Ten hacking incidents mentioned a phishing attack.
In addition to phishing, malware, and ransomware, 23 incidents of those reported were related to theft. More than 600,000 patient records were compromised, with data disclosed for 19 of the 23 incidents.
Healthcare Hacking Prevention Tactics
There are some actions healthcare organizations can take to ensure they are keeping up with best practices in patient record security. The most important action to take is to perform an organization-wide risk analysis that covers all devices that contain ePHI or systems and devices that may be used to access PHI. Once this is performed, organizations can put into action a risk management plan that addresses and reduces all identified vulnerabilities.
It’s also important for healthcare organizations to keep up-to-date with the latest in equipment and regulations. All software systems should be maintained properly, with encryptions and backups implemented accordingly to protect patient information to the fullest extent. According to HIPAA, a good strategy for patient information backup is the 3-2-1 approach, which calls for at least three copies of data, across two different media, with one of these copies stored securely off-site.
Healthcare organizations may also do well to consider teaming up with threat intelligence organizations to keep privy about newly discovered threats and vulnerabilities. All of these steps combined can form a strong line of defense against healthcare hacking.
by Felicien | Aug 28, 2018 | Education
What Is Snapchat And What Business Uses Does It Have?
Snapchat is a form of now commonly used social media more recent than Facebook, Myspace, or Twitter. It’s unique in that it allows users to create pictures or messages that are only available for a short period of time before they become inaccessible to viewers. This is considered a convenient self-cleaning of media in addition to its other features. Just like Facebook timelines and Twitter feeds, users are allowed to create original “Stories” as 24-hour feeds of content presented chronologically through the app.
A “Discover” feature allows businesses to have an interactive exploration of their products or services. The app was developed for mobile technology and continues to evolve with the emphasis on virtual ‘stickers’ and affected ‘reality objects.’ Although not all features are unique to the software, business uses of Snapchat can include some pretty attractive features:
Frequently updated postings
Promotion through marketing channels
Creating sponsoring lenses
Allowing people to explore content through interactive features
Integrated content created by users
Promotion of products or services through discounts and promotion code marketing
Promoting new products
One of the best features that users love is that SnapChat allows celebrities and other people of interest to directly access the app. This means you might be able to view Jennifer Garner’s favorite places to eat or check out LeBron James on vacation in Italy.
Many of today’s top organizations are now successfully using the Snapchat app, including:
Taco Bell
Disney
Gatorade
Starbucks
McDonald’s
AT&T
Many others
As with other widespread social media programs, Snapchat can be used in traditional business practices including the social media marketing mix, brand strengthening processes, community engagement, and brand awareness.
According to The Social Media Examiner, over 100 million people use the app every day, responsible for up to 400 million snaps each day, and while 71% of the estimated billion viewers are between the ages of 18 to 34, it is considered one of the fastest growing networks. Access to live events can be provided through streaming, and the NBA is an example of a major organization that has been taking advantage of this.
Private content can be delivered through the software, and contests and other perks can be added to the organization’s storyline. Internal developments can be shown through the service while users can partner with influencers. People can also effectively “follow” organizations analogous to post subscriptions available on Twitter or Facebook.
What Are The Security Risks And Why Should I Be Concerned?
Snapchat’s features can be more convenient for some users, but it has security risks that may also be unique and therefore uniquely be concerning to users. The software, in short, may not be as private as it may seem. The creative nature of the app means that much of the user provided content is not covered by the same privacy and protection offered through other social media services like Facebook and Twitter.
The “snaps” that are made and posted can be potentially retrieved with software tools, and both forensic analysts and hackers alike have some potential to exploit this. According to the Telegraph, it is possible for hackers to intercept Snaps in transmission processes despite levels of encryption. This is due to the potential for decryption through a form of reverse engineering possible through the Android application package file.
This does not mean that Snapchat is less secure than services such as iMessage, but it is likely less secure than many people assume. Another potential issue is the possibility that a business will not have access to records if claims are made regarding the nature of posts that have automatically deleted. This could result in dually unfounded claims in court that can cost the organization funding and negative publicity if nothing else.
As explained in depth by The Hacker News, the source code of the program itself has also been hacked and posted online after a cyber thief was able to obtain it. The posting made the confidential information of the organization vulnerable to other people who could misuse it. In addition, a number of apps now exist that can capture your Snaps without alerting you. One popular site like this called “SnapSave” was breached in 2014 and 200,000 Snaps were leaked publically.
What Additional Security Concerns Should I Have If Using SnapChat?
In general, businesses who plan to use SnapChat should take some precautions to avoid being exploited. These are discussed below:
Enable login verification (2FA).
Educate users at your workplace who will be in charge of SnapChat with information about security breaches and such.
Manually restrict and control access.
Ignore random requests.
Make sure that only those connected with your account are able to connect with it.
Limit who can see your stories.
Transfer private snaps saved in memories to the ‘my eyes only’ section for added privacy.
Never publically share your Snapcode or username.
Conclusion
SnapChat can be a powerful business tool that lets your company connect directly with your consumers, fans, and other interested parties. However, by following a few security protocols you can protect your account against hackers and other intruders. As with all your IT technology, hackers are always on the look-out for weak perimeters that will allow them to come in and steal from you.
by Felicien | Aug 28, 2018 | Education
Is Windows 10 Enterprise Right For Your Business?
With the threats of cyber-attack at an all-time high, there’s no better time to reexamine your company’s operating system to see whether or not it offers the level of protection you, your company, and your clients deserve.
Windows 10 Enterprise ranks high among today’s most popular operating systems for large companies and it’s worth the expense. This operating system is beneficial to large businesses for a variety of reasons.
It features intelligent security, simplified updates, flexible management, and enhanced productivity. There are a number of other solid benefits to using Windows 10 Enterprise.
One of the main things that users notice about this operating system is that it makes up for what was lacking in Windows 8. The developers added many of the same familiar features that made Windows 7 so popular.
But Windows 10 Enterprise has much better security and an optimized interface for greater mobility within the workplace. All of this combined makes a strong case for why large organizations ought to consider Windows 10. It can breathe new life into your workflow and enable stronger productivity.
Enhanced Security
In terms of security, Windows 10 Enterprise is a viable option for businesses of all sizes, but particularly useful for large businesses. Windows 10 Enterprise’s Advanced Threat Protection, or ATP, has proven well worth its weight for peace of mind. In fact, the operating system was virtually unaffected during WannaCry, the largest global ransomware attack to date.
Its solid performance under this type of intrusion is a testament to its capabilities to keep businesses protected. For this reason, large businesses with much at stake would do well to examine Windows 10 as an option, especially if they’ve been impacted by large-scale global attacks like WannaCry in the past.
Device Guard, Windows Hello, and Microsoft Passport are just a few added security features to help users maintain privacy.
Device Guard
Device Guard isn’t just one feature, rather a set of three features that work cohesively to protect your system and eliminate any untrusted code from infiltrating a Windows 10 system.
These features include Configurable Code Integrity (CCI), VSM Protected Code Integrity, and Platform and UEFI Secure Boot.
CCI is responsible for ensuring that only trusted code runs from the bootloader onward, while VSM moves KMCI and HVCI into VSM to protect them from attack. Finally, the last feature, Platform, and UEFI Secure Boot work to ensure that boot binaries and UEFI firmware are accounted for and haven’t been compromised.
Windows Hello For Business
Strong two-factor authentication is vital for robust IT security. Windows Hello for Business ensures a tough line of defense on PCs and mobile devices by going one step further. This new type of authentication boasts a unique type of user credentials associated with a device. It utilizes a biometric or PIN feature for better security, and even allows users to authenticate to an Active Directory or Azure Active Directory account.
Flexible Management
An improved interface is another big benefit of Windows 10. The ability to switch back and forth between different virtual desktops has been something Mac users have enjoyed for years now, and with Windows 10, the feature is now a reality for Microsoft users too. What’s more, the feature is simple to use, requiring just a tap of the task-switching icon.
In addition to enhanced security, Windows 10 Enterprise brings improved compatibility by way of the Microsoft Edge browser. From improved battery usage to new capabilities like reading mood and webpage markup, Edge is intended to make browsing easier and more efficient than before.
Windows 10 Enterprise also offers simplified updates with unique tools that help streamline deployment. IT employees wear many hats, and there isn’t always enough time in the workday to dedicate to repetitive tasks. Windows Autopilot allows for easy, seamless setup and deployment, meaning you can take a new device out of the box and have it fully configured and managed from the cloud, all with minimal effort from the IT department.
Insight into your organization’s IT health and overall efficiency is imperative for sustained growth. With Windows 10, IT managers can ensure employee compliance, a more effective user experience, and smooth upgrades.
Elevated Productivity
Windows 10 offers a world of opportunity for software for tasks both large and small. There is a whole selection of apps that can be full-screen or windowed. The new range of apps includes more powerful media and productivity apps, new photos, music, videos, mail, maps, and calendars.
If your business thrives on creativity, you’ll find a good range of new tools to take advantage of, including Windows Ink, 3D in Windows 10, and OneNote. OneNote offers a single place for notes and ideas, while 3D in Windows 10 allows users to add a new dimension and elevate their design work.
And in a further effort for simplicity and familiarity, Windows 10 apps are designed to sync across a variety of iOS and Android devices for easy navigating between phone and PC. Furthermore, Nearby Sharing in Microsoft Edge, OneNote, File Explorer and other apps enable users to quickly and easily transmit files and web pages to nearby PC users with the click of a button.
Wrap Up
Overall, it has become clear that Windows 10 and Windows 10 Enterprise carry a wide range of benefits for large businesses. If you feel that your organization could use some improvement in the areas of productivity, IT security, and a better user experience, then a switch to Microsoft 10 may be long overdue.
by Felicien | Aug 28, 2018 | Education
Australia’s Northern Territory – 1.35 million square kilometers with a population of an estimated 250,000, is not one of the first places you think of when one thinks of installing a state-of-the-art Electronic Health Record (EHR) system. Nonetheless, the Northern Territory is at the halfway mark to having innovative inpatient and outpatient functions for its six hospitals, 54 health centers, and numerous other health facilities. The system goal is “one patient, one record” with data shared by all providers.
As always, one of the goals of the EHR implementation is improved quality of care and improved outcomes. The Northern Territory has four times the rate of avoidable hospitalization, compared to the rest of Australia. The average age at death is 67.6, which is 14.4 years short of the national average of 82 years old. The territory has the highest rate of renal failure in the world, making dialysis services a necessity. Diabetes is widespread. 60% of males and 50% of females are smokers. 25.5% of the population is aboriginal, the highest population proportion of any Australian state or territory.
The aboriginal population has a higher incidence of several serious diseases, including diabetes, mental health problems, respiratory disease, cardiovascular disease, and chronic kidney disease. It also has diseases that are virtually unknown outside its members: trachoma (an eye infection) and bacterial heart disease, to name a few.
The Pros and Cons of a New EHR System
The current system is described as “…held together with sticky tape” and has a history of failed efforts at replacement, as do many large health IT projects. This time, however, things appear to be on track for a successful conclusion. The project, which has five years to go to completion is on budget. This in itself is a miracle.
Any medical personnel who have been involved in an EHR implementation will tell you that growing pains are inevitable. Training, no matter how thorough, will not communicate every nuance of the system. There will be periods where a doctor tries three times to save the record of a patient visit, only to have to call a nurse to come in and show him how to do it – again. There will be downtimes that are an utter mystery to the support staff. The supposedly impossible will happen and the mainframe component will require yet another initial program load. The physicians will curse their interface as “the worst video game ever invented.”
The real benefits will become apparent only after the shakedown cruise. The system will feed data into Australia’s universal “My Health Record,” which allows patients to see much of what their providers see. Research has indicated that giving patients access to lab values and test reports can increase health awareness and prompt more meaningful conversations with providers.
Why Australia Is Creating a Better Healthcare System
Australia was among the first nations to recognize the power of a fully national electronic health record. The Health Connect program, which ran from 2005-2009, set the parameters for the successful My Health Record program and, as was expected, revealed a number of pitfalls in trying to link disparate systems.
Australia has mastered lessons the US is still struggling to learn in the areas of consistency of nomenclature and interoperability. One of the most significant lessons learned is that such a national health system does not work unless the vast majority of the population agrees to have their records made available and included in the database. For that reason, Australia is switching from an opt-in system to an opt-out system in 2018. Everyone’s data will be included unless they explicitly forbid it.
Huge Financial Savings
In 2009, it was estimated that the full implementation of My Health Record could save at least $300 million per year in reduced errors. Having one consistent record alone –“one version of the truth,” as it has been called – accounts for the bulk of that. Few are the providers who have not faced two different versions of a diagnosis, a prescription, or a lab result from the same patient and wondered which one represents reality. Having a single record prevents that. When errors do slip past the data consolidation phase, at least they are usually more obvious than they are in paper records.
Wrap Up
Australia’s national health record program, in the Health Connect period, was aimed at providing a critical subset of data. As it evolved into the My Health Record phase, it has moved towards the inclusion of virtually all data. Because of the emphasis on a national system from the beginning, it has encountered fewer road blocks than have similar efforts in the United States. Australia was also able to learn from the British experience with its National Health Service. Having a single national health plan, of course, removed many of the roadblocks that the United States has encountered.
by Felicien | Aug 27, 2018 | Education
Whether it’s physical, virtual, or in the cloud, discovering and blocking sophisticated threats in the network is at the forefront of every company’s mind. However, businesses are finding that more and more data violations are taking place when network security centers on the edge of the network are not giving equal protection to the network itself.
Security at the perimeter of the network has received most of the attention from data protection companies. What many internet service providers and businesses have neglected is protecting what lies within the network. Once attackers get into the network, they normally have free reign to steal valuable data and go undetected. What can your company do to solidify your network and protect you from hackers on the inside?
5 Ways to Prevent Privacy Violations
Prevent Data Theft with Patches
If a company’s IT department is inattentive when it comes to the application of patches, security vulnerabilities and other bugs can easily creep into a network. A patch is simply a set of changes to a computer program and its data that are created to update or fix a liability or get rid of a virus threat. Rapidly growing networks today are comprised of a wide range of networks, including the IoT and the cloud. Keeping track of the equipment inventory and the maintenance of this vast network can be a daily trial. For a company to protect its technology, applying patches is no longer an option but a necessity.
Protecting a Network with NIDS
With cloud computing as a way of life, cloud computing security is a mandatory requirement.
Network-based Intrusion Detection System (NIDS) is one of the solutions for enhancing the security aspect of cloud computing services. NIDS discovers and monitors attacks within the network. NIDS is a signature-based technique with an identification data packet throughout the network.
For the majority of companies, privacy violations are caused by attacks that have been detected for a while. Because these vulnerabilities are well-known and have already been patched, attacks can be identified through security holes in the signature. Incorporating signature-based discovery tools, businesses can seek out a breach and put a stop to it quickly.
Using Behavior-Based Analysis
Zero-day attacks to a network occur within a time frame, known as the vulnerability window. They are vulnerabilities that have not yet patched the software containing the weakness. Hackers can engineer malware that exploits compromised systems and steals valuable data. New high-level attacks are operating various techniques to evade protective measures and attack the network connections without even being noticed.
Behavior-based computer security tools can be designed to discover false or unanticipated traffic. They can destroy zero-day malware variants with what is called detonation chambers or sandboxing and link the data to defend against smart attacks. Behavior-based computer security tools allow data and applications to be scanned for malware across the network and thoroughly inspected. They look for patterns and then constantly monitor the traffic to determine the intent, preempting an attack before it starts.
Installing Web Application Firewalls
Although many attacks are caused by phishing emails or known, unpatched vulnerabilities, web-based attacks are becoming more the norm. Software that probes and calculates information directly in the data center is commonly targeted.
A web application firewall (WAF) is a filter that is designed to go before you and sift through incoming traffic detecting potential threats and malicious activity. It is one of the most common means of protecting against attacks at the application layer.
In a June 2017 survey of the top 1 million websites, Mozilla reported that an unbelievable 93.45% earned an F score at implementing basic measures to protect them from common attack methods. Companies that fail to accept and adopt application security methods are opening themselves up for constant threats and attacks.
Incorporating Network Segmentation
The modern network needs to be able to handle access through varying devices and an assortment of application and data flows. Businesses can markedly improve their network safety by installing Internal Segmentation Firewalls (ISFW). Network segmentation works by splitting a computer network into subnetworks. If the defense perimeter is breached, an access point penetrated, or if there is an attack from inside the network, ISFW prevents the spread of such threats. ISFWs can be used to protect specific servers that hold a company’s most valuable information and can also protect devices from users and web apps in the cloud.
Conclusion
Managing cyber-risk is a multi-faceted company-wide endeavor that requires implementation from the top level down. The quicker you are able to respond to a threat, the greater the chance you have of being able to stop the potential damage. However, with the implementation of these new tools and strategies, you can protect your company records from hackers. It does take a proactive approach and a watchful eye.
