by Felicien | Dec 23, 2018 | Education
Most of the time, a five-day vacation is something to look forward to, but if that vacation is unplanned and filled with anxiety over when you can get back to work, it’s probably not much of a holiday. It becomes a burden; financially, emotionally and even physically on everyone involved.
This is what it feels like when ransomware attacks a practice. Get ready to cancel all of your appointments, damage patient trust and pay HIPAA fines on top of it all.
And no, ransomware isn’t exclusive to big hospital systems. Small to medium medical and dental practices are prime victims because the hackers know that many such practices are more vulnerable to these attacks.
Here’s what you need to know.
What Is Ransomware?
Ransomware is a particular type of malware that encrypts all of your patient files so that you can’t access them. The hacker then demands a ransom in exchange for unlocking the data. In some cases, the hackers keep up their side of the deal. In other cases, they take the money and then sell your patients’ information on the black market, turning this into a compliance and regulatory nightmare. As more medical practices have worked to increase security over the past several years to comply with compliance standards like HIPAA in the US or PIPEDA in Canada, dental practices become even more of a target.
According to Sylvia Burwell, secretary, U.S. Department of Health and Human Services, “Cybersecurity is one of the most important challenges we face as a nation…Unlike many cyber threats, ransomware is immediately disruptive to day-to-day business functions and, therefore, your ability to provide high-quality health care.”
According to the Office of Civil Rights (OCR), which is the federal department that enforces HIPAA compliance, around 4000 attacks happen each day. Having proven lucrative for the thieves, these attacks are on the rise.
How Does Ransomware Happen?
Hackers have many virtual windows they can climb in through to access your files. Some common methods used are very inconspicuous yet effective like:
Sneaking malware to a 3rd party software
Attaching the malware to a link in an email that appears to come from a known, trusted source (a dental insurance company, coworker, etc.)
Placing a file on a website that automatically downloads when someone visits the site
In some cases, hackers find clever ways to gain access to computers that aren’t even on the Internet.
How Do You Prevent Ransomware in a Dental Practice?
The American Dental Association (ADA) reminds dental practices that the OCR has established several steps you can take to protect yourself from these attacks, including:
Implementing in-office protocols to reduce risk
Educate yourself and employees about how malware might enter your computer system
Limit who has access to PHI
Have a separate backup for patient files that can be accessed in an emergency
Also,
Install a firewall
Do not allow employees to access public wi-fi with devices that may communicate even through email with office computers
Keep all software and virus protection up-to-date to stay protected against emerging risks. Hackers are continually updating their malware to bypass existing security and exploit newly discovered vulnerabilities. When companies find these, they immediately push out a patch to their customers. But customers must install them promptly to become protected.
Be mindful about 3rd party software. Culturally, we’re so accustomed to thinking that “there’s an app for that”, that we put little thought into how safe the convenient 3rd party programs are
If you suspect that one of your computers has been infected, take it off the network immediately to reduce the risk of the infection spreading.
Only allow a knowledgeable IT professional to work with the infected computer
Work with your IT team to institute safety measures and track employee compliance with those measures.
Does Ransomware Impact Dentists Too? Absolutely.
Any business who would be negatively impacted by having their customer data encrypted is a possible target. As larger practices increase security, smaller entities like dental professionals find themselves a more enticing target. You can take steps to significantly reduce your risk. For more information on keeping your practice safe, follow our blog.
by Felicien | Dec 21, 2018 | Education
When computers or network systems break, you need to know that you’re able to quickly get your teams back online and to full productivity. That can be a challenge, especially if you’re working with a computer repair company. You can’t predict when a problem is going to occur or guarantee that a technician who is comfortable with your network configuration is able to quickly resolve the problem. This can be a costly issue for your business, not only in terms of the direct costs of hiring a computer repair tech, but also the indirect costs of lost productivity and customer frustration. When you work with a computer support company, you have the peace of mind knowing that there are set parameters around their response times and ability to solve specific problems. With a structured ongoing cost structure and myriad business benefits, many organizations are choosing to outsource to computer support companies.
What Are the Benefits of Using a Computer Repair Shop?
If you use the same computer repair shop for a long period of time, you may develop a relationship that allows you to quickly describe the problem and receive the resolution. However, you may find that you need multiple repair partners in order to successfully support all of the software and hardware that make up your IT infrastructure. You will only pay for the items that break and need to be fixed, so there are no monthly or quarterly costs that need to be budgeted. This approach also allows your technology team to assign tasks to internal staff members for resolution if they have time available. While these are strong benefits, there are some negatives to this approach as well.
Why Should I Use a Computer Support Company?
Using a computer support company, also known as a managed services provider, helps fill in some of the gaps that are left with a simple break/fix repair shop. While computer repair shops are often able to resolve a specific problem, they are unlikely to provide your business with the proactive security and technology management that will help you remain competitive in the future. The ongoing costs of working with a computer support company also ensure that you receive a high quality of service — guaranteed. You’re able to offload some of the more time-intensive daily tasks that can be a drain on internal IT time such as resetting passwords or restoring files. This allows internal IT staff to become a more active part of the organization’s digital strategy by contributing thought leadership and active engagement with business users to move the organization forward. An IT managed services provider is always on the job: reviewing your security posture, applying bug fixes and security patches to software, actively managing software licenses and ensuring that your network infrastructure remains stable.
Security Benefits with IT Managed Services
Applying hotfixes and patches is one of those ongoing tasks that can be difficult to prioritize on a daily, weekly or even monthly basis — but they are crucial to the ongoing security of your network and computers. Since IT managed services providers are paid whether or not you have a major outage, they are incentivized to create a high-availability environment that includes fewer slowdowns and limits the possibility of a breach. Any network security concerns are addressed immediately, by a team of professionals who are well-versed in various software platforms and security procedures. You’re also able to leverage best practices from across a range of industries to ensure that any sensitive personal, financial or health data is well-protected by the best possible security procedures.
Making a decision between a computer repair shop and a computer support company ultimately rests on the importance of stability to your business. While an IT managed services model may seem more expensive due to the ongoing monthly cost, it’s important to factor in the expense associated with a major breach and productivity losses due to downtime when you’re making a decision.
by Felicien | Dec 21, 2018 | Education
In searching for the ideal outsourced IT support company for your business, you may have come across some technical terms and phrases. Many of them are probably phrases you’ve heard before; however, you may not be sure of their precise technical meaning within the IT space.
While there are general and universal terms, there may also be variations of these phrases from one service provider to another. When receiving a quote, make sure you have a full understanding of what your service plan will include.
With this in mind, the following is a list of common terms related to IT services along with an explanation of their general implications and meaning:
Help Desk
Help Desk refers to a central point of contact (external or internal) who can be consulted if problems arise. This technician would then determine the root cause of the issue and delegate the work to the appropriate department or team.
Break-Fix
Break-Fix refers to when an IT hardware component breaks down or becomes defective, an IT Support company (typically an independent contractor) would be hired to service, repair or replace it within a designated time frame. (The price of a replacement part is likely not included in the service pricing.) However, systems are not managed, monitored or maintained with this very basic level of service.
IT Support
IT Support refers to broad and general technical assistance for your system. It can cover the planning phase, the setting up of your system components and also the maintenance of software and hardware. However, service is conducted on whole systems and networks in a server room as opposed to servicing individual desktop computers.
Desktop Computer Support
Desktop Support covers office equipment and end users. Desktop Support often includes break-fix coverage as well as limited support and technical guidance. Desktop Support is typically offered remotely, to repair and support software-related issues on company networks and individual users’ computers. It often also includes coverage of telephones, printers and other peripherals.
Managed IT Service
Managed Service is technical support for your computer servers, system load balancers, firewalls, hosting and related components. Managed Service is more proactive than typical IT support. Systems will be maintained and monitored remotely by the service provider. Any service could be managed or fully managed; it is up to the client to decide what service level they need and expect to receive.
Fully-Managed IT Service
Fully-Managed Service includes all the features of Managed Service, but also covers day to day IT department activities like adding or deleting users, adjusting privileges, changing passwords and the like.
When signing up for a service plan, it’s vital to be aware of the coverage and parameters of each option. This ensures that there will be no misunderstandings and that your company will be receiving the features that are ideal for your system. Services can range from basic break-fix to fully managed coverage and system care. Service may be hardware-only and not include routine care or specific jobs.
Again, this is not an exhaustive list of IT terms related to outsourced support. You should check with the providers you are considering and seek clarity about specific service offerings if required. However, this list offers a basic overview of the most common terms that are used in the IT Services Industry.
by Felicien | Dec 21, 2018 | Education
It’s almost time for kids to go back to school. In addition to buying new clothes and shoes, have you also thought about ways to keep kids safe online?
If they have computers with Windows 10, Xbox One devices, or Android phones running Microsoft Launcher, families can take advantage of a Microsoft family group account.
This free service can give them peace of mind and allow their kids to have some independence and opportunity to make decisions about how they use their devices.
You can share the following information with your friends, co-workers, and clients to help families get the most out of technology and stay safe when they’re online. (If a family has iOS devices, see Screen Time for iOS Devices below.)
How to get started
To set up a family group account, go to account.microsoft.com/family, choose Create a family group, and invite your family to join. Next, you can do things like setting up a shared family calendar to plan events so everyone is on the same page for school activities, sports, and more. You can also set limits on how much time your kids spend online and what types of websites they can visit.
In addition to content filters and time limits, the best way to help children stay safe online and make the right choices is keeping an open line of communication so you can talk with them about using devices and going online.
Here are five simple steps to help families use the Internet safely:
1. Trust: Set up devices with the security settings to match the level of parental controls and security you want. Log into your Microsoft Account and select Family to get started. You can use parental controls to manage the types of websites your kids can access when using the Microsoft Edge browser, what they can buy, and the type of content they can see based on their age. If you have an Xbox One, you can control the content and features your kids can access. Go to Xbox settings, and then Privacy and Online Safety to set up child accounts under your parental account.
2. Talk: Take time to discuss your kid’s online activities and agree on boundaries to build a shared sense of trust. For example, you can agree on an amount of money to put into your child’s account instead of linking to a credit card, which could result in a lot of charges. You can also enable “Ask a parent” to get alerts before your child can purchase a program or game so you can talk about whether or not it’s appropriate for them. You can also limit downloads to free apps and programs, or you even disable downloads altogether.
Another useful option is getting weekly activity reports listing the websites your kids visit and how often, apps and games they use, and a breakdown of how long each child has spent on all of your Microsoft devices. By having this information, you can decide if you need to have a discussion with your child about their online activity.
3. Teach: Be a teacher and a learner to open the door to good communication. There are great resources to help spark conversations with your kids and teach them how to recognise and manage risk. For example, Think U Know, which is sponsored by the Australian Federal Police, is a good source of information about cybersecurity and safety guides for kids and parents.
Think U Know encourages young people to think about what they say, see, and do online:
Say: Kids should be respectful to others when posting comments, sending messages, and chatting with others.
See: Young people need to aware of inappropriate content and cyberbullying by others and what they can do avoid these negative influences.
Do: When technology is used appropriately, it can be fun whether kids are playing games, using apps, or interacting on social media.
One way to encourage a discussion with your child about safe online use is Think U Know’s Family Online Safety Contract. It clearly outlines what is expected when a young person uses a smartphone, tablet, computer and devices.
It’s also important to show your kids that you want to learn from them. Be curious about how they use apps, visit websites, and play games.
4. Time: How much time kids spend with their devices is a big concern. It’s about striking the right balance that will work for your family. Have your children agree to certain boundaries of how long they use a device and at what times of the day and night. If it’s necessary, you can set screen limits and schedules in Windows 10 and Xbox using the Microsoft family features. This way your kids will only get access within the times and limits you’ve agreed to.
If your child uses an Android device with Microsoft Launcher, you can also check their location. This is especially handy when you want to make sure your child got home safely after school or where they’re hanging out at with their friends.
5. Teamwork: While most kids don’t want to share all of their online experiences, there are still some simple steps you can take to prevent them from feeling isolated. Try to build a “team” atmosphere by thinking about where their devices are allowed and put them in a shared family space if you can. Play online games with them. It’s a great way to understand their interests and have fun together as a family.
With online gaming, you can use Microsoft’s family group account to control which group of friends interact with your kids – rather than random strangers online. This can be a great comfort to know who your child is spending time when playing games and what they’re being exposed to.
Screen Time for iOS Devices
If a family uses iOS devices such as an iPhone or iPad, Apple offers a variety of options and settings to help parents give their children the appropriate level of online access. For example, iOS 12 has a new feature called Screen Time to block or limit the use of certain apps on a child’s device.
To get started, go to Settings and Screen Time. You can set up your child’s device by choosing This is My Child’s and following the steps. Some of the options include:
Preventing a child from installing or deleting apps and making purchases.
Blocking music or videos with explicit content.
Filtering website content when using the Safari browser.
By taking the time to set up online controls and talking with your kids, you can help them to make the right choices on their own. After all, the best filter is a good conscience that your child develops with your guidance and support.
by Felicien | Dec 20, 2018 | Education
In July 2018, an article published by Naked Security stated that SamSam, one of the latest ransomware threats, has been one of the most costly and dangerous attacks in history. SamSam leeched at least $6 million from unwitting victims, some of which were well-known businesses and government operations.
SamSam ended up costing the Colorado Department of Transportation upwards of $1.5 million as of April 2018, according to the Denver Post. The FBI and Department of Homeland Security (DHS) agencies have stepped in with recommendations to help business owners keep themselves and their data protected from not just SamSam, but other malware as well.
1. Make changes to systems that rely on RDP remote communication.
If you don’t use the RDP service, disable it. If you do rely on remote communication, work with an IT consulting agency to implement upgraded patches that conform to current system operations.
2. Use firewalls to protect open RDP ports.
If your system utilizes open RDP ports and public IP addresses, make sure these are rightly protected with a firewall. Virtual private networks should be used to access these ports, so make sure all users understand how to access the systems even once they are protected.
3. Beef up system passwords and lockouts.
One of the easiest ways to defend against brute-force attacks is to beef up your passwords and lockouts that are in use. USA Today says passwords should be a random collection of characters (upper and lower case), at least eight characters long, and that you should use a different password for each application. Use strong passwords among shared devices just the same as you would on the internet.
4. Utilize two-factor authentication processes.
Two-factor authentication processes offer an extra layer of security for applications that have it available. Many business owners skip doing two-factor authentication because it saves time, but this is an easy way to make systems more secure.
5. Pay attention to system updates as they become available.
System and software updates are hugely important, whether they are manually implemented or automatically added. These updates are frequently released as new threats emerge to the surface that would otherwise compromise an existing system. Never turn off automatic system updates and have a business security expert check your system for updates on occasion.
6. Implement a reliable backup strategy.
If something happens and your system is compromised by a SamSam ransomware attack, you need to have a backup plan already in place. Therefore, it is critical to implement a reliable backup access strategy so your system and your data can remain accessible.
7. Enable system logs and keep them for at least 90 days.
System logs will record every login attempt through RDP ports and other applications. In the event of an attack, IT analysts will be able to pinpoint the exact time that the system was infiltrated, which can be really helpful to solve the problem.
8. Follow guidelines for accessing cloud-hosted services.
If you do have cloud-hosted data that you frequently access, follow that provider’s rules for accessing your data and do not ignore their guidelines. These rules are specifically in place to keep your information protected. If you are using third-party services that require RDP access ports, make sure the service is following the latest safety practices.
9. Keep network exposure at a minimum for critical hardware.
In other words, if you have a hardware system that can function without being interconnected to all other devices on the network, then operate it as a standalone component. Just because you can connect everything in the modern technology setting, it does not always mean that you should. If SamSam or another ransomware attacks, hardware that is not connected can be safe. Likewise, it is good if you turn off sharing between printers and other devices unless it is absolutely necessary.
10. Restrict users from running software and opening emails.
There should only be trusted people within your business who are allowed the privilege of running software on any system. Therefore, make sure all users have a clear set of outlined access permissions and restrictions. It is also essential that email attachments are carefully handled, which means not every user should be allowed to open, access, or view email attachments.
Even though protecting your business from SamSam ransomware and other business cybersecurity threats can be time-consuming, it is these lines of protection that will save you from an expensive attack. Reach out to a cybersecurity expert for more information about adequately protecting your business network.
by Felicien | Dec 20, 2018 | Education
Is Amazon Getting Into Healthcare?
Amazon has already gotten into healthcare. The world’s largest internet company and third-largest retailer announced in January that it was forming an independent healthcare company for its own employees and the employees of other finance and multinational business giants: JP Morgan Chase and Berkshire Hathaway. Often overlooked in news reports, JP Morgan Chase CEO Jamie Dimon said that the new company could eventually “be expanded to benefit all Americans.”
Some experts have wondered if Amazon and its partners just wanted to negotiate lower healthcare costs for their own employees. Others, looking at Amazon’s acquisition of Whole Foods and its disruption of retail groceries, speculated that Amazon’s goals with the partnership were much broader.
The answer came June 28: Amazon has broader goals to disrupt the healthcare industry. The tech giant acquired New Hampshire-based PillPack, a mail-order pharmacy that delivers prescriptions directly to consumers on a bi-weekly basis.
Amazon paid slightly less than $1 billion for PillPack, which had a valuation of about $361 million when the offer was made. Its competitor for PillPack was the world’s largest retailer: WalMart.
What Could Amazon’s Disruption of Consumer Pharma Look Like?
Pharmaceutical sales are the first sector in healthcare that Amazon plans to enter. Traditional pharmacies have already taken a hit, with CVS, Rite Aid, and Walgreens losing more than $14.6 billion in share value after the announcement of Amazon’s purchase of PillPack.
It turns out that Amazon probably bought PillPack because it has been trying to enter the $400 billion U.S. pharmacy business for years, but encountered barriers to selling retail pharmaceuticals via its online platform. PillPack was already licensed to ship prescriptions to patients in every state. Analysts think that Amazon’s retail and IT background will quickly enable it to reduce prescription drug prices using PillPack’s platform.
What Other Aspects of the Healthcare Industry Could Amazon Disrupt?
Amazon seems likely to work toward disrupting traditional healthcare billing and payment. The tech giant’s joint healthcare venture with JP Morgan Chase and Berkshire Hathaway is led by celebrity surgeon and author Atul Gawande. Although critics say Gawande lacks management experience, he cofounded an innovative healthcare partnership between Harvard and Brigham and Women’s Hospital in 2012.
Gawande told an Aspen Institute audience in June, “we’re going to drive better outcomes, better satisfaction with care and better cost efficiency with new models that can be incubated for all.” Gawande has also said, “we pay doctors for quantity, not quality.”
Amazon also brought Martin Levine onto its healthcare team. Levine is a former practicing physician and clinic director for Iora Health, a Boston-based patient-focused and team-oriented healthcare provider which is expanding rapidly throughout several states, including Arizona, Georgia, and Washington. Amazon’s new healthcare models are likely to be based on patient health outcomes and satisfaction, not quantity or type of care provided.
Healthcare Logistics
Hospitals and clinics have begun to use Amazon Business to improve their supply chains. One Washington clinic provider uses Amazon’s “dash” buttons to fill 90% of its supply and ordering needs. Amazon is licensed to sell medical supplies in 47 of 50 states and the District of Columbia.
Big Data and Individualized Care
Amazon’s ability to use big data to improve retail customer care and outcomes might be adapted to improve health care provision. Amazon created a team to focus on adapting Alexa to help people with managing chronic illness. As an example, the voice assistant could easily be instructed to remind users to take medication at prescribed times.
Some analysts see Amazon as also having the potential to become any one of the following:
Patient engagement platform/remote/telemedicine
Transparency or provider rating tool
Insurance broker
EHR provider
Healthcare insiders have been skeptical about Amazon’s ability to make change or disrupt the healthcare sector because Microsoft and Google both failed with their prior attempts. Google Health ended in 2012, while Microsoft’s HealthVault ceased operations in January 2018. Google and Microsoft’s healthcare industry projects were consumer-facing and had limited to no revenue streams.
Amazon has already built a revenue stream and acquired a direct-delivery pharmacy with PillPack and it has brought several healthcare industry disruptors onboard, starting with Atul Gawande. Amazon’s partnership with JP Morgan Chase and Berkshire Hathaway brings the finance and multinational investment sectors together in a way that previous private industry failures to negotiate lower healthcare costs lacked. Amazon is also a big data company that has the potential to improve health outcomes for patients through the use of its voice assistant Alexa. Analysts have talked about how Amazon wants to “cut out the middleman” in healthcare. Amazon’s Jeff Bezos hasn’t commented in detail about his company’s healthcare venture, but Jamie Dimon, CEO of JP Morgan Chase, said the venture is likely to start out small, like Amazon did with books during its early years. “We may spend a bunch of time getting one piece of it right and testing things to see what works,” Dimon said in July.
