by Felicien | Jun 4, 2018 | Education
The U.S Food and Drug Administration (FDA) has recently launched their Medical Device Safety Action Plan whose main focus is to give assurance in the safety of connected Medical devices. The organization has put its main focus on patients relying on medical devices as seen from their Medical Device Safety slogan: ‘Protecting Patients, Promoting Public Health’ as part of their Action Plan.
The plan is molded in a way that it heavily relies on cybersecurity measures as part of its plan to reduce risk and curb breaches that are associated with connected devices. After all, security breaches cost everyone time and money and better cybersecurity is something that the whole world is working to achieve. Some of those measures are outlined below:
A Consideration that firms should update and patch device security product design and submit a “Software Bill of Materials” to the FDA.
Ensuring that there is an up-to-date guide to the medical device’s security before it is released into the market.
Establishing a body to follow up on post-market requirements on firms in adopting policies and procedures for reporting known threats or risks.
Finally, analyzing the improvements of CyberMed Safety (Expert) Analysis Board (CYMSAB).
This plan is well structured, but before it is even implemented and checked on its suitability to address all the cybersecurity breaches, below are two very real concerns:
What is the security plan in place for those devices that are already in the market?
What approach is in place to prepare for the future of cybersecurity?
The plan is obviously inclined to address the future security of medical devices. It has failed to adequately address the past which affects the present. More importantly, it may not adequately address the evolving threats that cyber thieves represent.
Here are some of the recommendations we put forward for consideration when reviewing the plan for Medical Device Safety:
Pre-market ‘hardening’ of Devices
Manufacturers should be required to ensure that their devices are up-to-standard where cyber security is concerned before releasing them into the market. There are various bodies from which the standard can be set. The Defense Information System Agency (DISA) or the Center for Internet Security (CIS) can be used as benchmarks for ‘hardening’ devices. This way manufacturers may be able to bypass the lengthy processes required to test and approve security updates once devices get into the marketplace.
Constant evaluation of Device connectivity
There should be a requirement that the manufactures set a clear connectivity path in their devices. This step is to help in monitoring any behavioral changes that are foreign and unwelcome. The users are also better able to understand the range of device performance on the network.
Standardized Communication by the Manufacturers
An organization deals with thousands of devices from different manufacturers, so imagine how difficult good communication will be. Today, providers are expected to contact the manufacturers about the known or expected vulnerabilities of their devices. This leads to a lot of time wasted in trying to ensure the security of the device environment. In some cases, manufacturers are being asked to come up with a timely resolution to a problem experienced. An effective process in risk mitigation would be to set up rules about the expected standards of communication between the manufacturers and the providers.
Accountability by the Manufacturers
Manufacturers should address the issues related to vulnerabilities. The devices should be tested and certified ready for use by the manufacturers and not the providers. Especially when it comes to system or software updates, the manufacturers of devices should be held accountable. The manufacturer is better positioned to test and approve their applicability or even make recommendations on their usage to their client base. This way, both parties are aware of who is accountable in case of a security breach.
Manufacturers should also be required to come up with a mechanism to monitor the performance of devices connected to the network on a full-time basis. This monitoring should be modified to suit all organizations whether small or big.
Consider the costs
The FDA’s plan should have factored in the amount of money that will be required to ensure this plan is carried out efficiently. For instance, the bandwidth required to store current data, devices, and patches are enormous and most providers cannot adequately handle it. Resource support is at the core of ensuring that medical devices are secure and continuously operate as expected.
CONCLUSION
Cybersecurity is becoming a serious topic especially when it concerns medical devices; people’s lives depend on them. If there’s a chance that they could be compromised, the stakeholders involved, including providers and manufacturers, should treat cybersecurity with the significance it deserves. The FDA is often relied upon to handle these important tasks, but in today’s world, it will require everyone’s assistance. The job is too big to leave to one organization.
by Felicien | Jun 4, 2018 | Education
Most of us work with programs like Dropbox, Google Docs, and Microsoft every day. But there are a wide range of great software-as-a-service (SaaS) and cloud-based programs that can improve efficiency. We’ve found 11 programs that are sure to be a crowd favorite at your workplace. Though some are not new, they’ve recently been updated to provide a wider range of services and features. These cloud services apps are perfect for small companies, as well as larger organizations.
Each program solves a real-world business problem that many of us have experienced and that’s no doubt the key to building a great app for business: it needs to solve a problem. Good apps that people actually download and use must be helpful. They must include benefits such as making your job easier or helping workers get things done faster. That’s another big plus for today’s busy people. We’re all multi-taskers who understand that we can’t get everything done without some help from technology.
The last big feature that these apps have in common is that they require a very small investment. For just a few dollars a month (in most cases), you can get apps that give you professional document management, cloud-based document backups, marketing campaigns, social media management, and many other services. Below, are 11 apps that will improve your workflow and save valuable time.
Approval Donkey
Free version: Up to three workflows
Plus program: $13 per month
Approval Donkey is a cloud-based approval app that automates the process of getting approvals on projects of all types. This app can be set up to move a project along a pre-defined chain so that there are no bottlenecks. It integrates with hundreds of other apps, making it a real bonus. Whether you’re dealing with admin, accounting or any other project, you can rely on the Approval Donkey to make sure each stage of the project gets the proper approval before moving on to the next stage. The app provides the current status of any project’s approval so you can quickly find out where the project is.
Asana
Free version: Up to 15 members, limited features
Paid version: $9.99 per month
Asana is a new project management app that provides easy project organization across teams. It can handle everything from tracking and reporting to conversations. A set of tasks can be managed for individuals, groups or larger teams. Asana has done away with clumsy project management tools that require numerous spreadsheets, emails, and word docs. All project documents are embedded within the project and completely transparent to everyone working on it. The paid version is $9.99 per month but there’s an even more comprehensive Asana app that can be used in Enterprise organizations.
Airtable
Cloud-based spreadsheet/ database
Free version: Store 2GB of data, manage 1,200 elements
Paid version: $10 per month, unlimited use
With Airtable, you can store, structure, and share information with other collaborators, allowing a team to work on the information in numerous forms. Airtable has a wide range of templates that let you structure your data any way you like. You can make it appear as a catalog, Kanban chart, inventory or however you need to suit your project. Airtable combines helpful features like those found in Google docs, Evernote, and Trello to help you manage information better.
Backblaze
Inexpensive cloud storage
No free version
Paid version: $5 per machine per month
Provides a set-it-and-forget-it backup system to store copies of local data in the cloud. Works for both internal drives and USB connections. This object-based cloud storage app is cheaper than most other cloud storage apps but still offers a rich API with good integration with other programs. Does not work with personal NAS boxes.
Cloudphone Virtual PBX
No free version
Paid version starts at $12 per month (includes one local number)
In the old days, a PBX system required a central box, intricate wiring, and actual telephones. It was a real hassle! But this Cloudphone has the ability to route calls just the way the old-fashioned PBX systems did. It includes conference calling, business voicemail, automated attendant services, and business phone numbers. It’s a great solution for companies that have lots of employees working from remote locations. Employees can work from anywhere while still using the corporate phone system. For $12 per month, you get one number and three extensions. For $49 per month, you can get five local numbers plus unlimited extensions.
Digital Ocean
Alternative to AWS
No free version
Paid version: Starts at $5 per month
This IaaS (infrastructure as a service) app allows users to create virtual machines in the cloud. This app works much the same as Amazon’s AWS but is simpler to use. Good IT skills are still required to configure the app. It was recently updated to add cloud-based object storage. Users build droplets or virtual machines adding RAM and processing power. Then decide what region to run them in. Allows users to preload virtual machines with numerous configurations.
Drip
Marketing automation
Free version: Less than 100 subscribers
Paid version: Starts at $43 per month for up to 2,500 subscriber
This marketing automation tool is basically a list manager that automates customer interactions. Using email, users can send out a pre-written set of messages to customers or prospects. This app integrates well with lead capture tools and shopping carts. Create a drip campaign, then send out emails over a period of time to improve customer engagement. For fewer than 100 customers, Drip is free to use, but the price goes up as you add new customers. At $43 per month, you can manage up to 2,500 subscribers sending out unlimited emails to them.
Hootsuite
Social media management
Free version: Up to three social profiles
Paid version: $29 per month for 10 profiles
This is a familiar app that allows marketers to sift through the feeds on popular social media sites to find out what’s important to their company. Hootsuite has become the go-to app for preparing corporate messages, interacting with consumers, or watching for important trends. You can manage thousands of social profiles across various groups. You can manage and schedule social media posts and even measure your social media ROI. Hootsuite integrates well with hundreds of other apps.
JIRA
Bug and issue tracking
No free version
Paid Version: $10 per month for 10 users
Create a helpful database of bugs and software development problems with the Jira app. You can track how issues are being handled and their progress. The app is often used by software development teams but offers a wide range of agile team coordination tools. Developers can work together managing workflow and production. $10 a month for 10 users is a great deal but the price goes up $7 for each new user you add. The app is scalable and can be used by enterprise organizations.
MailChimp
Manage mailing lists
Free version: 2,000 subscribers and 12,000 emails
Paid version: Depends on the number of subscribers and services
MailChimp works much the same as HubSpot and Drip. It helps marketing companies manage their mailing lists. Users love it for its easy-to-use Dashboard and for how well it integrates with other programs like the shopping cart and your blog. The company includes many cool tools for opt-in signup. Everything is fully automated once you get it set up. The free version offers a generous 2,000 subscribers and 12,000 emails but the price goes up as you add new subscribers and other services.
Shopify
Turn-key ecommerce
No free version
Paid version: $9 a month for lite version
Shopify is well-known as the most comprehensive ecommerce app available today. You can set up an online store, then use “chip and swipe” readers for Point-of-Sale registers. It integrates well with all social media sites, as well as shippers like UPS, Fed-Ex, and DHL. Though most consumers think of this app as primarily for Internet sales, it can also be used in brick and mortar stores or for small at-home businesses.
After the 14-day free trial, Shopify is $9 per month for the lite version, and $29 per month for a basic plan that includes a wide range of services. While they do charge transaction fees for credit card processing, their fees are very competitive with other services.
by Felicien | Jun 1, 2018 | Education
In our modern world today, most of our electronic devices can be connected to the internet, sounds good, right? Some advanced technology recently introduced medical devices that can connect directly with health organizations through the internet. This is a great milestone since consultations can be done from miles away and immediate help afforded to patients and caregivers. There is a downside to this; that personal information shared on these devices might not be secure. Hackers have found a way of acquiring information and using it for financial gain. This is distressing for patients and it leaves healthcare organizations at risk for lawsuits.
The issues relating to securing information on Medical Devices connected to IoT should be a Health Organization’s priority over and above everything else. Here are five tips on how to protect your IoT-enabled medical device from hackers.
Conduct an Inventory
Healthcare leaders are often not aware of how many medical devices are connected to their network. This makes their monitoring and management of risks associated with the connection much harder. What makes it even more difficult, is the dynamic way in which the devices are introduced and removed from the environment. It has become more important for these organizations to create a database of these devices. Once they have a complete database of the device including some owner information, healthcare professionals can monitor them. They can also gather actionable intelligence based on the different security risks associated with them.
This may be costly and lots of work, but at the end of the day it will help secure the Health Organization’s reputation, while keeping patient information safe. Since the future seems dependent on technology, it’ only logical to go ahead and set up a system where the IoT devices can be tracked and monitored. This will also help avoid possible law suits against the organization.
Increased Accountability
Bad security will affect each and every aspect of any business, so instead of treating security as an IT problem, it should rather be seen as a business issue. This will in turn spark the kind of attention it deserves. Health organizations operate differently when it comes to the security structures they have in place. In some organizations, Clinical Engineering (CE), IT, and Security are handled separately. At the moment, those who are responsible for a security breach in IoT-enabled Medical Devices are not well defined. Unless these issues are clearly defined for each healthcare organization, it’s difficult to take steps to establish the responsible party whenever a medical device is hacked.
Create and Maintain A Cyber Security Strategy
The idea of medical devices being connected to the internet is relatively recent. So it is important for the healthcare organizations to review these issues as a matter of priority. Cyber security strategies for IoT devices will become even more relevant and critical as they move further into the future. It is recommended that the organization put in place a system that monitors the behaviors of these devices by listening passively to the medical devices and identifying dangers in real time. Security strategies work best with human interactions, but that covers only a small margin. It is important to include machine learning and Artificial Intelligence (AI) as strategies to effective cyber security.
Establish A Fast Response Process to Breaches
Every moment counts when a breach does occur. The organization should have in place a mechanism that is well integrated in the overall security system and designed to notify those involved. First, check to make sure the patient is aware and okay. The patient’s health is always first. It is also of key importance that those who are responsible in the organization clearly understand their roles. When each nurse, doctor, and technician is aware of what their responsibilities are, things will move along with more precision. Develop simple, clear, and straightforward rules and guidelines that everyone is aware of.
Allocate Adequate Resources
Healthcare organizations should ensure that their budget includes monitoring and security for these technologies. Have a budget set aside for the ongoing operating costs, as well as security breach events. A thorough auditing and cost analysis is required to decide whether it would be cost effective to run this in-house system or hire the services of a trusted IT professional.
Healthcare organizations must ensure a balance between enabling patient engagement services, protecting their connected medical devices, and securing patient data. Health organizations should monitor those security measures for glitches, breaches, or even potential problems to the equipment.
Conclusion
Trust is everything in any business ventures, especially for those providing healthcare services. Technological advancements have great advantages if well applied, but they must be monitored and controlled so that security breaches do not occur. Security for all data has become an important issue and many businesses are dealing with the ramifications of a breach. For healthcare organizations, these issues are even more critical. Without good measures in place, a medical device could be hacked, causing embarrassment or even a law suit for the health organization.
by Felicien | Jun 1, 2018 | Education
Your dental practice has much more to do than worry about computer and IT problems. Your staff is busy serving your patients. But if you’re like others, you’re overrun with spam. Even malicious programs like ransomware can be delivered right into an employee’s inbox. Without proper training, employees often open these emails and download malware. This can threaten your patients’ private health data.
Since all our devices are now connected to the internet via networks, it’s very important that your computers and networks have the highest protection. Any attack on your system or database can cause more than just computer problems—your data can be hacked and sold on the Dark Web. This is not only stressful, but it can affect your good reputation.
We regularly get calls from dentists who are concerned that their network might be infected with malware or computer viruses. And, we’ve seen cases where the dentist office paid the ransom to get their files returned, but the criminals came back asking for more money. Some of these malicious files can hide in the background and still be working behind the scenes to compromise your database.
Unless your IT provider knows how to secure your network from cyber criminals and beat them at their own game, you could fall victim to them as well.
We’ve seen a sharp increase in the number of dental practices involved in these attacks. So, we’ve written this Guide to arm you with pertinent facts about cyber theft. Here’s what you can do to protect your IT systems.
What’s Hiding In Your Computers?
What You Need To Know About Spyware, Malware & Hackers
Today’s cybercriminals know how to create malware and viruses that are hard to find and difficult to eradicate. They are also adept at finding vulnerabilities in computer networks where they can enter and secretly infect systems. Thieves may have already infiltrated your practice’s network without you even knowing they’re there.
Spyware
Spyware secretly monitors your computing actions. It exploits user behavior and application vulnerabilities. It gives a hacker sensitive information that you want to keep private.
Spyware refers to hidden programs hackers install on your computers without your permission. They infect your system to spy on your computing actions, gather information, and send this information back to their home base.
In some instances, spyware steals identities, passwords, contact files, and more. It can also take over your computers and use them for illegal activities. Plus, all this will alter your web browsers and slow down your computers.
Spyware is often attached to free online software downloads or to counterfeit links clicked on by users. It infects computers when someone downloads things like free applications, music, emoticons, and screensavers. It piggybacks onto the download and runs undetected in the background where it collects data about you, your practice, your patients, and more until it’s removed.
Your employees may believe these files are legitimate when they aren’t. Just one innocent worker can accidentally infect your entire network with spyware.
Malware
Malware is short for malicious software. Malware comes in the form of worms, viruses, trojans, spyware, adware, and rootkits. It steals protected data, deletes documents, or adds software that you haven’t approved. Unlike spyware, malware can replicate itself from one computer to the next. It does this via a network connection, or even via your email accounts without you knowing it.
A malware infection can corrupt your files, alter or delete data, distribute confidential information such as bank accounts, credit card numbers, and other personal data. Plus, it can disable hardware, prevent you and your employees from using your computers, and cause your entire network to crash.
Malware is difficult to eliminate – it fights back when you try to clean it from your system. In some instances, you must completely wipe all the information from your computers and hard drives to eradicate it. This requires a complete re-install of your operating system and applications. Unless you have an enterprise-based cloud backup along with a reliable onsite backup solution, malware could cause you to lose all of your patient and other important data.
Hackers
Hackers are criminal computer programmers. They try to gain unauthorized access to your computers or a network. Hackers may try to alter your system or security features from their original purpose.
Hackers design spyware and malware programs that attack your computers. They may have a criminal intent to steal money from you, hold a grudge against your business, or simply do this for fun.
Today’s hackers are intelligent and use sophisticated exploits to gain unauthorized access to computer systems and networks.
Some of the techniques hackers use include:
Vulnerability scanning that looks for unknown weaknesses in your system.
Password cracking where they retrieve passwords from data you’ve stored or have transmitted.
Packet sniffing using applications that capture data packets to view data and passwords in transit.
Spoofing attacks that mimic legitimate websites to trick your employees into visiting them.
Rootkits that work to gain control over your operating system.
Trojan horses that open a backdoor into your IT system so they can gain access to it.
Self-Replicating Viruses that insert copies of themselves into executable codes, files, or documents.
Key Logging Tools that record every keystroke on the infected computer.
11 Signs That Your Computer Is Infected
Since many malicious programs hiding in your computing environment, it’s not easy to find them. One way to tell if you’ve been infected is:
When you’re swamped with pop-up advertisements that interrupt your work.
Your computer is slow, locks up, or crashes frequently.
The home page on your web browser changes on its own, and you can’t change the settings.
You see toolbars on your web browser that you didn’t put there.
You get a second or third web browser popping up behind the main browser that you didn’t approve.
Strange files suddenly appear.
Your CD drawer opens or closes by itself.
You constantly get errors in MS Outlook/Outlook Express.
You notice emails in your “Sent Items” folder that you didn’t send.
Some of your files are moved or deleted.
The icons on your desktop or toolbars are missing or blank.
4 Misconceptions About Computer Threats
“I Can Remove Spyware And Malware On My Own”
Many of these programs can’t even be detected, much less removed. They incorporate themselves so deeply into your operating system that it takes a senior-level technician to detect, locate, and remove them. In extreme cases, even the best technician won’t succeed and will have to completely wipe your system clean to remove them.
“We Didn’t Cause The Infection”
Malware, spyware, and viruses infect your computers or network when you or one of your employees let them in. Common activities like downloading infected files or applications or visiting counterfeit websites with malicious viruses allow infections to occur. Emoticons (smiley faces and action characters that you see at the bottom of many people’s emails) can also come attached to viruses. Hackers are clever and are always looking for ways to trick you into downloading viruses. Plus, unless you have the most up-to-date security patches and virus definitions installed on your computer, hackers can gain access if you or an employee click on a malicious link.
“We Don’t Need Ongoing Computer Maintenance”
This is the biggest and most common misconception. There are certain maintenance checks that must be completed:
On a daily basis – virus updates and spam filtering.
On a weekly basis – system backups and spyware sweeps.
On a monthly or quarterly basis – checking for and installing security patches and updates, disk defragmentation, spyware detection, and removal, checking the surge suppressor and the integrity of the hard drive.
You probably don’t have the time nor the expertise to keep up with these things. Plus, with viruses evolving all the time, it’s best to refer to your IT Partner for these maintenance tasks.
“The Security Tools Provided In Our Operating System Are Enough”
They aren’t, and there’s no one vendor that provides all the security you need to keep your computers safe. Your dental practice requires a multi-layered approach to IT security that:
Remotely monitors your technology 24/7 to ensure the security of your data and EHRs.
Confirms that your data is always stored securely, protected, and private.
Includes Compliance and Security Audits to ensure your technology meets today’s stringent HIPAA and Meaningful Use Requirements.
Leverages Mobile Device Management, so your data is safe anywhere it goes.
Provides Backup and Disaster-Recovery Services so your systems and data are securely accessible, no matter what.
Your dental practice requires the expertise of a managed services and security provider who can remove the vulnerabilities in your IT processes, applications, and hardware that open the door to intruders. They should be capable of deploying remote software and hardware-based network security services to provide complete enterprise-based information security.
How To Secure Your IT System From Malicious Attacks In 6 Simple Ways
As mentioned above, the computers and network you use in your dental practice must be proactively and remotely monitored and maintained. In addition, you must do the following:
Back Up Your Files To A Reliable Source Every Day.
This means using an enterprise-based onsite backup. With local backup (usually an external hard drive), the data is just as protected as your network. However, once it’s stored and the drive is disconnected, it’s safe from any malicious attacks that might affect your infrastructure. Backing up all of your data to an external hard drive is typically quick, and after your initial backup, daily updating can be done in just a few minutes.
Test Your Backups On A Regular Basis To Ensure They’re Recoverable.
Testing that files are recoverable is the missing step in making backups. Too many dental practices make substantial investments and spend a lot of time backing up their data only to find their backups don’t work when they need them. There are many things that can go wrong to corrupt backups. That is why it’s not enough to simply back up your system; you have to check it on a regular basis to make sure the data is recoverable in the event of an emergency.
Keep An Offsite Copy Of Your Backups.
In addition to your enterprise-based onsite backup, you need a secure cloud backup where your data is safely replicated to a data center. To do this, your IT Partner will use technologies like virtualization where they provide a cloud-based version of your servers, workstations, file storage, and applications in a secure data center. This way, if a fire or flood destroys your onsite backup, you’ll still have everything you need to get your practice back up and running.
Ensure You Use Reliable Virus Protection, Keep It On And Up To Date.
The right anti-virus software will detect, prevent, and remove viruses, worms, and other malware from your computer. Most include an auto-update feature that permits the program to download profiles if new viruses appear to check for threats. Antivirus programs are essential, but one program might find certain viruses while another can’t. You should consult with your IT Partner to ensure your dental practice chooses the right software for your needs.
Firewalls Are A Must.
No matter how small your practice, you need a quality firewall. A firewall is the first line of defense to secure your sensitive information. It blocks unauthorized access to or from your network and prevents unauthorized users or illicit software from gaining access. A firewall may be used as hardware, software, or a combination of both.
Update Your Software And System With Security Patches As Soon As They’re Released.
Software updates are important because they often include critical security patches for vulnerabilities. Many of the more harmful malware attacks take advantage of software vulnerabilities in common applications, like operating systems and browsers. Think about this – hackers will know that security patches have been released. They know that Microsoft, Apple, or another software provider has detected a vulnerability. Hackers will be on the lookout for those who haven’t patched their system. If you wait to update, your IT system and data will be exposed.
Your files and patient data are important to your dental practice. Isn’t it time you got serious about protecting them? We’ll take the guesswork out of securing your computers and network. Contact us for a complimentary consultation to learn more.
by Felicien | May 30, 2018 | Education
Earlier this month, two San Francisco hospitals reported that 900 patient records had been compromised. The two hospitals involved were San Francisco General and Laguna Honda. The San Francisco Public Health Department was notified and began their investigation at once. They found that a former employee of Nuance Communications was at fault. Nuance is a third-party vendor to both hospitals providing voice recognition software for medical transcription.
The Public Health Department is partnering with Nuance Communications to get to the bottom of the breach and mitigate the damage as quickly as possible. The former employee at Nuance illegally accessed the patient records of about 900 patients from the two San Francisco hospitals. The lost data included names, dates of birth, details about patient’s conditions and diagnoses. It did not include any social security numbers, financial information, or driver’s license numbers.
The patient records were accessed between November 20th and December 9th of 2017. The health department confirmed that all patients affected had been notified.
Improvements needed in healthcare networks
In a statement, Roland Pickens, the director of the San Francisco Health Network said, “We sincerely apologize for any inconvenience or concern that this situation may cause. All of our vendors are required to attest to the protection of patient privacy, as part of their contract, and we continue to audit and improve upon that process.”
After an investigation by the U.S. Department of Justice, authorities said they believed the stolen information had not been offered for sale online. They also stated that all personal data from patients had been safely recovered from the former Nuance employee.
A Health Department spokeswoman said that the investigation was still ongoing and that all parties were working together in harmony to resolve these issues as quickly as possible. They assured the affected patients that their personal medical information had been recovered and that the risk of damage from the breach was minimal.
Medical data a valuable target for cyber thieves
Patient medical data has become a hot target for cyber thieves because it usually contains a great deal of information about the patient. Hospitals collect many types of personal information from patients including names, addresses, phone numbers, social security numbers, driver’s license numbers and detailed information about the patient’s medical condition. This type of information is considered high-value by cyber thieves because it has so many different uses. For instance, knowing the medical condition of a person would give criminals an arsenal of tools with which to defraud the patient. In many cases, patients who lose this type of information feel vulnerable. Patients often already feel as if they’ve lost control due to their compromised health condition. But then, a cyber-criminal steals their personal data and they feel as if they’ve been attacked again.
For these and other reasons, hospitals and healthcare organizations must be especially careful when dealing with patient records. HIPAA guidelines provide doctors and hospitals with a full set of standards regarding the processing of patient data. The agency seeks to reduce fraud, waste, and abuse while delivering better health care to individuals.
Other big healthcare breaches
In 2014, 56,000 medical records were stolen from patients at San Francisco General, along with a few city-run clinics. In this case, as in the last one, a third party vendor was responsible for the breach. An employee of Sutherland Healthcare Solutions, a billing company doing business with the hospital, stole the records in order to sell them on the Dark Web, where they might have brought thousands of dollars.
In February of 2015, Anthem Health Insurance experienced a data breach where 80 million company records were breached. To date, this has been the largest attack on hospitals, insurance providers, and healthcare. Investigators said that cybercriminals were able to break into the insurance company’s servers and steal the records.
Officials say that they expect data breaches at healthcare organizations to rise over the next few years. The reason? The information that cyber thieves can collect is so thorough that it allows thieves to assume the identity of the person. Once they do this, they can set up new accounts, access the patient’s bank account, or use their credit cards.
In past breaches, hospitals and health care providers have lost patient records via numerous ways. The top four methods used were:
Theft of laptops
Breaking into hospital servers
Third party vendors
Angry ex-employees
In some cases, personal patient info is exposed due to technological glitches in the software or hardware that a healthcare provider uses.
In response to the two latest breaches at San Francisco General and Laguna Honda, hospital officials said they were strengthening their security practices. Many security experts believe that every organization, whether private or public, should treat cyber security as a boardroom topic instead of an IT issue. The rise in healthcare breaches confirms that.
by Felicien | May 30, 2018 | Education
Cybercrime is no longer a new phenomenon. The zeal with which cybercriminals have committed these offenses in the past has led to an outcry from businesses and organizations. Cybercriminals are constantly on the prowl for new sites to attack. They are continuously improving their methods of attack. To make matter worse, this type of crime is very difficult to solve. The attacks themselves become more sophisticated as the days go by. Many experts are searching for real solutions; permanent solutions.
The threat to small businesses
While many organizations have put in place various measures to prevent this crime, a look at the statistics reveals that only large organizations are really doing everything they need to do. Smaller companies either think they can’t afford good protection or don’t need it. The best protection from cyber breaches is expensive. It requires training for employees, risk assessment, and the installation of a good array of programs that can detect and prevent intrusion. There are ways that small businesses can get the same top-notch protection as a large organization. And, it is imperative that they do so. A big data breach could cost your company millions of dollars. Most experts say that it’s not a matter of IF you get attacked; it’s just a matter of WHEN.
How real is the threat?
The threat of a cyberattack is a lingering one despite the amount of protection that one invests in. That’s because the nature of this crime is to evolve with each new attack. This is why most business owners prefer to invest in protection services with the ability to detect cybercrime before it occurs. The Verizon Data Breach Investigation Report shows that the threat of cyberattacks on small businesses is much greater than small business owners anticipate. This group states that up to 61% of cyber security breaches were experienced by small businesses last year. This was an 8% rise from 53% in the previous year.[1]
Cost of cyber-attacks on small businesses
While small businesses fail to invest in protection systems because of the costs, it is noteworthy that the amount of money lost as a result of cyberattacks is considerably higher. The ransomware attack is a great example of this fact. One ransomware attack can stop your workforce in its tracks. Your data will be locked until you pay. Some thieves threaten to release your internal documents to the public. This caused a huge amount of embarrassment for Sony Pictures after their 2014 data breach.[2] The North Koreans took responsibility for this breach, claiming that they did not like a movie that Sony was about to release where the North Korean dictator was to be made fun of.
In the end, the damage to Sony was more about being embarrassed before the whole world. Sony’s reputation was severely damaged. Though large companies like Sony can survive an attack like this, small companies cannot. A new study shows that cyberattacks cost on average, $38,000 per attack.[3] Below are a few other stats pertaining to small businesses and data breaches:
23 percent lost business opportunities after an attack.
29 percent lost revenue; 38 percent of those lost more than 20 percent.
22 percent of businesses lost customers; 40 percent lost more than 20 percent of their customer base.
In some cases, small businesses must close their doors within a few months of the attack. Small business owners are only just realizing how vulnerable they are. This is due to the fact that most small businesses are an easy target for hackers. They simply don’t have sophisticated enough data protection programs in place.
What can you do about it?
The first step for any small business is to invest in effective cyber security software. These should be installed on all computers and mobile devices. The second step is to install a remote computer backup. Always have recent copies of your database stored somewhere offsite. A remote computer backup makes recovery of data much simpler.
A third step is to test your data security systems and procedures regularly. This can be easily done through a gap analysis. A gap analysis will enable the business owner to know how effective the data protection system really is. It takes into consideration the detected threats and compares these with the protection system. It is also sensible to develop a data breach response plan. This should include a communications response plan.
Proper response in cases of data breach can save a company millions of dollars and protect customers. A good response plan can let everyone including stakeholders know what’s going on. The sooner your employees know what’s happening, the sooner they can shut down their computers and mobile devices so that the virus can’t spread. All computers and devices with company data should be disconnected from the network until the issues are resolved.
Cyber liability insurance can also come in handy in case of attacks. As we have noted, up to 60% of small businesses which experience cyber-attacks are forced out of business within six months of the attack. Cyber liability insurance will protect your assets.
Final thoughts
Small businesses are currently attractive to cybercriminals because of their lack of protection. When it comes to cyber security, it should be noted that prevention is definitely the best route. Though many prevention measures appear costly, it can save your company from going through a nightmare that will be expensive and damage your reputation.
[1] https://www.verizonenterprise.com/verizon-insights-lab/dbir/
[2] https://en.wikipedia.org/wiki/Sony_Pictures_hack
[3] https://www.score.org/blog/cyberattacks-cost-small-businesses-more-money
