Category Archives: Technology

The Intersection of Cost, Safety, And Experience

Posted on by

Until recently, healthcare providers and hospitals have implemented new technology as an afterthought—an easy mistake when the sensitive nature of the industry demands constant attention. Now, new compliance rules and cyber attacks have forced these organizations to reconsider the way data is managed and exchanged. Some third-party companies have seen the chance to move into a space with numerous opportunities. In particular, the ever-changing nature of compliance law has thrown some of the shortcomings of the industry into sharp relief. In addition, the patient engagement movement has created new reasons for healthcare organizations to invest in technology.

 

Getting Involved

Patient portals have existed for some time, to the point that it’s worth it for many organizations to reevaluate whether theirs work the way they’re supposed to. Portals are intended to be a convenient way for patients to get their critical health information outside of the doctor’s office, but their implementation is flawed.

 

In the effort to create a personalized space for patients, portals are often seen as an extent of frustrating medical red tape—including generic instructions, unhelpful information, and difficulty of access. Additionally, they provide yet another potential attack surface that care providers must manage to prevent any sort of breach.

 

The solution may be to consider more mobile patient tools to allow for easy access. The fewer barriers to entry there are for patients, the more likely they are to make use of the information. Whatever the solution, there is a strong need for technology companies to step in and build these tools in a way that is compliant and user-friendly.

 

Less Is More

While many risk-averse healthcare organizations may balk at completely changing their infrastructure to adapt to changing times, the benefits are significant. Even beyond improved security, adopting tactics such as moving patient information into the cloud can actually help create a better environment for patients. Changing infrastructure is an opportunity to update existing apps and portals.

 

These tools allow for easier exchange of data, empowering patients to interact with providers without having to go into a hospital. In turn, these organizations can gather valuable data that can enhance their experience further. The modern patient wants to shop around and compare options, and easing this process can cause them to favorably view one organization over another.

 

Infrastructure Is King

Given the nervousness felt by many organizations at the prospect of updating decades-old systems, it’s always worth emphasizing that they don’t have to do it themselves. Making connections between healthcare organizations and IaaS companies is important—bringing in an expert is better than skimping every time. Infrastructure is important for interactions with both patients and other retailers—given the amount of other organizations that the average healthcare provider will interact with, it pays to have a system that works correctly. Digital transformation is a process, but there’s a misconception that in-house IT has to do all of the heavy lifting. In reality, finding an infrastructure plan adapted specifically to an organization is the best way to move forward.

 

More Than Just Security

The modern healthcare organization is starting to realize the myriad benefits of updating systems. While data security is still one of the big drives for change, the benefits to patients and providers alike cannot be overstated. It’s up to these groups to take a step forward—or run the risk of being left behind.

 

How Cybersecurity Needs To Evolve

Posted on by

There’s a huge need for the cybersecurity industry to step up. Ample demand and the evolving nature of attacks has made the industry dynamic in recent years. For those that are up for the challenge, it’s a great opportunity to delve into a field that is always growing. However, no business is invulnerable to threats, and the industry needs to change in several critical ways to reach a point of maturity.

 

Nobody’s Perfect

Don’t get me wrong, many businesses practice cybersecurity well. We’re seeing more and more organizations understand that ever-changing threats inherent in the industry, and that bodes well for progress. Still, a concerning amount of businesses continue to adopt a “fire and forget” approach—that is to say layering on defenses and calling it a day.

 

Every new system, every new update, and even every new solution creates vulnerabilities that attackers will try to exploit. The first step to building a better cybersecurity program is acknowledging that there will never be perfect countermeasures. The best a business can do is to identify key vulnerabilities unique to their organization and focus on protecting those while remaining vigilant about the possibility of an attack. Often, this means bringing in a third-party that can better monitor and upgrade systems on a business’s behalf.

 

Don’t Adopt Just To Adopt

While it’s true that every business—from large corporations to small businesses—should be concerned about cybersecurity, it doesn’t mean that the shotgun approach of adopting as much as possible and hoping for the best is smart.

 

Instead, businesses should look at cybersecurity strategically. There are a lot of great tools out there, but many require some expenditure of time and talent to be used effectively. Choosing tools should be a matter of weighing whether a team is capable of using them to monitor and detect potential threats. If they’re not being used correctly or as intended, they can often be a money sink that accomplishes very little.

 

Personalize It

Plenty of resources online give step-by-step plans for implementing cybersecurity in a business. While these articles are great starting points, they should not be the end-all-be-all of cybersecurity. More often, businesses should consider their level of risk, the amount of resources at their disposal, and potential attack surfaces when constructing a cybersecurity plan.

 

I’ve written a lot about security and compliance in the healthcare sphere because these organizations stand to lose more than most in an attack. There’s a lot to talk about. A smaller business will want to identify what is at risk in the event of an attack and what they could lose. Many times, it’s also about what these businesses can gain—the benefits available to them when older systems are upgraded.

 

Ever Vigilant

In all likelihood, cybercriminals are not constantly probing the average business for weak points—but no business can afford to assume that they aren’t. Complacency is the enemy of good cybersecurity, and planning for the future is the best way to ensure that needs are being anticipated. In short, new measures should be proactive, not reactive—and it’s up to all businesses to find an ongoing solution that works for them.

Is the Cloud the Safest Solution for Security?

Posted on by

Ever since the ransomware attack of WannaCry attacked more than 230,000 across the world, the healthcare industry’s concern over cybersecurity has risen. Although there were no patients harmed in the attack and no data compromised or stolen, there became a serious need for healthcare organizations to strengthen their security. One of the most considered options is to migrate the information to the cloud so it won’t get into the wrong hands again.

Security of the Cloud
Could moving information to the cloud be more secure? It is almost impossible to recover data has been encrypted by a ransomware which makes preventing it from being stolen in the first place so important. Keeping secure data on the cloud would be the best way to keep it backed up instead of on-premises. In the perfect situation, there would be enough warning to isolate a ransomware infection and recover important data. Until then, backing up data on the cloud is an ideal solution.

DRaaS as Prevention
After the attack of WannaCry, the public’s biggest concern was the amount of damage caused by the downtime. A simple backup can restore a production database, but a DRaaS solution will be much faster. This is simply because DR is a system of replication that combines software and the cloud. This system is designed to lower downtime in a data breach and get organizations back on their feet and running in no time. By providing third-party support and geographic diversity, DRaaS gives healthcare organizations better security than secondary sites.

Healthcare Industries’ Opinion
Due to the threats of cybersecurity and hackers attacking healthcare organizations, the industry knows something must be done. The organizations have recognized that using the cloud to strengthen security is the best option. The cloud can be used to manage threats, isolate incidents and backup important data. Most recently, the Secretary of State for Health and Social Care, Jeremy Hunt, was the first to sign off on an official guide to help the UK’s National Health Service (NHS) move to the cloud.

Although moving the cloud is favored by most, there are a few concerned about compliance. Many IT Departments in healthcare do not have the correct roles or expertise to implement the cloud into their security. But there are organizations to help those in the health industry to help utilize the cloud in their security. It’s imperative that the health organizations use the cloud technology to beef up their security and take strong measures against cybercriminals.

How Healthcare Can Adapt to Cyber Threats

Posted on by

As the healthcare advances in technology, cybersecurity threats rise. Cybercriminals are becoming increasingly more creative with their hacks, making the need to up security direr. With the rise of security incidents such as WannaCry or the proliferation of cryptocurrency coin miners, there is a growing risk of disrupting the delivery of healthcare. The healthcare industry must now adapt to a more comprehensive and security-centric strategy. There are a number of ways the industry is planning on advancing their security:

How Cybercriminals Attack
Cybercriminals have become quite crafty with how the attack the healthcare system. One of the new and most popular ways is exploiting the software supply chain. Since the health industry heavily relies on a network of partners, attackers will choose a supply-chain-based attack to breach an organization or to get to one of their suppliers.

This kind of attack can take up to three forms: hijacking a supplier’s domain to direct traffic to an infected domain, directly compromising the software of a supplier, or targeting any third-party hosting services. The healthcare industry is at high risk for these kinds of cyber attacks because of how much they use third-party partners and services.

The Latest Industry Breach Trends
Security breaches that involve data of more than 500 people are the responsibility of the U.S. Department of Health and Human Services (HHS). By posting their findings of each breach on the HHS OCR Breach Portal, they provide data that can be analyzed to find the latest cyber security trends in the healthcare industry. Analyzing this data found that the number of breaches in the industry rose 10 percent within the last year. As the number of breaches is increasing, the healthcare industry’s security approach is beginning to change.

A study by HHS Analytics found that 40 percent of healthcare organizations cybersecurity is a scheduled item of discussion among the boardroom. The HHS also reported that the three biggest figures holding health organizations back from reaching a higher level of cybersecurity back were budget, staffing and skill set. The healthcare industry understands that the cybersecurity concerns are high and are in need of a stronger security program that is more broadly focused and go beyond HIPAA compliance.

Best Security for Healthcare
With so many cybersecurity threats for the healthcare industry, there is a desperate need for protection against hackers. Healthcare industries and organizations stand a chance against these cybercriminals by seeing cybersecurity as a business risk, address it regularly at a board level, hire qualified employees for new security roles or even consider the security implications when purchasing equipment. By incorporating these security measures, industries have a better chance against cyber attackers and hackers.

Does Cybersecurity Need A Rebrand?

Posted on by

Contrary to some popular perceptions, cybersecurity is not about defending against men in ski masks hunched over laptops. Similarly, cyber attacks don’t consist of hackers typing furiously on a keyboard before declaring “I’m in.”

In reality, cybersecurity is an aspect of IT management that is an issue because of the evolving nature of threats and a relative lack of professionals in the field. Those with a better sense of the workings of cybersecurity may picture an expert as an IT specialist trying to contend with the many vulnerabilities inherent in any enterprise system.

In reality, the work is more satisfying than stressful. Whether you work in the IT department for a company or a managed services offering for cybersecurity (as I am), it can be fulfilling to know that you’re acting as a gatekeeper for one or more organizations. There seem to be some misconceptions about the industry in general. The challenges in the form of numerous cyber attacks can be seen, but it has never been a better time to break into the industry.

The Information Bind

One of the issues facing the industry is a simple lack of information. According to a survey from the University of Phoenix, most US adults are not aware of many of the cybersecurity jobs available. This is compounded by a large percentage who are not aware of the education they would need to prepare themselves for such a career, even if they have a background in skills such as programming and data analytics. It may be that, as a still-developing industry, that colleges and universities will have to emphasize cybersecurity as a career option.

Are You a Problem Solver?

As another angle, it’s worth considering the mindset required by anybody looking to break into cybersecurity. Though the technical skills necessary to get into the field exist in abundance, aspiring cybersecurity professionals should think about whether they have the problem-solving mindset. In cybersecurity, situations can change in an instant, and the ability to adapt to new information is something that cannot be taught.

More Than Just Technical Skill

In cybersecurity, strengths come not only from the ability to work with enterprise systems and identify potential attack platforms but interpersonal skills as well. A CISO or similar will need to impart critical information to employees to respond to a breach or train them in best practices. A professional in the industry shouldn’t work independently of any other department—they should be actively involved in the affairs of their organization.

Diversity

Diversity is also something that the cybersecurity industry has struggled with in recent years, even as it has been proven that diverse perspectives provide benefit to any workplace. As previously mentioned, problem-solving is essential, and attracting a more diverse crop of candidates can lead to even more opportunities in the industry. It comes down to existing professionals to appeal to top talent, selling the many opportunities available to anybody making the switch to cybersecurity.