Tag: DAS Health

How Technology can Improve Cybersecurity in Healthcare

While we like to think that healthcare organizations always have our best interests at heart, they are treasure troves of private patient data. That information is alluring to hackers and cybercriminals. When not protected, the theft of patent data can be incredibly damaging to the patients and the organization itself. So, it is within the best interest of all healthcare entities to do what they can to keep that data secure.

Luckily, while hackers continue to create new ways of stealing information, the tech industry has been keeping up as well. Due to these advancements, there are now methods that organizations can use to make data security a priority once again. Let’s look at the common threats and how healthcare administrators can defend their systems and protect their patients.

Learn more about how our Cybersecurity services can help your practice 

Why is Healthcare at Risk?

The healthcare industry is at constant risk of a cyberattack, and the reason for this is simple. Every time a new patient comes in for care, they fill out forms and provide a wide breadth of information to the administrator, which often includes anything from birth dates and social security numbers to places of employment and pre-existing conditions. Any of this information can be used for malicious means. Emails and names can be used to send phishing emails. Hackers can use social security numbers to take out fraudulent loans. And any of this information can also be sold on the dark web for other criminals to use for their own unsavory practices.

Another reason that hackers intentionally target medical practices is that they know that many doctors, nurses, and administrative professionals don’t take cybersecurity as seriously as they should. Recent studies show that four out of five physicians have been the victim of cyberattacks and phishing emails, and only 20% of small medical practices have any form of cybersecurity protection at all. This is often because doctors hold the physical health of their patients as the priority and fail to see data breaches and cybercrime as the dangerous threats they can truly become.

All medical establishments need to understand the risks of cybercrime. It is essential not only for the protection of their clients but also to comply with the guidelines required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Along with the act, the HIPAA security rule states that healthcare organizations must put protections in place to ensure that patient data is not stolen or lost due to faulty systems or employee negligence.

As you can see, there are many reasons to protect patient data, and employee training and technology are the answers.

You can make sure your employees will go through the cybersecurity education process smoothly by making it engaging.

Tech to the Rescue

The tech used to diminish potential cybersecurity risks has grown by leaps and bounds over the years. As a start, artificial intelligence (AI) is becoming a major tool for protecting healthcare companies and other industries because when hackers repeatedly attempt the same tactics, AI can catch the pattern and block the intrusion. On the other side of the coin, if a threat goes against the usual pattern, AI can also catch that. While it is a great tool, hospitals first need to put the technology into effect to benefit.

Recently, ransomware has become a larger threat to healthcare systems. This is a tactic used by hackers to access your system and then prevent usage of the machines and data until a sum of money is paid to the criminals. This can be especially dangerous when surgeries and other operations are being conducted, as the inability to help the patient could result in their death. While it won’t solve the entire issue, having operational backup systems could be lifesavers. If all data is backed up on a separate server, it could allow the hospital to access the data from there instead of giving in to the hacker’s demands. After that, the authorities should be contacted.

A common cybersecurity threat that affects many industries is the phishing attack, which often occurs in email. This strategy creates a communication that looks to be legitimate but instead contains a link or attachment, that when clicked or opened, creates a doorway between the victim and the hacker, and from there, they can cause damage to the system. It can be easy for admins and doctors to fall for phishing scams at a busy hospital, so put tech to use via email filtering tools. These programs, such as SpamTitan and Spam Bully, will block unwanted messages while also scanning any attachments for threats. It is simple and easy to install these programs, but their protection cannot be underestimated.

Common Sense Tech Solutions

Even if a healthcare organization installs some of these tech solutions, they are powerless unless they are also protected, keeping them secure with smart passwords and two-factor authentication. To provide the best protection, passwords should include a combination of letters, numbers, and special characters. They should also be changed routinely every couple of months. On top of a good passcode, two-factor authentication will provide an extra layer of security, with an additional randomly generated code that is also entered, which hackers will not be able to identify.

The implementation of basic security software can go a long way to protecting your data. This includes putting a firewall in place and encrypting all new data that is entered into the system. Antivirus software can protect hospital computers against a myriad of cyber threats, from malware to ransomware scams. Keep in mind that antivirus software can only be truly effective if it is updated whenever a new version becomes available as it will detect the newest threats.

To be truly protected, a healthcare organization must secure all of its devices, not just the mainframe computers. That means also protecting mobile devices at all costs. If possible, phones and tablets should not be used outside of the hospital, and if they are, they must also be password protected. A good way to have all-around security is by installing a virtual private network (VPN), which will disguise the location of all devices and encrypt the data within automatically so it cannot be used even if stolen.

The need to protect our healthcare industry against cyberthreats is of utmost importance, and with smart tech and streamlined security practices, it can be accomplished. Give your patients peace of mind when they use your services by implementing these strategies today.

Learn more about how our Cybersecurity services can help your practice 

Full Article

What is Social Engineering and how can you avoid it?

What is social engineering?  In a nutshell, it is a technique to hack humans.  It is the psychological manipulation of human nature used to trick people into divulging sensitive information like usernames, passwords, or other information that can be further leveraged in an organization to gain legitimacy and trust.  Common forms of social engineering are phishing emails, vishing (voice phishing), smishing (phishing via text messages), and fake alert pop-ups on websites that warn you have a virus.

More than likely, you have experienced these sorts of social engineering attacks first-hand.  Why are these types of attacks so successful?  It uses proven psychological manipulation techniques that take advantage of our very nature as human beings living in a community.  In most cases it is easier for a malicious actor to hack a human rather than hack a deeply technical vulnerability on a company network.  Why go through all the trouble of writing an exploit program to hack a firewall when you can just send out a few well-crafted and highly targeted spear phishing emails, or call the company and pretend to be a member of the IT department and get all the information you need to access a network?

Best methods to combat social engineering attacks

Your users are your best line of defense.  Give them the tools they need to recognize and defend against social engineering.  Security Awareness Training is very effective at reducing vulnerability to social engineering methods.  A combination of ongoing phishing testing and educational training modules to keep all users at a heightened awareness level is very important.

Multi-factor authentication.  Because humans are human, there will be occasions where they may accidentally and unknowingly divulge a password in a social engineering attack.  With the 2nd factor of authentication required to access any system, it makes it much more difficult for a hacker to use the password to access any resources.

Written by: Michael Spurr, MSP Manager

Cyberattack Hits World’s Largest Meat Supplier

The world’s largest meat processing company has been targeted by a sophisticated cyber-attack.

Computer networks at JBS were hacked, temporarily shutting down some operations in Australia, Canada, and the US, with thousands of workers affected.

The company believes the ransomware attack originated from a criminal group likely based in Russia, the White House said.

 See how our Cybersecurity can help. 

The attack could lead to shortages of meat or raise prices for consumers.

In a ransomware attack, hackers get into a computer network and threaten to cause disruption or delete files unless a ransom is paid.

The White House says the FBI is investigating the attack.

“JBS notified [the White House] that the ransom demand came from a criminal organization likely based in Russia,” White House spokeswoman Karine Jean-Pierre said on Tuesday.

“The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals,” she added.

On Wednesday Russia’s Deputy Foreign Minister Sergei Ryabkov told local media the Biden administration had been in contact with Moscow to discuss the cyber-attack.

JBS said it had made “significant progress” in resolving the cyber-attack and hoped the vast majority of its plants would be operational on Wednesday.

The company said on Monday that it suspended all affected IT systems as soon as the attack was detected and that its backup servers were not hacked.

The United Food and Commercial Workers’ Union, which represents JBS plant employees, has urged the company to ensure workers still receive their pay.

IT systems are essential in modern meat processing plants, with computers used at multiple stages including billing and shipping.

According to the trade group Beef Central, “supermarkets and other large end-users like the McDonald’s burger patty supply network will be some of the most immediately impacted customers, due to their need for consistent supply”.

JBS’s five biggest beef plants are in the US, and the shutdowns have halted a fifth of meat production there, according to Bloomberg.

Plants in Australia and Canada have also been affected but the company’s South American operations have not been disrupted.

Last month, fuel delivery in the southeast of the US was crippled for several days after a ransomware attack targeted the Colonial Pipeline. Investigators say that attack was also linked to a group with ties to Russia.

Colonial Pipeline has confirmed it paid a $4.4m (£3.1m) ransom to the cyber-criminal gang responsible.

The US government has recommended in the past that companies do not pay criminals over ransomware attacks, in case they invite further hacks in the future.

 See how our Cybersecurity can help. 

View Original Online Article

 

Cybersecurity Outsourcing: Unnecessary Cost or Clever Investment?

The last 14 months have only reiterated that cybersecurity is not an issue we can ignore, and given that it is ever evolving, is certainly not an area that businesses can afford to scrimp on. Cybercrime has not disappeared in this time of adversity, instead hackers are thriving off the dispersed workforce, over-complex networks and increased vulnerabilities caused by the rise in personal and unsecured end-devices being used for work. Furthermore, the potential consequences of cybercrime are becoming increasingly severe, for example the string of attacks against bodies involved with the COVID-19 vaccine rollout, including pharmaceutical companies, the cold storage supply chain transporting the vaccine and the European Medicines Agency.

See how our Cybersecurity can help. 

An Extension to the Team to Address the Skills Gap

As cybercrime becomes ever more complex and sophisticated, it is impossible for in-house SecOps teams to harness a high enough level of expertise to sufficiently shore up their company’s defenses; while the cyber-skills gap is shrinking, employment in this field still needs to grow by 89% globally. SecOps teams need an extremely high level of expertise and resource to secure a business from phishing, malware, ransomware, hacking, DDoS attacks and the various IT vulnerabilities that continue to emerge. Employing individuals with this depth of knowledge in-house is simply not achievable given the skills gap, and the resources that are available have been forced to mix and match roles to support the remote work environment driven by the pandemic. Therefore, outsourcing cybersecurity not only seems like a smart decision for businesses, but it may also become an essential consideration in an environment lacking cyber-skills, but saturated with cybercrime.

Moving from Reactive Response to Proactive Mitigation

Outsourcing cybersecurity not only addresses any resource management issues but transforms your security strategy from reactive response to proactive mitigation. Hammersmith Medicines Research (HMR) fell victim to a high-profile security breach by MAZE group at the height of the COVID-19 outbreak, incentivizing them to outsource their cybersecurity solutions. After extensive penetration testing and threat analysis, HMR made the decision to implement a dedicated SOC – an outsourced solution that constantly monitors activity on their network, identifies vulnerabilities in real time and works to proactively improve security. While these measurements were initially a reactive response to a cyberattack, their infrastructure is now better protected long term against future attacks, while MTTD is reduced significantly and risks can be mitigated before they become serious problems.

Balancing Benefit Versus Cost

As social distancing restrictions ease and the economy enters its recovery phase, the board of any organization faces tough decisions about what disciplines and technology to invest in that will see a tangible return for their business. But when it comes to cybersecurity, the question must be can you afford not to invest when it comes to safeguarding your organization? The cost of investing into cybersecurity is far less than the cost of a security data breach. For example, the average cost of a breach to a UK organization is between £600K-£1.15m, not to mention the significant cost to a business from any reputational damage. Additionally, many organizations would simply not survive a security breach after the financial struggles from the last 12 months.

So, if a 24/7 SOC is the ideal cyber-solution, why are businesses not implementing them internally? The simple answer is that an in-house SOC will put a company back £500,000 on average, and even then it is unlikely to be monitored around the clock, which is when mistakes creep in and hackers take advantage. If this service is outsourced, with experts tracking any suspicious activity even while an organization sleeps, it becomes a much cheaper and more effective defense solution for businesses.

What’s more, investing in an external SOC will ultimately reap benefits for an organization’s internal NetOps and SecOps teams. Rather than consistently overstretched and overworked IT teams juggling digital transformation initiatives and cybersecurity monitoring, these professionals can be freed of the need to protect and monitor their networks. Instead, outsourced cybersecurity teams will take responsibility for threat detection, enabling those within the organization to upskill and push forward with improving internal processes and growing business capabilities.

Cyber-criminals are unfortunately only becoming more sophisticated. According to Deloitte, attackers are using COVID-19 as bait to impersonate a number of different companies and misleading employees, which is ultimately resulting in more infected devices and opportunities to spread ransomware. Therefore, it is imperative that organizations prioritize their digital defense strategy. By outsourcing their security to experts, business leaders may finally gain much needed confidence that their networks are protected.

 See how our Cybersecurity can help. 

View Original Online Article

 

Warning of Revenue Risks as Healthcare Cyberattacks Increase

A report this week from Moody’s Investors Service found that cyber risk will likely remain high for the healthcare sector, leading to the potential for lost revenue, increased expenses and elevated scrutiny.

“The large amount of sensitive patient data held by the industry will make it a rich target for attacks, particularly in the form of ransomware,” researchers predicted.

 See how our Cybersecurity can help. 

Still, they said, “for many, credit risk will be mitigated by healthcare systems’ strong liquidity and large scale, which often allow for the continuation of critical patient care amid cyber-related disruption.”

WHY IT MATTERS

The increased reliance on digital health technology has expanded innovation and access, particularly during the COVID-19 pandemic.

At the same time, Moody’s notes, it leaves the healthcare sector susceptible to attacks.

“While there is no way to fully prevent cyber breaches, the expanding adoption of remote care, or telehealth, during the COVID-19 pandemic will yield additional vulnerabilities, as potentially unsecured devices will be used to access health system networks,” wrote researchers in the report.

Moody’s pointed to ransomware as a particular danger, flagging the vast amounts of healthcare providers’ sensitive data as juicy prizes for bad actors.

“Hackers assume providers will need to restore access to patient data quickly to ensure continuity and confidentiality of patient care,” said the report.

Although the Federal Bureau of Investigation recommends that victims not pay ransom, Moody’s researchers observed that “ransomware offers hackers the possibility of a large payout after conducting an attack, as they demand payment for allowing files to be restored and preventing the release or sale of stolen data.”

A self-reported issue survey found that not-for-profit healthcare issuers’ investment in cybersecurity is on par with that of state and local governments, but that it trails other infrastructure sectors such as banks and electric utilities.

Looking forward, Moody’s says healthcare systems will need to deploy additional resources to thwart future cybersecurity breaches, secure their networks from third-party vendor access points – as well as internal vulnerabilities – and step up cybersecurity financial investments.

“Efforts to invest in cybersecurity will potentially get a boost at the federal level,” wrote researchers.

“The Biden administration has made cybersecurity a major focus, proposing legislation that would provide local, state, tribal and federal governments with funding to combat cyberattacks,” they wrote.

“In addition, President Biden has signed an executive order aiming to reduce cyber risk exposure of the federal government, its software vendors and by extension other private-sector customers that are part of vendors’ software supply chains,” they added.

THE LARGER TREND

Although tracking cybersecurity breaches can be challenging, Moody’s cited a number of high-profile incidents in its evaluation of the landscape.

Those events included attacks on Scripps Health and Universal Health Services, as well as disruptions to services stemming from third-party vendors such as Blackbaud.

And more reports are likely to come: The FBI recently warned of Conti ransomware attacks, which were behind recent outages at Ireland’s health service.

ON THE RECORD

“The growing interconnectedness of healthcare delivery and technology will continue to leave the sector vulnerable to breaches, as will its extensive use of third-party software vendors for clinical, billing and numerous other functions,” wrote researchers.

 See how our Cybersecurity can help. 

View Original Online Article

 

How Managed Services Make a Difference in Health IT

Clinicians aren’t the only ones who must continually pivot during the COVID-19 pandemic.

Healthcare IT teams face the challenge of managing systems and infrastructure to support uninterrupted care. They must also contend with reduced budgets, as well as managing the deployment of new technologies designed to maintain greater social distancing and sanitation within their physical spaces.

 See how our Managed IT Services can help. 

Those challenges are intensified by major staff reductions. According to federal labor statistics published in May, job losses in the healthcare sector are second only to those in the restaurant industry. That’s due to a substantial drop in elective surgeries and nonurgent visits.

Leaders, then, may consider the value of bringing in a partner to help.

Known as managed services, the arrangement can provide valuable IT insights, especially for smaller or recently merged healthcare systems. By trusting a third party such as CDW to handle cloud deployments, data center solutions, mobile initiatives, collaboration tools and security, organizations can focus on core business objectives.

Bridging a Gap in IT
Managed services — which may be scaled up or down, depending on demand — can cut IT costs by as much as 40 percent, notes a CDW white paper on the topic. This has become more significant after COVID-19 wiped out billions in revenue.

Still, expenditures were a concern before the pandemic: A February report from Gartner notes that over the past four years, 59 percent of healthcare CIOs reported operating cost pressures; moreover, 41 percent reported shortfalls in funding.

Outside guidance is crucial when 4.2 million IT jobs (including roles in healthcare) went unfilled last year, according to the Society for Human Resource Management. The society also cites a 2020 survey from CompTIA, which found one-third of companies regularly outsource some IT needs in a typical year.

Become an Insider
The duties of managed services are many. They could entail systems and data center management or handling the arduous tasks of maintenance and upgrades. Work might involve virtualization efforts so employees can safely do their jobs from home.

This creative, strategic thinking is key for effective cost optimization. As my colleague CDW Healthcare CTO Tom Stafford says, “The best thing we all can do right now is to collaborate with peers and partners.”

Peace of Mind
Beyond cost savings, managed services help ensure organizations properly assess, monitor and evolve their technology deployments and related services — and that all efforts meet the latest security and HIPAA-compliant protocols.

That’s even more important during COVID-19: The number of healthcare breaches reported between February and May is 50 percent higher than over the same period in 2019, according to the Department of Health and Human Services.

Recipients can rely on specialized engineers, 24/7 support and industry-specific expertise throughout the relationship, as well as added capacity to pivot amid a public health crisis that has IT teams working at full speed to enable high-quality care.

Managed services isn’t a substitute; it’s a partnership designed to meet the unique needs of each organization. When so much in the world has changed, a strong ally offers the foresight and strength to be ready for whatever comes next.

 See how our Managed IT Services can help. 

View Original Online Article

 


Enter code DAShealth to view video.


Enter code DAShealth to view video.


Enter code DAShealth to view video.

Please complete the sign in form below.

[contact-form-7 404 "Not Found"]

Please complete the sign in form below.







    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.



    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.


    Enter code DAShealth to view video.

    Enter code DAShealth to view video.
    CONTACT YOUR ACCOUNT MANAGER TODAY FOR MORE DETAILS!