Archives for 2021

Sheridan Capital Partners-backed DAS Health Acquires Itentive, LLC
In the news

CHICAGO, IL, Dec. 12, 2021 – DAS Health Ventures, LLC (“DAS Health”), a portfolio company of Sheridan Capital Partners (“Sheridan”), recently announced the acquisition of Itentive, LLC (“Itentive”). Itentive bolsters DAS Health’s ability to improve the healthcare experience by delivering high value health IT and business solutions to physician practices and hospitals. The partnerships expand DAS’s MSP presence and introduce new value-added consulting and support services. DAS Health originally partnered with Sheridan in February 2021 and now serves nearly 2,500 clients and over 25,000 users nationwide.

Founded in 2003 as a health IT consultancy and value-added reseller of PM/EHR products, Itentive evolved to provide a complete suite of consulting, managed services and proprietary solutions to its physician practice customers which help them improve patient care, enhance the patient experience, and maintain a financially healthy practice. The partnership with Itentive further entrenches DAS as an MSP provider of choice, expands DAS’s EHR/PM relationships, and simultaneously diversifies its customer base.

“Bringing the entire Itentive team into the DAS Health family is an exciting opportunity” says Jon Thomas, CEO of Itentive. “The breadth and depth of our combined expertise, managed services, and solutions portfolio, along with a shared vision and culture, will enable us to expertly serve a wide range of healthcare clients.”

“We are thrilled to partner with Itentive to continue improving the overall healthcare experience by providing the highest quality health IT and business solutions.” says David Schlaifer, CEO of DAS Health. “Itentive’s service offerings complement our business perfectly and enhance our position as a go-to MSP provider across the entire small, midsize, and enterprise level physician practice network spectrum.”

Established in 2003, DAS Health is an experienced provider of healthcare IT management solutions and services and a trusted consultant to independent physician groups, hospitals, and healthcare systems across North America. With offices in Florida, Illinois, Ohio, Nevada, New Hampshire and Texas, and employees in many other key states, DAS delivers superior Health Information Technology (HIT), MSP, cybersecurity, RCM medical billing, value-based care, patient engagement, compliance, and practice management solutions for over 25,000 users nationwide.

ABOUT DAS HEALTH

DAS Health has been an experienced provider of healthcare IT management solutions and services and a trusted consultant to independent physician groups, hospitals, and healthcare systems across North America since 2003. With offices in Florida, Nevada, New Hampshire and Texas, and employees in many other key states, DAS delivers superior Health Information Technology (HIT), MSP, cybersecurity, RCM medical billing, value-based care, patient engagement, compliance, and practice management solutions for over 25,000 users nationwide.

ABOUT SHERIDAN CAPITAL PARTNERS

Sheridan Capital Partners is a Chicago-based healthcare private equity firm that focuses on lower middle market buyouts and growth equity in the U.S. and Canada. Sheridan partners with companies in the verticals of providers and provider services, healthcare IT and outsourced services, and consumer health and medical products, bringing strategic resources to accelerate growth, build enduring value, and achieve strong results.

67% of Healthcare Organizations Hit By Ransomware
In the news

The Traverse City, Mich-based Ponemon Institute, an independent research firm, recently released a report entitled “The Impact of Ransomware on Healthcare During COVID-19 and Beyond.” The report is sponsored by the Boston, Mass.-based Censinet.

The report was commissioned by Censinet, a third-party risk management platform for healthcare providers, due to the large rise in patient care organizations, which the report refers to as health delivery organizations (HDOs), contacting the company after ransomware attacks or other cybersecurity incidents, and the attacks’ relationship to the COVID-19 pandemic. Additionally, Censinet noticed that much of the coverage of healthcare cybersecurity issues were not focused on patient care and the company was looking for additional parallels to the increase in third parties that are an essential part of the care process.

Significantly, fully 67 percent of patient care organizations have now been victims of ransomware attacks, with 33 percent having already been hit at least twice.

According to the report, “The Ponemon Institute surveyed 597 HDOs for this report, including integrated delivery networks, regional health systems, community hospitals, and more. The Ponemon Institute conducted the research, analyzed the results, and produced the report. Ponemon is one of the top independent research firms for the healthcare industry. It was 100% independent. Censinet had no role in the research and did not have access to or know any of the participants.”

Further, “The purpose of this research is to understand how COVID-19 has impacted how healthcare delivery organizations protect patient care and patient information from increasing virulent cyberattacks, especially ransomware. Prior to COVID-19, 55 percent of respondents say they were not confident they could mitigate the risks of ransomware. In the age of COVID-19, 61 percent of respondents are not confident or have no confidence.”

Key findings from the report include:

  • When asked about what impacts ransomware had on patient care, 71 percent of respondents reported a longer length of stay and 22 percent reported an increase in mortality rate
  • When asked about the biggest concerns about ransomware resulting from their organization’s third-party risk management program (three responses could be selected), 54 percent said patient safety, 53 percent said care disruption, and 45 percent said ransomware
  • When asked what actions respondents were taking to ease their concerns (more than one response was permitted), 50 percent said outsourcing part or all of the functions to a managed service provider, 46 percent said allocating more budget toward risk management, and 44 percent said they were looking for automated solutions to improve efficiency
  • When asked about the biggest barriers to achieving their organization’s vendor risk management objectives (three responses were allowed), 47 percent said complexity of technologies that support vendor risk management, 44 percent said difficulty hiring personnel with the right skills, and 43 percent said lack of cooperation and collaboration among various departments
  • Sixty percent of those surveyed reported credential theft increased when asked about what type of cyberattacks had increased since COVID-19, 55 percent said compromised/stolen devices, and 43 percent said account takeover (more than one response was permitted)

The report has several recommendations for mitigating ransomware and third-party risks. “Ensure critical steps for identifying and mitigating third-party risks are in place,” the report states. “Sixty percent of organizations represented in this research had a data breach in the past two years, resulting in an average of 28,505 records containing sensitive and confidential information compromised. According to the research, organizations can only partially evaluate the various threats targeting their assets and IT vulnerabilities. They also lack the capability to continuously monitor vendor risks.”

What’s Next for Healthcare Technology Trends
In the news

When the pandemic hit in full force last March, healthcare organizations had to pivot overnight. What was once impossible became necessary, and what was once unlikely became an everyday occurrence. While this disruption came with growing pains — health organizations faced supply, staff and support shortages for months on end — the World Economic Forum notes that “the industry’s response has vividly demonstrated its resilience and ability to bring innovations to market quickly.”

In other words, the proverbial cat is out of the bag — and there’s no putting healthcare innovation back once pandemic pressures ease. Here’s a look at four key technology trends healthcare enterprises can expect in 2021 as COVID-19 comes under control.

Learn more about how our solutions can help your practice 

1. Predictive Analytics in Healthcare

Although the first few months of the pandemic came with unparalleled uncertainty, ongoing work into the causes, mechanisms and mortality of the disease have yielded valuable healthcare data. By the beginning of December, researchers from the John Hopkins Bloomberg School of Public Health had developed a COVID-19 mortality risk calculator to estimate the potential of severe outcomes for individuals and inform vaccine rollouts.

According Susan Snedaker, information security officer at Tucson Medical Center and interim CIO for TMC HealthCare, this is just the beginning for predictive analytics.

“There’s a lot of opportunity here,” she says. “Teams have improved their disease tracking and risk management. As information evolved, a lot of people were digging into the data to see if they could predict outcomes for patients or treatment plans that were being created on the fly. They saw the value of quick-moving data.”

She anticipates that after the pandemic passes, the value around predictive analytics in healthcare will remain, but adoption “will be slower and more thoughtful.”

RELATED: Dr. Patrick McGill on what’s next after COVID.

2. IoMT: Connected Medical Devices Support Proactive Health Care

The Internet of Medical Things (IoMT) also gained significant ground during the pandemic, allowing providers to deliver proactive care at a distance. Applications have ranged widely, from connected wearables that report critical patient data to the deployment of “smart beds” in hospital settings to improve patient comfort.

The uptake of connected devices and digital health technologies went better than expected, says Snedaker.

“There was a widespread notion that people would be resistant to digital communication, but what healthcare pros realized was that families and patients liked brief, more frequent updates,” she says.

For TMC, this was reflected in the adoption of a connected device initiative that allowed operating room staff to quickly send patient status updates via group chat to a set of selected family members. These texts were prewritten, brief and one-way; information, not conversation, was the goal.

According to Snedaker, it worked. “We found these brief, frequent updates brought comfort to families, and we found the patient experience was better overall.”

3. Future Telehealth Advances Will Deliver the Best of Both Worlds

Together, many of the shifts that have taken place have moved the needle toward a more patient-focused experience of healthcare delivery.

“The pandemic pointed to the need for patient-centered healthcare,” says Stephanie Willding, CEO of CommunityHealth, the nation’s largest volunteer-based free medical facility. “Before the pandemic, there were many ways the industry wasn’t operating in a patient-centered way.”

One challenge that CommunityHealth had to overcome was pivoting operational approaches on the fly to account for the recall of volunteer providers to their primary care facilities. However, says Willding, the adoption of virtual visits has proved advantageous.

“Our no-show rate has gone from 18 percent to 5 percent,” she says. “This approach is now core to our model of care, with 40 percent of visits by video or phone.”

Although many providers expect the expansion of telehealth to persist even after patients and providers can safely meet in person, they also expect this technology-driven approach to undergo its own evolution. For Willding and CommunityHealth, this means combining low-tech solutions such as standard blood pressure cuffs with video tutorials, allowing patients to self-report key data.

Such solutions will be essential for healthcare organizations serving distributed, disparate populations who may lack access to unlimited smartphone data or high-speed broadband internet.

MORE FROM HEALTHTECH: See how 5G could modernize healthcare.

4. New Cybersecurity Concerns Increase Cloud Adoption in Healthcare

Changes in care delivery models also have implications for associated IT infrastructure, with cybersecurity concerns pushing some organizations to the cloud.

At TMC, a major transition to the cloud is underway, says Snedaker.

“We’re seeing articles about security gaps, and it’s because healthcare has primarily kept data on-premises,” she says. “As we deploy telehealth, infrastructure security becomes more important and more elusive. There’s no edge anymore — infrastructure is very porous.”

To solve for evolving cybersecurity issues in healthcare, Snedaker recommends that organizations shift both their technology and mindset.

“Not all organizations can keep up with the security learning curve,” she notes. “Moving to the cloud is no different than buying brand new technology for your on-premises data center and not knowing how to use it.”

In other words, simply deploying the scope and scale of cloud resources necessary to support tech-driven healthcare initiatives isn’t enough by itself. IT staff must be prepared to address common challenges, such as distributed denial of service attacks and ransomware, along with more targeted threat vectors such as COVID-19 vaccination scams.

For healthcare organizations, the new normal that’s on the horizon will come with an increased focus on technology-driven solutions to help better predict patient outcomes, increase consumer connectivity, embrace evolving telehealth expectations and defend the next generation of medical IT infrastructure.

Willding puts it simply: “It’s time to rethink space and place to deliver improved, patient-centered care.”

Healthcare Industry has Highest Number of Reported Data Breaches in 2021
In the news

Data breaches declined by 24% globally in the first 6 months of 2021, although breaches in the United States increased by 1.5% in that period according to the 2021 Mid-Year Data Breach QuickView Report from Risk-Based Security.

Risk Based Security identified 1,767 publicly reported breaches between January 1, 2021 and June 30, 2021. Across those breaches, 18.8 billion records were exposed, which represents a 32% decline from the first 6 months of 2020 when 27.8 billion records were exposed. 85% of the exposed records in the first half of 2021 occurred in just one breach at the Forex trading service FBS Markets.

Learn more about how our security services can help your practice 

The report confirms the healthcare industry continues to be targeted by cyber threat actors, with the industry having reported more data breaches than any other industry sector this year. Healthcare has been the most targeted industry or has been close to the top since at least 2017 and it does not appear that trend will be reversed any time soon. 238 healthcare data breaches were reported in the first 6 months of 2021, with finance & insurance the next most attacked sector with 194 reported incidents, followed by information with 180 data breaches.

The report shows there have been significant shifts in data breach trends in 2021. While data breaches have declined globally and have remained fairly constant in the United States, there has been a marked increase in ransomware attacks. Risk Based Security recorded 352 ransomware attacks in the first 6 months of 2021 and, if that pace continues, the number of attacks will be significantly higher than 2020.

Ransomware attacks are extremely costly in healthcare due to the long period of downtime, and without access to medical records patient safety is put at risk. This is of course known to ransomware gangs. The reliance on access to data and the high cost of downtime increases the probability of the ransom being paid.

In 2020, data breaches started to take longer to be reported and that trend has continued in 2021. This is in part due to the increase in ransomware attacks, which can take longer to investigate, but even taking that into account there were many cases when breach notifications took an unusually long time to be issued and that has started to attract attention from regulators.

“Ransomware attacks continue at an alarming pace, inflicting serious damage on the victim organizations that rely on their services,” said Inga Goddijn, Executive Vice President at Risk Based Security. “The slow pace of reporting brought on by lengthy incident investigations has not improved and attackers continue to find new opportunities to take advantage of changing circumstances.”

The majority of reported breaches (67.97%) were hacking incidents, with only 100 (5.66%) due to viruses, and just 45 email incidents (2.55%). There were 76 web breaches reported (4.30%); however, they resulted in the highest number of records being breached.

Data breaches that exposed access credentials such as email addresses and passwords have remained consistent with other years, with email addresses exposed in 40% of breaches and passwords in 33%. The majority of reported breaches in 2021 were the result of external threat actors (78.66%), with 13.75% caused by insiders. Out of the confirmed insider breaches, the majority were accidental (58.85%), with 18.52% caused by malicious insiders.

Risk Based Security also notes that breach severity is increasing. Large numbers of data breaches have been reported in 2021 that involved sensitive data, which is a particularly worrying trend.

How to Strengthen Your Healthcare Data Security with Software
In the news

Thanks to the pandemic, more and more patients have begun to engage with their healthcare digitally. That has a lot of far-ranging implications, from new and heightened expectations placed on younger medical providers to a new set of standards for patients when it comes to convenience and ease of engagement with their healthcare organization.

One other major implication of this new world we’re living in is the critical importance of healthcare data security.

Learn more about how our Managed IT services can help your practice 

According to a recent Software Advice survey of nearly 1,000 U.S. patients, one in five have had their healthcare data exposed in a security breach.

Experiencing a data breach or cyberattack is a massive blow to any healthcare organization, but it is exponentially more difficult to recover from if you’re a smaller, independent practice.

This is why it’s crucial for small practices to have the right data security software in place to protect your patients and your practice against data risks. In this article, we’ll cover specific HIPAA data security requirements, two types of software you should invest in to protect your data (EHRs and cloud security software), as well as specific features that make data security software so valuable.

How to meet HIPAA requirements for healthcare data security

Thanks to HIPAA, a lot of healthcare data security standards have already been established, so for many practices, it comes down to following these guidelines.

According to the HIPAA Security Rule, healthcare entities are expected to conduct internal risk assessments in order to test their data security protocols, as well as implement security programs to protect their sensitive data.

Security programs are comprised of three distinct safeguards:

  • Administrative
  • Physical
  • Technical

It’s easy to get hung up on the last one since there are tons of cybersecurity systems available, but let’s take a closer look at the first two elements before diving into software.

Administrative safeguards to protect patient data

One of the most common causes of healthcare data breaches is unauthorized access or disclosures. In layman’s terms, that means employee error and/or negligence as well as malicious employees.

This is a great reason to install specific administrative protocols that prevent employees from mishandling patient data.

Here’s a quick summary of these administrative best practices:

  • Device management: Keep all computers, tablets, and mobile devices used to access patient data up to date and secure.
  • User-based controls: Limit who can access patient data and implement strict password protocols to hold users accountable for carefully accessing private data.
  • Team training: Conduct regular training and refresher sessions to ensure employees have a firm understanding of the importance of data security as well as best practices.
For a detailed look at administrative practices any healthcare organization can employ to avoid a data breach, check out “Best Practices for Avoiding HIPAA Violations in Healthcare.”

Physical safeguards to protect patient data

HIPAA requirements include physical safeguards to protect patient data.

These are defined as “physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.”

So this element of a strong data protection plan is two-pronged:

First, you must ensure your data will not be destroyed by natural disasters such as flooding or fire. In 2021, that generally means keeping patient data secured in the cloud rather than on hard physical copies.

Second, you must have physical barriers in place to prevent unauthorized individuals from accessing your patient data. That can be as simple as having a lockable door between the outside world and the devices you use to access and record patient data. It can also mean securing those devices with strong passwords.

Software: the healthcare security heavyweight

Finally, let’s bring out the big guns and discuss the software systems that can help protect you and your patients from data security breaches. We’ll take a look at the two most important types of software to ensure data protection:

EHR security features

Using an EHR with the right security features will go a long way in keeping you and your patients’ data protected. Fortunately, most certified EHRs come with standardized features to achieve this goal. Those feature to look out for are:

ONC-ATCB certification. This means the tool has been tested on three key areas by an Authorized Testing and Certification Body that has been recognized by the Office of the National Coordinator. Those three key areas are functionality, interoperability, and security—that’s right! If an EHR is ONC-ATCB certified, that means it has passed tests confirming it has security measures in place to keep protected health information (PHI) safe.

Audit trails. This feature tracks and documents every action taken with patient information, including who accessed the data, where and when they accessed data, and what changes they made once they accessed it.

Password protection. This includes robust controls such as lockout features that will bar access if the wrong password is entered too many times and two-factor authentication to ensure the right person is using the password to access protected data.

Data encryption. Not only can data encryption make transferring patient data more secure (by only allowing recipients with the right access key to decipher the data), it can also be very helpful in the event that data is stolen as it will make it harder for the thief to actually read your data.

Cloud security software for healthcare providers

If a secure EHR is one side of the data security software coin, cloud security is the other side.

The beauty of a cloud security system that is specifically geared towards the healthcare industry is that it automates so many processes associated with data security. For example, HIPAA requires covered entities (e.g., medical practices) to run regular risk assessments in order to identify any vulnerabilities and address them.

Most HIPAA-compliant cloud security systems are capable of running these assessments automatically. Some other common features of this type of software include:

  • Threat detection and response: Using analytics and other tools, software can identify attacks as they’re happening and also help users respond immediately to protect their data.
  • Malware protection: Software actively searches for malicious software or code, viruses, trojans, worms, etc.
  • File integrity monitoring: Ensures all files are secure and protected against unauthorized access or changes.

For small, independent practices that are delving deeper into the digital healthcare experience, having these robust security tools in place will go a long way to protecting patient data. They’ll also provide peace of mind, which is a valuable commodity in this day and age.

Choosing the right data security software

Some practices already have secure EHRs and cloud security systems in place. Some are working with a good EHR, but haven’t installed a cloud security system. Others are starting completely from scratch.

Regardless of your situation, it’s a good idea to run an assessment on your current software security stack to make sure you’re covered. If you identify any gaps in your EHR security features or cloud security system, it’s wise to get those covered as quickly as possible.

How Technology can Improve Cybersecurity in Healthcare
In the news

While we like to think that healthcare organizations always have our best interests at heart, they are treasure troves of private patient data. That information is alluring to hackers and cybercriminals. When not protected, the theft of patent data can be incredibly damaging to the patients and the organization itself. So, it is within the best interest of all healthcare entities to do what they can to keep that data secure.

Luckily, while hackers continue to create new ways of stealing information, the tech industry has been keeping up as well. Due to these advancements, there are now methods that organizations can use to make data security a priority once again. Let’s look at the common threats and how healthcare administrators can defend their systems and protect their patients.

Learn more about how our Cybersecurity services can help your practice 

Why is Healthcare at Risk?

The healthcare industry is at constant risk of a cyberattack, and the reason for this is simple. Every time a new patient comes in for care, they fill out forms and provide a wide breadth of information to the administrator, which often includes anything from birth dates and social security numbers to places of employment and pre-existing conditions. Any of this information can be used for malicious means. Emails and names can be used to send phishing emails. Hackers can use social security numbers to take out fraudulent loans. And any of this information can also be sold on the dark web for other criminals to use for their own unsavory practices.

Another reason that hackers intentionally target medical practices is that they know that many doctors, nurses, and administrative professionals don’t take cybersecurity as seriously as they should. Recent studies show that four out of five physicians have been the victim of cyberattacks and phishing emails, and only 20% of small medical practices have any form of cybersecurity protection at all. This is often because doctors hold the physical health of their patients as the priority and fail to see data breaches and cybercrime as the dangerous threats they can truly become.

All medical establishments need to understand the risks of cybercrime. It is essential not only for the protection of their clients but also to comply with the guidelines required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Along with the act, the HIPAA security rule states that healthcare organizations must put protections in place to ensure that patient data is not stolen or lost due to faulty systems or employee negligence.

As you can see, there are many reasons to protect patient data, and employee training and technology are the answers.

You can make sure your employees will go through the cybersecurity education process smoothly by making it engaging.

Tech to the Rescue

The tech used to diminish potential cybersecurity risks has grown by leaps and bounds over the years. As a start, artificial intelligence (AI) is becoming a major tool for protecting healthcare companies and other industries because when hackers repeatedly attempt the same tactics, AI can catch the pattern and block the intrusion. On the other side of the coin, if a threat goes against the usual pattern, AI can also catch that. While it is a great tool, hospitals first need to put the technology into effect to benefit.

Recently, ransomware has become a larger threat to healthcare systems. This is a tactic used by hackers to access your system and then prevent usage of the machines and data until a sum of money is paid to the criminals. This can be especially dangerous when surgeries and other operations are being conducted, as the inability to help the patient could result in their death. While it won’t solve the entire issue, having operational backup systems could be lifesavers. If all data is backed up on a separate server, it could allow the hospital to access the data from there instead of giving in to the hacker’s demands. After that, the authorities should be contacted.

A common cybersecurity threat that affects many industries is the phishing attack, which often occurs in email. This strategy creates a communication that looks to be legitimate but instead contains a link or attachment, that when clicked or opened, creates a doorway between the victim and the hacker, and from there, they can cause damage to the system. It can be easy for admins and doctors to fall for phishing scams at a busy hospital, so put tech to use via email filtering tools. These programs, such as SpamTitan and Spam Bully, will block unwanted messages while also scanning any attachments for threats. It is simple and easy to install these programs, but their protection cannot be underestimated.

Common Sense Tech Solutions

Even if a healthcare organization installs some of these tech solutions, they are powerless unless they are also protected, keeping them secure with smart passwords and two-factor authentication. To provide the best protection, passwords should include a combination of letters, numbers, and special characters. They should also be changed routinely every couple of months. On top of a good passcode, two-factor authentication will provide an extra layer of security, with an additional randomly generated code that is also entered, which hackers will not be able to identify.

The implementation of basic security software can go a long way to protecting your data. This includes putting a firewall in place and encrypting all new data that is entered into the system. Antivirus software can protect hospital computers against a myriad of cyber threats, from malware to ransomware scams. Keep in mind that antivirus software can only be truly effective if it is updated whenever a new version becomes available as it will detect the newest threats.

To be truly protected, a healthcare organization must secure all of its devices, not just the mainframe computers. That means also protecting mobile devices at all costs. If possible, phones and tablets should not be used outside of the hospital, and if they are, they must also be password protected. A good way to have all-around security is by installing a virtual private network (VPN), which will disguise the location of all devices and encrypt the data within automatically so it cannot be used even if stolen.

The need to protect our healthcare industry against cyberthreats is of utmost importance, and with smart tech and streamlined security practices, it can be accomplished. Give your patients peace of mind when they use your services by implementing these strategies today.

Learn more about how our Cybersecurity services can help your practice 

Full Article

What is Social Engineering and how can you avoid it?
In the news

What is social engineering?  In a nutshell, it is a technique to hack humans.  It is the psychological manipulation of human nature used to trick people into divulging sensitive information like usernames, passwords, or other information that can be further leveraged in an organization to gain legitimacy and trust.  Common forms of social engineering are phishing emails, vishing (voice phishing), smishing (phishing via text messages), and fake alert pop-ups on websites that warn you have a virus.

More than likely, you have experienced these sorts of social engineering attacks first-hand.  Why are these types of attacks so successful?  It uses proven psychological manipulation techniques that take advantage of our very nature as human beings living in a community.  In most cases it is easier for a malicious actor to hack a human rather than hack a deeply technical vulnerability on a company network.  Why go through all the trouble of writing an exploit program to hack a firewall when you can just send out a few well-crafted and highly targeted spear phishing emails, or call the company and pretend to be a member of the IT department and get all the information you need to access a network?

Best methods to combat social engineering attacks

Your users are your best line of defense.  Give them the tools they need to recognize and defend against social engineering.  Security Awareness Training is very effective at reducing vulnerability to social engineering methods.  A combination of ongoing phishing testing and educational training modules to keep all users at a heightened awareness level is very important.

Multi-factor authentication.  Because humans are human, there will be occasions where they may accidentally and unknowingly divulge a password in a social engineering attack.  With the 2nd factor of authentication required to access any system, it makes it much more difficult for a hacker to use the password to access any resources.

Written by: Michael Spurr, MSP Manager

Cyberattack Hits World’s Largest Meat Supplier
In the news

The world’s largest meat processing company has been targeted by a sophisticated cyber-attack.

Computer networks at JBS were hacked, temporarily shutting down some operations in Australia, Canada, and the US, with thousands of workers affected.

The company believes the ransomware attack originated from a criminal group likely based in Russia, the White House said.

 See how our Cybersecurity can help. 

The attack could lead to shortages of meat or raise prices for consumers.

In a ransomware attack, hackers get into a computer network and threaten to cause disruption or delete files unless a ransom is paid.

The White House says the FBI is investigating the attack.

“JBS notified [the White House] that the ransom demand came from a criminal organization likely based in Russia,” White House spokeswoman Karine Jean-Pierre said on Tuesday.

“The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals,” she added.

On Wednesday Russia’s Deputy Foreign Minister Sergei Ryabkov told local media the Biden administration had been in contact with Moscow to discuss the cyber-attack.

JBS said it had made “significant progress” in resolving the cyber-attack and hoped the vast majority of its plants would be operational on Wednesday.

The company said on Monday that it suspended all affected IT systems as soon as the attack was detected and that its backup servers were not hacked.

The United Food and Commercial Workers’ Union, which represents JBS plant employees, has urged the company to ensure workers still receive their pay.

IT systems are essential in modern meat processing plants, with computers used at multiple stages including billing and shipping.

According to the trade group Beef Central, “supermarkets and other large end-users like the McDonald’s burger patty supply network will be some of the most immediately impacted customers, due to their need for consistent supply”.

JBS’s five biggest beef plants are in the US, and the shutdowns have halted a fifth of meat production there, according to Bloomberg.

Plants in Australia and Canada have also been affected but the company’s South American operations have not been disrupted.

Last month, fuel delivery in the southeast of the US was crippled for several days after a ransomware attack targeted the Colonial Pipeline. Investigators say that attack was also linked to a group with ties to Russia.

Colonial Pipeline has confirmed it paid a $4.4m (£3.1m) ransom to the cyber-criminal gang responsible.

The US government has recommended in the past that companies do not pay criminals over ransomware attacks, in case they invite further hacks in the future.

 See how our Cybersecurity can help. 

View Original Online Article

 

Cybersecurity Outsourcing: Unnecessary Cost or Clever Investment?
In the news

The last 14 months have only reiterated that cybersecurity is not an issue we can ignore, and given that it is ever evolving, is certainly not an area that businesses can afford to scrimp on. Cybercrime has not disappeared in this time of adversity, instead hackers are thriving off the dispersed workforce, over-complex networks and increased vulnerabilities caused by the rise in personal and unsecured end-devices being used for work. Furthermore, the potential consequences of cybercrime are becoming increasingly severe, for example the string of attacks against bodies involved with the COVID-19 vaccine rollout, including pharmaceutical companies, the cold storage supply chain transporting the vaccine and the European Medicines Agency.

See how our Cybersecurity can help. 

An Extension to the Team to Address the Skills Gap

As cybercrime becomes ever more complex and sophisticated, it is impossible for in-house SecOps teams to harness a high enough level of expertise to sufficiently shore up their company’s defenses; while the cyber-skills gap is shrinking, employment in this field still needs to grow by 89% globally. SecOps teams need an extremely high level of expertise and resource to secure a business from phishing, malware, ransomware, hacking, DDoS attacks and the various IT vulnerabilities that continue to emerge. Employing individuals with this depth of knowledge in-house is simply not achievable given the skills gap, and the resources that are available have been forced to mix and match roles to support the remote work environment driven by the pandemic. Therefore, outsourcing cybersecurity not only seems like a smart decision for businesses, but it may also become an essential consideration in an environment lacking cyber-skills, but saturated with cybercrime.

Moving from Reactive Response to Proactive Mitigation

Outsourcing cybersecurity not only addresses any resource management issues but transforms your security strategy from reactive response to proactive mitigation. Hammersmith Medicines Research (HMR) fell victim to a high-profile security breach by MAZE group at the height of the COVID-19 outbreak, incentivizing them to outsource their cybersecurity solutions. After extensive penetration testing and threat analysis, HMR made the decision to implement a dedicated SOC – an outsourced solution that constantly monitors activity on their network, identifies vulnerabilities in real time and works to proactively improve security. While these measurements were initially a reactive response to a cyberattack, their infrastructure is now better protected long term against future attacks, while MTTD is reduced significantly and risks can be mitigated before they become serious problems.

Balancing Benefit Versus Cost

As social distancing restrictions ease and the economy enters its recovery phase, the board of any organization faces tough decisions about what disciplines and technology to invest in that will see a tangible return for their business. But when it comes to cybersecurity, the question must be can you afford not to invest when it comes to safeguarding your organization? The cost of investing into cybersecurity is far less than the cost of a security data breach. For example, the average cost of a breach to a UK organization is between £600K-£1.15m, not to mention the significant cost to a business from any reputational damage. Additionally, many organizations would simply not survive a security breach after the financial struggles from the last 12 months.

So, if a 24/7 SOC is the ideal cyber-solution, why are businesses not implementing them internally? The simple answer is that an in-house SOC will put a company back £500,000 on average, and even then it is unlikely to be monitored around the clock, which is when mistakes creep in and hackers take advantage. If this service is outsourced, with experts tracking any suspicious activity even while an organization sleeps, it becomes a much cheaper and more effective defense solution for businesses.

What’s more, investing in an external SOC will ultimately reap benefits for an organization’s internal NetOps and SecOps teams. Rather than consistently overstretched and overworked IT teams juggling digital transformation initiatives and cybersecurity monitoring, these professionals can be freed of the need to protect and monitor their networks. Instead, outsourced cybersecurity teams will take responsibility for threat detection, enabling those within the organization to upskill and push forward with improving internal processes and growing business capabilities.

Cyber-criminals are unfortunately only becoming more sophisticated. According to Deloitte, attackers are using COVID-19 as bait to impersonate a number of different companies and misleading employees, which is ultimately resulting in more infected devices and opportunities to spread ransomware. Therefore, it is imperative that organizations prioritize their digital defense strategy. By outsourcing their security to experts, business leaders may finally gain much needed confidence that their networks are protected.

 See how our Cybersecurity can help. 

View Original Online Article

 

Warning of Revenue Risks as Healthcare Cyberattacks Increase
In the news

A report this week from Moody’s Investors Service found that cyber risk will likely remain high for the healthcare sector, leading to the potential for lost revenue, increased expenses and elevated scrutiny.

“The large amount of sensitive patient data held by the industry will make it a rich target for attacks, particularly in the form of ransomware,” researchers predicted.

 See how our Cybersecurity can help. 

Still, they said, “for many, credit risk will be mitigated by healthcare systems’ strong liquidity and large scale, which often allow for the continuation of critical patient care amid cyber-related disruption.”

WHY IT MATTERS

The increased reliance on digital health technology has expanded innovation and access, particularly during the COVID-19 pandemic.

At the same time, Moody’s notes, it leaves the healthcare sector susceptible to attacks.

“While there is no way to fully prevent cyber breaches, the expanding adoption of remote care, or telehealth, during the COVID-19 pandemic will yield additional vulnerabilities, as potentially unsecured devices will be used to access health system networks,” wrote researchers in the report.

Moody’s pointed to ransomware as a particular danger, flagging the vast amounts of healthcare providers’ sensitive data as juicy prizes for bad actors.

“Hackers assume providers will need to restore access to patient data quickly to ensure continuity and confidentiality of patient care,” said the report.

Although the Federal Bureau of Investigation recommends that victims not pay ransom, Moody’s researchers observed that “ransomware offers hackers the possibility of a large payout after conducting an attack, as they demand payment for allowing files to be restored and preventing the release or sale of stolen data.”

A self-reported issue survey found that not-for-profit healthcare issuers’ investment in cybersecurity is on par with that of state and local governments, but that it trails other infrastructure sectors such as banks and electric utilities.

Looking forward, Moody’s says healthcare systems will need to deploy additional resources to thwart future cybersecurity breaches, secure their networks from third-party vendor access points – as well as internal vulnerabilities – and step up cybersecurity financial investments.

“Efforts to invest in cybersecurity will potentially get a boost at the federal level,” wrote researchers.

“The Biden administration has made cybersecurity a major focus, proposing legislation that would provide local, state, tribal and federal governments with funding to combat cyberattacks,” they wrote.

“In addition, President Biden has signed an executive order aiming to reduce cyber risk exposure of the federal government, its software vendors and by extension other private-sector customers that are part of vendors’ software supply chains,” they added.

THE LARGER TREND

Although tracking cybersecurity breaches can be challenging, Moody’s cited a number of high-profile incidents in its evaluation of the landscape.

Those events included attacks on Scripps Health and Universal Health Services, as well as disruptions to services stemming from third-party vendors such as Blackbaud.

And more reports are likely to come: The FBI recently warned of Conti ransomware attacks, which were behind recent outages at Ireland’s health service.

ON THE RECORD

“The growing interconnectedness of healthcare delivery and technology will continue to leave the sector vulnerable to breaches, as will its extensive use of third-party software vendors for clinical, billing and numerous other functions,” wrote researchers.

 See how our Cybersecurity can help. 

View Original Online Article

 


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.

Please complete the sign in form below.

[contact-form-7 404 "Not Found"]

Please complete the sign in form below.







    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.



    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.

    Enter code DAShealth to view video.
    CONTACT YOUR ACCOUNT MANAGER TODAY FOR MORE DETAILS!