by Felicien | Aug 5, 2019 | Education
3 Shocking Healthcare Business Associate Data Breaches Stories
What the worst that could happen? 3 healthcare data breach stories aren’t for the faint of heart. Find out how to protect your company from similar outcomes
Breaking news. July 25th, 2019. Northwood, a medical equipment benefits administrator in Michigan had to notify their many healthcare partners that their patient data had been compromised after a hacker bypassed security to access and employee’s email. As a result, over 15 thousand patient records were affected. After spotting seemingly nefarious activity on the email, security was alerted. But they determined that the entity had had access for three days, an eternity to steal patient data. Diagnoses, social security numbers and more were among the causalities.
Alert! Nearly four thousand patient records compromised when Cancer Treatment Centers of America experienced an email hack. If only this were an isolated situation. But unfortunately, it’s the third within a short time as those seeking to do harm deploy email phishing attacks at the company on a regular basis just waiting for someone to take the bait. This time the hacker had access for 11 days.
Not again. American Medical Collection Agency (AMCA) experienced an eight-month hack of patient data that exposed over 25 million patients’ information. Over 20 of their partners were affected, including names you know like Quest Diagnostics and LabCorp. Laboratory Medicine Consultants claims that their business associate, AMCA “downplayed” the incident, leading them to believe that the breach was much less impactful than it was and causing the need for more extensive investigation.
These breaches are recent and investigations ongoing so at this time we can’t quantify the personal casualties, HIPAA penalties or lawsuits that will likely result for both the business associates and the hospitals, labs and other medical providers that trusted them to protect their patients from third-party data breaches.
Stories like these remind us of the impact of healthcare business associate data breaches and the importance of putting systems in place to protect patients and our healthcare company’s financial interests. Let’s explore the solutions that these companies and their partners, unfortunately, implemented too late to prevent the data breaches but you can proactively employ to prevent a similar fate.
1. Get the Business Associate Agreement Updated
As a healthcare organization, you work with several third parties who have access to varying levels of patient data. And we couldn’t function without them.
You need business associates to:
Access to expertise you don’t have in-house
Keep costs low and standards high
Collaborate with other healthcare professionals
While a BAA won’t completely protect you when business associate data breaches occur, it does outline what your partner is doing to keep patient data safe. This allows you to evaluate their standards and make the best decisions for your organization.
2. Re-evaluate What You Share with a Business Associate
Patient information should always be on a need-to-know basis. For example, a collection agency doesn’t need diagnosis information to collect on a debt. But you could be unwittingly sending this if you simply send over un-redacted patient records. You’ll find many examples of similar cases, so evaluate your exposure and limit the risk.
3. Invest in Your People
You can have the highest level encryption, firewalls and anti-virus, but a phishing email can help a hacker bypass all of it. Typically, an employee receives an email asking them to click a link. That link may lead somewhere that looks familiar, encouraging them to enter a password. Or the link may cause the download of a file that compromises security. Stay informed about the risks and continually update your teams about the types of tricks hackers use to access patient data.
4. Vet Third-Party Software
We all know that there’s an app for that. Apps make our lives easier and can do almost anything. And in a business where time is money, we’re always looking for ways to increase productivity, patient satisfaction, inventory management and more. But any third-party software, even if it’s a trusted name like Microsoft or Google, is an opportunity for those trying to access patient data to do so.
Know who your partners are and what security measures they employ. Some software companies have varying levels of security on their software. And we can assure you that if someone in your company is using the “free version” of a service like Dropbox or Google Drive, it doesn’t have the security you need.
Work with IT security experts to evaluate their security measures. And know that software companies also need to sign a BAA if you will be giving them access to patient data. If they won’t sign it, choose another application.
5. Take Stock of Your Current Security Technologies
Are these technologies high-caliber enough for healthcare? Are they able to reduce the risk of today’s modern security threats, which are often clever and highly convincing?
Once again, if you don’t have the high-level security expertise in-house, consult with experts who can evaluate your risks and recommend solutions.
Consult with Managed IT Security Specialists
The average IT director or manager may be very good at his or her job. But today’s security risks extend beyond the training and knowledge of even the best IT professionals. You need to work with security specialists who understand the risks because they manage and eliminate those risks for healthcare companies every single day.
Working with business associates is essential to the function of any healthcare organization, but you don’t have to take on that additional risk when you work with professionals who can help you evaluate those partnerships and keep patients safe.
by Felicien | Aug 2, 2019 | Education
Auto-Lock Your Computer In Windows 10
You may have been using Windows 10 for some time now, but it’s likely that you haven’t mastered all of its features just yet.
Do you know how to get your computer to automatically lock while you’re away from it?
It’s a feature included with Windows Hello. While you may already be using Windows Hello to unlock your computer with face recognition, you may not know about Dynamic Lock.
Here’s how it works – you configure Dynamic Lock to recognize a Bluetooth enabled device you keep on your person, such as your phone. After starting up, if that device goes out of range for longer than 30 seconds, your computer will automatically lock itself.
This feature allows you to get up and leave your computer unattended for short periods without having to worry about someone else snooping around your data.
Liking our weekly Windows 10 tips? Let us know by replying to this email.
by Felicien | Aug 2, 2019 | Education
Will Your Business Be Impacted by the End of Microsoft Exchange 2010?
Exchange 2010 has been a great program for businesses for many years, but its time is now winding down. Find out what this means for your business.
All good things must come to an end. For Microsoft Exchange 2010, that end will happen at a date in the very near future: January 14, 2020. Migrating away from an integral piece of business software can take some time, so if you’re not already planning this shift for your business it’s time to get started! While Microsoft is encouraging people to shift away from the perpetual license option and go towards Office 365, you can also move to Microsoft Exchange 2016 if you don’t want to move to the cloud. At the end of a product’s lifecycle, the manufacturer determines that the vast majority of individuals and businesses have already moved on to a new platform, and they stop providing new features, security and bug fixes, time zone updates and support. In today’s world, your email server is your first line of defense against malware and ransomware — making the lack of security updates a key reason for taking the time to upgrade before time runs out on your support.
What Does the End of a Software Lifecycle Really Mean?
As with most software companies, there are several stages in the lifecycle of Microsoft Exchange and other Microsoft Office products. They are generally defined as mainstream support, extended support and service pack support. Mainstream support is generally guaranteed for a minimum of five years after product ships and is valid while the vast majority of people are still actively using the platform. Extended support generally lasts another five years, and includes a more limited support infrastructure. There are limitations on the work that the software teams are willing to do on products in this stage of life: non-security hotfixes are not released and there are no new functionalities added to the platform. While the platform is still considered secure and supported, this stage is an indication that it’s time to start your search for what comes next. In the final stage, you only receive critical security updates and little else in terms of support.
Why It’s Time to Move On . . . Quickly
Exchange 2010 doesn’t support an in-place upgrade, meaning you’ll need to find the time and IT staff hours to migrate completely — setting up new servers and mailboxes if you decide to go the route of another perpetual license option. Moving to Office 365 may be a good option for your business, but there is still a bit of setup required before you can make this move. With only a few months left before security updates are no longer provided, many organizations are scrambling to be sure they beat the deadline and maintain a platform that is fully protected and receives regular security patches. Email is a mission-critical application for your business, making it crucial to ensure that you’ve made a decision and have a game plan in place long before January 2020.
Upgrade Options Available
There are a few different ways to get out of the woods if you’re still running Exchange 2010. It may seem intuitive to simply upgrade to Exchange 2013, but that product has already completed Phase I and II of its lifecycle and is no longer receiving cumulative updates. Exchange Server 2016 is a better option if you prefer to stick with perpetual licensing models, but the product is already several years old. Updating to the most recent version of Exchange 2019, which was released in late 2018, seems like the best option — but it’s important to note that you must first upgrade to 2016 before making the jump to 2019 versions. Moving to Exchange Server 365 may provide a range of benefits for your organization such as better integration, improved security and continuous updates but it’s also important to note that there are additional decisions to be made around the other aspects of Office online.
Finding the right solution for your business does take time and analysis, but it’s vital that you take the first steps soon to reduce the risk to your organization. Critical patches for Microsoft products are released on a fairly regular basis, and your business can be opened to cyberattackers if you miss a single update — much less several security updates. Completing your migration will provide your technology team with peace of mind knowing that your most important channel of business communication is fully protected by an up-to-date Exchange server.
by Felicien | Aug 2, 2019 | Education
Digital Disruption Forces Businesses to Rethink Staffing Strategy
See how rapid technological advances are revolutionizing how companies approach the structure of their workforces and new strategies for employee recruitment.
The remarkable pace of digital transformation has changed how businesses operate at every level. Companies today need to be nimble, taking a close look at emerging technologies, choosing the right investments and continuing to thrive in the face of constant disruption.
That means reexamining business models, processes used and, perhaps most critically, the nature of work and who (or what) does it.
Understanding staffing in the digital age means taking a strategic approach to personnel.
What Staffing Model Works in the Digital Age?
Traditional labor models are not always the right choice in the digital era. Major initiatives are conceived, launched and executed more quickly than ever, requiring companies to act nimbly. Leaders are shifting towards a model that’s both strategic and flexible.
The modern staffing model may include a mix of the following:
Permanent employees who focus on the most critical initiatives
Skilled contract employees that support the work, complementing permanent employees and providing talent not available internally
Specialists that provide additional capabilities and are available on an as-needed basis to complete high-value projects
This approach allows companies to be responsive, provide the right resources for time-sensitive and mission-critical work, and make key hires.
As a recent Deloitte report notes, HR offices are grappling with how to address personnel management in a digital age. “HR’s concerns will soon be revolving around the changing nature of the organization and employees becoming increasingly digital,” the report states.
Organizations must be mindful of the realities of work, including:
Digital trends that are pervasive, including cloud computing, social media, mobile connectedness, cybersecurity and data analytics
A multigenerational workforce that includes several generations whose entire lives have been digital in the same workplace with older employees whose technical comfort and skills may be lacking
Hyperconnected employees looking to blur the lines between work and personal lives
An emerging group of digitally skilled employees
Business models that are challenged by digital disruption and new competitors
Employee perceptions that they are the first consumers of and ambassadors for their employers’ brands
“HR needs to be more pre-emptive with regard to digital transformation as it plays an important role in shaping the organization’s digital identity,” cites Deloitte. “It is a challenge and a real complexity to plan future capabilities of a workforce in the digital economy.”
What Are the Challenges of Staffing in the Digital Age?
The greatest challenge is talent. For many highly skilled positions, competition is fierce, with potential employees having considerable leverage. Advanced data analytics, robotic process automation and cloud computing are just three needed areas where demand is high as companies seek to incorporate emerging technologies into business processes.
Recruitment is fiercer and requires more creativity than ever before. Companies are using a number of tactics to improve their hiring outcomes, including:
Pre-Employment Networking. Companies are forging relationships with potential candidates well before there are available openings. A focus on engaging potential talent may include providing insights into the company and its strategic plans, offering informational interviews, social gatherings and regular check-ins with a recruiter. Relationships forged early can lead to faster-hiring processes.
Digital Solutions. Digital labor platforms allow for integrated personnel management, connecting the primary HR functions under one roof. With recruitment, hiring, onboarding, training, development and evaluation in the same platform, it allows organizations to be more nimble and cohesive in employee matters. According to a recent McKinsey Global Institute report, using a digital labor platform can increase output by 9 percent, reduce employee costs by 7 percent and add 275 basis points to profit margins.
Flexibility. Many employees today expect to have a high level of flexibility in when, where and how they work. Remote employees can use digital technologies and powerful collaboration tools that keep them in contact with colleagues. A digital mindset in the HR office and throughout the organization makes companies more attractive to candidates.
Focus on Company Culture. Businesses today need to focus on corporate culture. Why? Because there is more information available about most workplaces. Sites such as Glassdoor provide detailed information about companies, including employee reviews that can paint a clear picture of how an organization treats its workers. “Top performers know their value and are growing more footloose as a result; many are going online to find new opportunities and to evaluate potential employers,” notes McKinsey.
Recruiting and retaining employees in the digital age requires employers to think very differently about their workforce. Flexible, creative and strategic approaches allow for better outcomes.
by Felicien | Aug 2, 2019 | Education
Daily Routine Offers Benefits that Lead to Better Outcomes
Discover the benefits of creating a daily routine, including improved productivity, reduced stress and better prioritization, and tips for structuring your day.
Apple CEO Tim Cook starts his day by waking at about 4 a.m. He spends the first hour of his day reading emails from Apple users and external people.
Next, it’s a stress-reducing trip to the gym.
The day is likely to involve Cook reading the majority of the 700 to 800 emails he receives.
When the day is done, he aims to get 7 hours of sleep at night.
The insights into how Cook plans and spends his day is just one example of the importance of having a daily routine.
Why Is A Daily Routine Important?
A daily routine provides more than structure to our busy, hurried lives. Among its myriad benefits:
Efficiency. A daily routine reduces the number of decisions that need to be made. It gives u structure as to what tasks will be completed and when.
Less Planning. Planned time takes some of the guesswork of what to do when. You can focus on “do” from the beginning of the day, instead of “plan.”
Help With Habits. A routine allows you to build new or fine-tune your old habits and break bad ones. Repetition of productive habits that replace bad habits provides better skills and a new source of confidence.
Productivity. A daily routine requires blocking out time when specific tasks will be done. Doing so, with scheduled focus on different work lets you check more off of your to-do list.
Improved Mental Health. Days that are chaotic and disorganized can derail not only your productivity but also your mental wellness. The human brain likes order and structure. Providing it will ease anxiety and give you a more positive outlook.
Prioritization. One significant advantage of a daily routine is the opportunity to prioritize what is most important to us. Set your goals and priorities and incorporate the time you need to work towards them into your routine.
Momentum. Repetitive routines have a benefit. With practice comes better skills, progress and momentum. Push that ball up the hill a little each day, get better at it and soon you’ll have reached the summit, no matter how steep the climb.
Less Procrastination. When a set of tasks and activities becomes truly routine, it makes it more difficult for procrastination to seep in. When you stick to your routine, you are able to eliminate the “maybe later” thinking that can disrupt progress, slow down projects and practice avoidance.
Reduced Stress. Our lives are hectic and that means more stress. Certainty and predictability can help lower your stress level and allow you to relax, especially if part of your routine is a regular sleep pattern. Consistency in when you go to sleep and wake up is better for maintaining a regulated internal clock.
Mastery. A daily routine allows you to become faster and more skilled at what you work on consistently.
Money Saved. A daily routine at the office and home can lead to cost savings. For your business, work is less likely to pile up and projects less likely to fall behind. On a personal level, routines help us not to plan our meals, organize our shopping an not have to make more expensive, last-minute or unnecessary purchases.
Found Time. Imagine the opportunity to give yourself more time by building into your daily routine opportunities for leisure, recreation, planned meals and breaks. It’s likely that by doing so, you’ll be able to have more time. That doesn’t mean that time needs to be scheduled immediately as part of your daily routine. It’s an opportunity to discover how you want to best use the new-found minutes or hours.
These benefits collectively give you the structure you need for further business success. According to a recent article in CEO Magazine, there are 7 elements to consider in building your routine:
Set a regular schedule for when you wake up and go to bed
Create routines for the start and end of your workday, such as doing a walkthrough of the office first thing in the morning or using the last 10 minutes of the day to plan the next
Factor in family routines such as school schedules and activities
Create blocks in your work schedule for tasks such as meetings, emails, project work or phone calls
Know your best time of day and use it for “focus time,” when you turn off and block out distractions and get your most important work done
Leave some wiggle room in your schedule to deal with the unexpected
Limit low-value task time like emails and returning calls that often are driven by others’ agendas
With an appreciation for the value of daily routines and a commitment to a structured day, your business and personal goals are closer to being met.
by Felicien | Aug 2, 2019 | Education
The Rise of MarTech: Navigating the Intersection of Marketing and Technology
Is your organization struggling with the intersection of marketing and technology? If so, you’re not alone — marketers everywhere are.
There is a crisis in boardrooms and offices around the world: who owns marketing technology? Is it the CIO or CTO, who doesn’t always understand how data is utilized by the marketing teams or best practices to provide an exceptional customer experience? Is it the CMO, who is struggling to stay abreast of how all the various tech options fit together — and managing complex projects while staying on top of marketing initiatives? Or are these professionals working to bring their teams together into a new hybrid that is still being defined? Welcome to the rise of MarTech: where marketing and technology intersect. It’s not always a pretty landscape, but many organizations are navigating through this season of change within the business.
Marketers Love Their Technology
Marketers are generally a creative bunch and are increasingly engaged with the selection of tech, especially as it relates to their specific job functions. Today’s data-driven CMOs are looking for ways to measure their advertising spend, analyze their marketing program results and create timely and relevant messages for their audience. This requires a great deal of integration between the trifecta of communications infrastructure: marketing automation, website CMS (content management systems) and CRM (customer relationship management) solutions. Some smaller organizations are able to utilize a single system for several of these functions, but there is still a level of complexity involved in scoping functionality, acquiring trusted vendors, creating timelines and ultimately approving the user stories and processes. Enter the IT team.
IT Teams Want to Retain Control
Marketers love their data, but IT teams have historically retained control of everything database-related. This tension is an ongoing one, and one that can cause frustration on both sides of the spectrum. Marketers are constantly driven by a need for change and finding the best possible solution for their business needs while technologists tend to take a more sedate path to find a solution. This can cause marketers to go off the reservation and create an unruly tangle of solutions that not only don’t work well together — they often don’t work at all, and might be a security risk besides! It’s incredibly challenging to keep track of the volume of change in the MarTech world, as new platforms are cropping up on a daily basis. In fact, it’s so convoluted that ChiefMarTech.com puts out an annual supergraphic of what it calls the “MarTech 5000“. The 2019 edition has a note showing that the completely illegible list is now made up of over 7,040 entrants in a range of sections broken down into:
Advertising & Promotion
Content & Experience
Social & Relationships
Commerce & Sales
Data
Management
Oddly enough, data and management are two of the smallest buckets but ones that likely contain some of the most powerful tools in marketing — or technology.
Managing Disruption
“Marketers are being asked to do more with less and so they buy into the digital hallucinates that are out there,” according to Former Commonwealth Bank and Foxtel chief marketing officer Andy Lark. There are hundreds of businesses selling little more than “smoke and mirrors” instead of digging deep into the reasons that MarTech can work for the business. This means looking at the core business and marketing functionalities that are needed, a place where IT professionals and marketers can come together as they’re defining requirements instead of waiting for salespeople to come to them. No matter how easy technology salespeople say it is to manage these massive MarTech systems, there are still technical requirements that will end up either back in the hands of your IT department or with marketers needing the ongoing support of external technical staff. Either of these solutions can cause disruption to the business, which is why it’s critical that marketing and technology teams work in lockstep to determine which — if any — new platforms are implemented in the near future.
Even adding a simple module to SalesForce, Adobe or Oracle can have unintended consequences, especially when it comes to data privacy and security — a top concern for IT and marketing alike. The recent spate of legislation around privacy reminds senior leadership that this must be kept top of mind and managed actively. That can be difficult if organizations are saddled with a makeshift raft of platforms that float together well as long as the waters are not bumpy. When you need to track the specific actions of individuals through various systems, IT pros and marketers alike will be reminded that sometimes “less is more” when it comes to new systems and integrations.
