by Felicien | Apr 19, 2018 | Education
Your Devices Are A Target For Online Prowlers. At Your Peril Do Not Ignore!
Be Aware of Your Surroundings – Takes On a Whole New Meaning
When you were a child, your mom or dad reminded you, be aware of your surroundings. They wanted you to avoid getting hurt by a stranger. This sound advice also rings true when using your company’s computer, tablet or cell phone devices at any public Wi-Fi hotspot. Anytime you log onto a non-encrypted hotspot, you increase your device’s vulnerability to data hacking. Also, if you chose not to log on through a work-based VPN connection, you invite easy access to your company’s device. If you travel for business, you practice keeping your devices safe, especially in airports and train stations. But if you can avoid doing sensitive work at public hotspots, you’ve reduced your vulnerability and increased your awareness of your online surroundings.
Company Security Policies Are For Your Protection
Let’s say you work from home. Or maybe you travel and work remotely. Once you leave the company’s secure environment, your vulnerability increases. The organization is entrusting; you won’t expose them to unwanted malware and a hostile environment they have no control over. It’s for this reason; your company institutes a mandatory security policy. The terms of the policy state when any staff member, works away from the office, they must use the company’s devices. Should your device be compromised, your IT Security department can contain the risk immediately. But using a non-issued device, a friend or spouse has, you’ve exposed your company to a possible cyber-attack. You’ve also left the IT Security team to pick up the pieces which could have prevented. No need to stick your neck out. Follow your company’s security policies and reduce your risk and exposure.
Not Some, But All Systems and Applications Must Stay Up To Date
We know. You hate being reminded. Security managers are updated zealots. But their sage advice is the simplest and easiest step a home office user has at their disposal. When running your updates, remember you are updating your operating system, all applications, and Microsoft Office. The updates are not just for the latest versions. Updates are for your stronger security-related measures. When your computer reminds you to update your system, take those extra minutes and update. Finally, don’t forget your once a week security scans and your once-a-month full system scan. You might be surprised what your system digs up.
You Can Trust Me – I Am Your Network, or Are You?
Let’s say a security application, you’ve never seen, pops-up and prompts you to do a security scan, would you click it on? We hope you’d say no and here’s why. Some applications appear harmless and legitimate, almost friendly and helpful. But underneath they are programmed for sinister activity and why you must stay vigilant and know in advance if an unfamiliar network should be trusted. Granted you will be suspicious of public Wi-Fi hotspots, but at home, that same caution must continue. Downloading an app, your IT Support hasn’t cleared, puts you at great risk. If you’re not sure you logged into the correct network, stop and contact your IT Security Support department right away.
Remove The Cache Sludge From Your Computer
Have you noticed lately, your computer or browser are taking just a little longer to boot-up or respond these days? With virus updates, software patches, surfing the web, emailing, and working from your home computer, you will build up digital muck. For starters, your cache is your catch-all. It doesn’t matter what it is; something is going to drain down into your cache. And it keeps a record of it. So, if you want smooth sailing internet browsing and peak performance, clean out your cache. Why horde piles of digital yuck, for months, in your cache, where malware has been known to hide out? Once you clean out your cache and reload your browser, it rewards you with the updated version of the website you’re visiting. Also, if the site owners keep their security up-to-date, your visit is secure.
These Cookies Are Not Your Friends Nor Are They Tasty
According to Webopedia, “a cookie will contain a string of text that contains information about your browser. To work a cookie does not need to know where you are from; it only needs to remember your browser.” Some Websites use cookies to store more personal information, about you, and you may not know it. You must find out who has data about you. With bad press surrounding social media sites, it’s becoming more important to check your browser for cookies and delete them selectively or delete them entirely.
Still Using Passwords – Multi-Factor Authentication Gives You New Security Powers
In the early years, you were trained how to use passwords to protect your sensitive material. Something easy to remember. But with progress came security breaches. Easy passwords were out. Next password level was using numbers and symbols in the place of vowels in your password. Now passwords are out, and passphrases are in. Here’s how it works. No confusing password with symbols or numbers to remember. What you create is a phrase you will easily picture in your mind, like the address at your best friend’s house. Instead of a password like this: #152@Bobs, you create a passphrase like this: AddressAtBobsPlace. Now you have an easier way to remember and beefed-up security powers to protect your sensitive information.
Will Your Router Pass A Security Examination?
Finally, are you still using the original router password that came in the box? Does anyone else have access to that password? In some home offices, passwords get shared with family and close friends. If you do not remember the last time you changed the router’s password, or who has access to it, the time to replace the password is now. But if that same router has reached 24 months, ask your provider to swap it out and get a new dual-band router. With newer routers come five enhancements. They are faster to respond, data transmission is reliable, the latest security firmware is updated, comes with a warranty, and you receive a new password.
For more Intruder Hating Home Office Security Tips gives Network Essentials a call at {phone} or email us {email} to speak to one of our Home Office Security Specialists
by Felicien | Apr 18, 2018 | Education
From humble beginnings in a garage as the brainchild of two men to an asset valuation of nearly $250 billion in 2018, Microsoft is no stranger to breaking records.
Do you think Paul Allen and Bill Gates knew what lie ahead in 1975? Nope. Couldn’t have.
In those days, developing a BASIC interpreter for the Altair 8800 seemed impossible – because no one else had done it, including Allen and Gates, yet they promised the finished product and were able to deliver in two months. Between 1975 and now, the Microsoft Windows product is a professional mainstay and continues to dominate the desktop computing market. Add to this their Microsoft Surface product line-up, and between the desktop or laptop PC or the operating system it’s running, Microsoft is The Man. And we didn’t even get to the Microsoft Office line-up yet.
Between Microsoft Office, for which organizations purchased physical software plus per-seat licenses for users roughly a decade ago, and today’s Office 365, accessible online from anywhere, Microsoft caters to the modern professional. The Office Suite has expanded in recent years, beyond Word, Excel, and PowerPoint, to include a variety of productivity apps, including OneNote, Microsoft Teams – formerly Skype for Business – for a collaborative platform, and Outlook. All Microsoft applications offer seamless integration with other Microsoft apps, as well as a variety of external apps to blend the user experience with the goal of simplifying processes to increase efficiency and productivity – therefore, revenue.
Whether it’s standalone apps or the subscription-based Office 365, Microsoft products are the staples at every professional workplace in first-world countries today. Microsoft’s SharePoint and OneDrive, and their super-seamless integration with a multitude of productivity apps, simplify communication and connectivity in the professional world. From creating documents and spreadsheets to storing and sharing with colleagues, Microsoft has you covered.
Microsoft doesn’t like to just do something first – the team behind Microsoft Teams wants to do something first and best. Case in point, Microsoft is the first global cloud provider to receive the Certification for Protected data in Australia – a great achievement. The underlying significance of this is all levels of government and critical national infrastructure in Australia will be able to accelerate and increase use of secure cloud computing and storage. By comparison, Amazon began expanding its Amazon Web Services cloud-based storage solutions in the same area in 2012, but Microsoft is still first to be awarded this certification.
Remember when we mentioned subscription-based Office 365? Microsoft Azure and Office 365 are also getting accolades: both can now boast of Protected Certification by the Australian Signals Directorate (ASD), as well as inclusion in the Certified Cloud Services List (CCSL). Microsoft has been working in direct partnership with the Australian government toward this major milestone for a few years, and this achievement grants the opportunity for immense digital transformation in the public sector in both New Zealand and Australia.
Both Certification statuses are timed well with Microsoft’s announcement on the availability of Azure Australia Central. Two new highly-secure Microsoft Azure cloud regions are located in Australia-owned facilities, designed to facilitate mission-critical operations and demands for critical elements of national infrastructure. The Australian government has established clear intentions with these Certifications and announcements, to expand the adoption of cloud solutions. The public display of confidence in Azure and Office 365 offers a high level of assurance in both Microsoft and cloud optimization.
Australia released a formal strategy recently to demonstrate the cloud’s economical digital storage solutions, offering an ideal opportunity to shift reliance to a faster and reusable environment. Cloud-based storage solutions are free from limitations and constraints imposed by on-site options, with the added bonus of being customizable and convenient.
Microsoft invested in Australia with these data centers, and demonstrate a commitment to the public sector as well as the high degree of trust other organizations can have in Microsoft as a cloud service provider.
The cloud is nothing new, and the appetite for cloud-based solutions is growing in every corner of the globe. Microsoft isn’t the only global cloud solution provider, but this move signals a level of trust that few other brands can boast – or deliver upon. Every day, news of “the cloud” reaches journalistic outposts – Time, CNN, MSNBC, you get the idea. Dozens of entities have filled the channel, claiming to offer the same level of service and security that industry leaders, like Microsoft, can – but, in reality, few do. Why? It’s likely a combination of factors: expertise, financial fortitude and flexibility, all upon which a solid reputation is built.
Key players in the Infrastructure as a Service (IaaS) industry deliver infrastructure services on an outsourced basis to enterprise operations, providing hardware and storage solutions, servers and data center space These components each feature the benefits Australia focused on in their selection of Microsoft as their IaaS provider: security, scalability, reliability, economy, and expertise.
Is security the most critical component of the cloud? Many would argue that each benefit is nearly equal, but security and reliability are the two with the greatest impact and should, therefore, have the greatest focus when choosing a cloud solutions service provider. It’s easy to see why Australia went with the industry giant.
What’s next? Will other national governments follow Australia’s lead? Cloud is clearly the direction to take for trusted resources in data storage, with Microsoft being the lead innovator. Cloud is highly scalable, flexible, and reliable, and the future of data storage!
by Felicien | Apr 18, 2018 | Education
I Have Some Tips For You.
I often get asked by my boss to take the data she accumulates and put it into easy-to-read diagrams and charts. I was using Excel until just recently, which is great, but I needed something with more functionality and design choices. Then I found Microsoft Visio. I think it’s one of the best options available today to create diagrams and flowcharts. I have access to so many great templates and shapes that give my work the professional look my boss requires.
I really didn’t know much about Visio until a colleague told me about it. And when I gave it a try, I was sold. Now my diagrams can be as simple or complicated as I want. Visio provides all the tools and functions I need and comes with a wide variety of built-in shapes, stencils, and objects. I can even create my own shapes and import them if I want.
Have you heard about Visio Online? Microsoft Visio 2016 Viewer lets you view Visio drawings inside your Microsoft Internet Explorer Web browser. It’s a web-based version of Visio. So, when I’m away from the office I can still use it to design, create, edit and share diagrams and flowcharts online. I just upload my Visio diagrams and flowcharts to either SharePoint or OneDrive for Business and edit them in my browser.
Now I can collaborate with my team to streamline projects and work with them on diagrams right from my web browser. And I don’t have to worry about security. The only people who have access to my charts are the ones I authorize. I can even review their comments and add my own directly from my browser. And here’s another plus!—I can store all my diagrams in our OneDrive cloud storage that has 2GB of space.
What my team and I like best about MS Visio is that it’s so easy to use. It’s simple to create top-notch diagrams with commonly-used diagram types and rich shape sets. It’s easy to collaborate with team members and stakeholders, view and add comments, and share the diagram with others. We can pull external information into Vision such as an Excel sheet, or Access database. Now when my boss sends tons of data to me, I pull up my Visio, Excel or Access and design fantastic diagrams in just an hour or so. (She thinks I work all weekend to get this done!)
In case you didn’t know, Visio 2016 was released in September 2015 along with Microsoft Office 2016. It has dozens of templates you can use for a multitude of industries and verticals.
A few new features were added such the ability to connect to Excel data, information rights management for your Visio files, modern and detailed shapes for site plans and floor plans, IEEE-compliant electrical diagrams and home plans (architects, contractors, engineers, and designers will like these), and even 3D map diagrams. Plus, it comes with a bunch of new starter diagrams, themes, and built-in shapes–Hundreds of them! All these shapes are categorized, so they’re easy to find and choose from.
Want to know some really helpful Visio tips? I’ll share them with you here. I now consider myself a Visio expert, and I know there are a lot of beginners out there who might appreciate them.
Text Editing
Sometimes you need to edit text when you’re putting everything together, and not all applications let you do this. However, it’s easy to do in Microsoft Visio: Just click on the shape next to your text and press the F2 button. That’s it. Now you can edit as you wish–Simple! When you’re finished just press “Esc” to get out of the text-edit mode.
Shortcuts
F1 -for Help
Tab key to switch between shapes
Crtl+1– for the “selector” cursor
Ctrl+2 – for the text tool
Crtl+3– for connector lines
Alt for the main toolbar.
F3 for the Format Shape task pane
Crtl+PageUpor PageDown to move between sheets
Ctrl+ scroll up or down with the mouse to zoom in and out
Ctrl+click on and drag an object to copy and paste it in another place.
Draw Shapes
The Drawing Tool is next to the Pointer Tool on the Ribbon. Click on the arrow and select a shape from the drop-down menu. Then you can start drawing your shape. Try combining shapes with the Pencil Tool to make more complex or intricate shapes. You’ll be an expert before you know it.
Save Shapes
If you want to save a shape that you made, Visio lets you do this. Look on the left of the toolbar for “More Shapes” > “New Stencil” and drag and drop your shape into the blank space. Then right-click it and choose “Save As.” Now, just rename the shape and save it.
Add Files
With Visio, you can copy anything from other Microsoft Office apps and paste it into your diagram or flowchart. So, if you have an Excel table or diagram, just copy and paste it right into your Visio diagram or flowchart. This saves you from having to redraw it. You can now proceed with Visio’s editing tools.
Create Flow Charts Quickly in Visio Online.
Choose the Basic Flowchart diagram.
Choose a shape from the Shapes Panel and drag/drop it into your canvas.
Hold your pointer over the shape until you see the Auto-connect arrows.
Move the pointer to one of the Auto-connect arrows. You should see Quick Shapes where you can choose the shape you want to add.
If you want to add some text, double-click the shape.
You can add more shapes by dragging and dropping them from the Quick Shapes list.
Use the smart guides to align your shapes the way you want.
Before long, you’ll be an expert in Microsoft Visio. I hope this helps, and you get the kudos from your boss that I did from mine!
by Felicien | Apr 18, 2018 | Education
10 Steps Healthcare Facilities Should Take to Ensure the Security of ePHI When Employees Use Smartphones
It’s estimated that 74 percent of hospital workers use tablets or other mobile devices to collect and share information about patients.1 And although smartphones and other mobile devices can provide many benefits in the healthcare setting, using them also presents a number of risks.
Unless they are used safely, electronic Protected Health Information (ePHI) can be exposed, and malware and viruses can enter a facility’s IT network. Without adequate safeguards in place, this can lead to costly HIPAA violations.
Hospitals, medical clinics and healthcare entities must comply with HIPAA Privacy and Security Rules to protect and secure patients’ information, even when using mobile devices like a smartphone.
Banning smartphones isn’t the answer. When a patient is in pain, every minute counts. If there isn’t an order for pain medication in the patient’s record, a nurse must consult with their physician. In this instance, using a mobile phone can speed up the process. However, this, and other smartphone communications must be handled in a secure manner to protect the healthcare facility’s IT systems, and safeguard patient privacy.
Smartphone Data Breaches and HIPAA/HITECH
CIOs and technology professionals in healthcare facilities are concerned that the increase in smartphone usage increases the chances of security breaches where ePHI is revealed. The HIPAA Privacy Rule mandates that covered entities “reasonably safeguard” PHI from any intentional or unintentional use or disclosure that is in violation of the rule’s standards. It also outlines provisions for ensuring the confidentiality, integrity, and availability of PHI that is transferred or held in electronic form.
Covered entities include not only healthcare facilities but individual providers.
The HIPAA Security Rule outlines provisions for ensuring the confidentiality, integrity, and availability of PHI that is transferred or held in electronic form.
HIPAA concerns include:
Theft or loss of a smartphone that has PHI on it.
Staff or volunteers taking and distributing unauthorized photos.
Staff revealing PHI on social network pages—for example, by posting text or photos that could be classified as individually identifiable health information.
Unauthorized individuals accessing the healthcare facility’s systems.
Staff or physicians forwarding an unencrypted email that contains PHI from their organizational account to a personal account that does not have reasonable safeguards to protect PHI.
Data breaches involving patient information can lead to costly fines and settlements–and even criminal penalties. And the health information privacy laws and regulations in some states are even more extensive than federal HIPAA regulations.
Under the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, breaches of unsecured PHI must be reported to the affected individual, to the U.S. Secretary of Health and Human Services, and in certain cases, to the media. Both HIPAA and HITECH emphasize the importance of privacy and security with the use of ePHI when using smartphones and mobile devices.
Improper Smartphone Use Can Spread Viruses and Malware.
“Security of Mobile Computing Devices in the Healthcare Environment,” (by the HIMSS Mobile Security Work Group) warned that “as the popularity of mobile computing devices increases, so too does the possibility that someone will create malware that is intended to impact its use or compromise patient data.”
When used in a healthcare (or any) environment, smartphones should be routinely updated with the latest antivirus software and malware protection. This is not always an easy task and should be handled by a certified, IT expert (Managed Service Provider).
And because caregivers and providers are the first lines of defense, they must undergo Security Awareness Training to be educated about unsafe practices, such as opening suspicious attachments or clicking on questionable links.
Without a clear understanding regarding safety when using smartphones, and the potential negative effects (security breaches), users may ignore a healthcare facility’s security policies. This emphasizes the need for user education about the risks and consequences of not following security policies.
10 Steps Healthcare Facilities Should Take to Ensure Data Security When Employees Use Smartphones:
Devise and implement policies to control who can view and access smartphone data.
Assess the content of email messages and file attachments to automatically identify ePHI.
Make sure caregivers use two-factor authentication and digitally signed documents so only authorized users can access and transfer ePHI.
Disable SMS (Short Message Service) preview on smartphones. This prevents others from viewing text messages without authority.
Disable speech recognition features like Siri, Cortana or other personal assistants. If not, unauthorized users can gain access to software on smartphones.
Use strong passwords that are hard to guess. They should contain at least six characters with a combination of both upper and lower-case letters, with at least one number and one keyboard character.
Change passwords often and at least quarterly.
Set smartphones for automatic logoff. If the phone is lost or stolen the culprit would need the password to open it.
Set smartphones to limit the number of unsuccessful login attempts.
If a violation is detected:
Stop and quarantine the interaction.
Remove the attachment from the email.
Return a message to the original sender.
Notify a manager.
Retract the information.
Re-route and encrypt* the email for secure delivery.
*There are a number of ways to encrypt data in transit. Two include using a virtual private network (VPN) or a secure browser connection. The National Institute of Standards and Technology (NIST) has several Special Publications regarding encryption processes for data in motion, including SP 800-52 [PDF – 3.2 MB] and SP 800-77 [PDF – 255 KB]. SP 800-52 has information about transport layer security (TLS). (Contact your IT Managed Service Provider for more information.)
Mobile Device Management
Some mobile devices have a remote disabling and wiping feature built in. Remote wiping is a security feature that enables you to remotely erase the data on your smartphone if it’s lost or stolen. When you enable it, you have the ability to permanently delete data stored on your phone.
When using smartphones in a healthcare setting, it’s imperative that your IT Provider implements and deploys a professional Mobile Device Management (MDM) Solution.
A Professional MDM Solution Protects ePHI with:
The ability to locate, lock and wipe ePHI from a stolen or lost smartphone or mobile device.
Continuous remote monitoring and management of all authorized mobile devices.
Secure passcode implementation and enforced encryption.
As you can see, using smartphones always presents a number of risks, especially in a healthcare environment. And, unless you adequately safeguard patient data stored or in transit, unauthorized access to the healthcare facility’s systems could occur leading to ePHI breaches and HIPAA/HITECH violations. Executives and administrators should take necessary steps to prevent this by working with IT professionals who are certified in the latest security solutions.
by Felicien | Apr 18, 2018 | Education
Dementia and Alzheimer’s are scary for both patients and caregivers. Right now, there is no cure. Scientists are trying to find ways of prolonging patient’s lives and delaying the onset of the disease. IT Technicians are finding ways to make lives better and caring for patients easier. Some remarkable work is doing things for these individuals that has never been seen or done before.
First, A Word About The Disease
According to Alzheimer’s International, nearly 44 million people worldwide have Alzheimer’s or related dementia. More than 5 million American’s are living with it, and Between 2017 and 2025 every state is expected to see at least a 14% rise in the prevalence of Alzheimer’s. Those statistics are startling, especially since Alzheimer’s disease is irreversible.
Accounting for around 70 perfect of dementia cases, Alzheimer’s Disease is the most common cause of dementia, a group of brain disorders that results in the loss of intellectual and social skills. These changes are severe enough to interfere with day-to-day life. It progressively destroys the brain and ruins memory and thinking skills, and eventually the ability to carry out the simplest tasks.
A Few Other Statistics
In 2017, Alzheimer’s cost the United States $259 billion.
By 2050, costs associated with dementia could be as much as $1.1 trillion.
The global cost of Alzheimer’s and dementia is estimated to be $605 billion.
Alzheimer’s is the 6th leading cause of death in the United States.
Between 2017 and 2025 every state is expected to see at least a 14% rise in the prevalence of Alzheimer’s.
By 2050, it’s estimated there will be as many as 16 million Americans living with Alzheimer’s.
Every 66 seconds someone in the United States develops Alzheimer’s.
1 in 3 seniors dies with some form of dementia.
Technology at its Finest
Because of these sad stats and high numbers, IT experts have come up with some amazing devices that use modern technology to aid in the care of people suffering from memory problems. Here’s a look at a few of the latest innovations.
Clocks
Clocks precisely intended for those with Alzheimer’s and dementia can help ease the stress associated with day to day life. Someone who has dementia may confuse night and day so an easy to read clock can help them to better tell the time.
Medication Management
Medication management technology created high tech automated pill dispensers which beep and open to remind caregivers and those with dementia to take their medicine. Vibrating alarms on a watch have also been fashioned to remind when it’s time for a pill. This technology serves the busy caregiver well by helping them not to forget medication time as well.
Video Monitoring
Video monitoring technology supports both care recipient and caregiver, by allowing both people more freedom. The patient doesn’t feel watched constantly because loved one can spend a little time away, and loved ones get the comfort of being able to see their family even when they’re not in the same house.
GPS Location and Tracking Devices
People with Alzheimer’s or dementia may wander. Tracking devices can be worn by the person in some way and have alert systems that let a caregiver know if their loved one has left a certain area. This type of technology can also alert emergency personnel to aid in a quick recovery.
Picture Phones
Picture phones are specifically designed for people who cannot remember phone numbers. These phones have large numbers and are pre-programmable with frequently called phone numbers. Some of the phones come with clear buttons where photos can be placed so that the person can just push the button associated with the photos to call their loved one quickly.
Electrical Use Monitoring
This device monitors a patient’s use of electrical appliances. It plugs into a wall outlet or power strip and will alert caregivers if their commonly used appliances have not been turned on or off.
Wearable Cameras
Wearable cameras and augmented reality glasses could be the next big thing in helping patients. These devices can take hundreds of pictures every day from the user’s point of view logging their lives in this way.
A Village of Care
In Kitchener, Ontario, something wonderful is happening. Facilities have been designed to be less institutional-looking, friendlier and homier. “Schlegel Villages” is one of the first of its kind and is improving the quality of life for the people that live there.
One problem they deal with though is when at-risk seniors become confused and attempt to leave. According to Schlegel’s IT director, Chris Carde, “Some seniors with certain types of mental illness can remember the door-lock code to get out but can’t remember anything else. A confused senior wandering out into a southern Ontario winter can be a serious, even fatal, incident”.
Schlegel Villages is also implementing an e-health system to replace paper charts at its care facilities. Carde states, “Nurses would have to write down a patient’s vital signs, then enter them into a desktop computer some distance away. The new system, which will use iPads and iPad minis to enter health information directly into the database, is being greeted warmly by clinicians”.
Thinking Outside of the Box
A German senior center applied the idea of using fake bus stops to keep Alzheimer’s disease patients from wandering off. Because their short-term memory is not intact, but their long-term memory works fine, they know what the bus stop sign means, and they stop. It is a huge success in Germany, now they want to bring it to several clinics in North America.
A Final Word
Thanks to these researchers and IT innovators, the future is much brighter for patients with memory diseases and their families and care providers. This is just the beginning when it comes to making life easier. Information Technology has only just begun to scratch the surface of what can be done to help in the fight against dementia and Alzheimer’s.
by Felicien | Apr 17, 2018 | Education
Believe it or not, your medical record has the potential to be sold for thousands of dollars. And due to the digitization of health records, it’s now more prone to theft.
As more patient health records have gone digital over the years, they’ve become vulnerable to hackers—and far more valuable than credit-card data or other forms of confidential data.
Why? Because they contain insurance information that poachers can use for fraudulent billing and illegal prescriptions. These thieves can falsify insurance claims and collect checks and obtain hundreds of thousands of dollars in free care on someone else’s insurance.
The healthcare industry wasn’t prepared for this, and they are trying to play catch up to secure protected health information (PHI):
“The U.S. has a huge shortage of highly qualified cybersecurity people across all industries,” says Rod Piechowski, a senior director at the Healthcare Information & Management Systems Society, or HIMSS, a Chicago-based nonprofit with more than 50,000 members. “Being late to the game, health care just can’t compete.”
Health IT professionals, although they are in great demand, haven’t been able to play a major role in employer’s’ software procurement decisions. This is unlike banking and the financial industry where their option is regularly solicited before a major IT system is implemented. And until recently cybersecurity wasn’t prioritized in healthcare the way it has been in financial services. The result is that IT professionals had no influence when it came to software security standards for medical care, and now they’re having to oversee systems that are difficult to safeguard.
If your PHI is breached, hackers have the information they need to blackmail you for the rest of your life. That’s because your EHR contains information like conditions you suffer from such as depression, anxiety or other psychological conditions, sexually transmitted diseases, or heart conditions. If released to the public, these might be an embarrassment to you or even keep you from obtaining a particular position.
How Bad Is It?
EHRs (electronic health records) are being used by over 96 percent of critical-care facilities, and 83 percent of all hospitals. While the digitization of health records enables easy access to patients’ information, if not properly safeguarded they’re also available to hackers. This poses a real threat to patient privacy.
In the year 2016, there were 450 data breaches where 27 million EHRs were affected. Of these, 120 came from the outside, while 200 (more than 65%) came from the inside.
In 2017, there were 477 healthcare breaches reported to the U.S. Department of Health and Human Services (HHS) or the media, which affected a total of 5.579 million patient records.
With major hospitals and healthcare organizations paying higher fines for lost patient data, the challenges of maintaining EHR security remains a huge concern. And because of this, the benefits of using them must be weighed against the risks of theft and misuse.
Presence Health in Chicago was fined USD475,000 by the U.S. Health and Human Services (HHS) because they didn’t report a 2013 breach in a timely manner. Advocate Health Care had to pay HHS a whopping USD5.5 million for a breach of patient privacy–the most ever by a single entity.
Compounding the issue, now physicians who are frustrated with the bogged down systems try to design their own workarounds to speed up processing of healthcare data. These ad hoc “shadow IT” systems are insecure and rely on unencrypted data and personal emails. It’s only a matter of time before a sophisticated hacker breaks in to steal their data.
How do hackers obtain medical records?
One of the ways they do this is through spoofing where the facility is fooled into thinking that the person accessing the information is legitimate. Plus, Microsoft researchers warn that many types of databases used for electronic medical records are vulnerable to leaking information despite the use of encryption.
Hospitals and healthcare organization use methods like data encryption and the scrambling of PHI (de-identification) to disguise data so hackers can’t read it. However, the hackers simply steal the data and replace the encryption keys with their own to demand ransoms to unlock the data. This is called ransomware, and it’s very effective against healthcare facilities and hospitals that need ready access to patient data for their everyday operations.
Who are these hackers?
They’re not who you think they are. When we think of hackers, in our mind’s eye they are guys in hoodies working on computers in their parents’ basements. What’s hard to believe is that most attacks and data breaches don’t come from external hackers, but from the inside of an organization, where doctors, nurses or accounting personnel are negligent, abuse the system as disgruntled employees, or steal patient data for financial gain. In 2017, employee error affected 785,281 patient records and insider-wrongdoing affected 893,978.
One Promising Solution
Robert Lord, a former analytics systems designer, joined forces with Nick Culbertson, a former Special Forces operator when they were students at the John Hopkins University of Medicine. They created an Artificial Intelligence (AI) system to combat hacking of EHRs. They co-founded a cybersecurity company Protenus, to help the healthcare industry use artificial intelligence to prevent the theft of Protected Health Information and Electronic Health Records.
Lord explains:
“Your EHR contains all of your demographic information–names, historical information of where you live, where you worked, the names and ages of your relatives, financial information like credit cards and bank numbers…The medical record is the most comprehensive record about the identity of a person that exists today. We recognize that EHRs are living documents, so we’ve built an AI that is able to monitor how individuals interact with the EHR and associated systems, building a unique profile of every workforce member’s clinical and administrative workflow.”
The folks at Protenus are working on a solution that can tell the difference between routine access to EHRs or possible illegal attempts to retrieve this data. They do this by detecting unusual patterns and anomalies using AI that are then escalated to security officers. Over time, the solutions get “smarter” and learn exponentially as the customer base grows.
We’re Behind the 8 Ball When It Comes to Protecting EHRs.
Health care has lagged far behind banking and other industries when it comes to implementing security protocols. Until EHR records were mandated by Obamacare, many healthcare providers still used paper, faxes and handwritten charts. And once EHRs were finally implemented, the hackers were already a step ahead, and the medical industry is still scrambling to find ways to protect them.
Cybersecurity experts tell us that the seriousness of this can’t be overstated. The frequency of threats has taken off in the past 10 years as EHR data is increasingly networked between healthcare entities. And as we continue to struggle to secure our EHRs, increasingly savvy thieves are finding more ways to steal them.
