Redefining Ransomware Security With Intercept X, Sophos is redefining what customers should expect from next-generation endpoint security products. No other vendor offers signatureless exploit prevention, ransomware detection, visual root-cause analysis, and advanced cleanup technology in a simple to install, easy to manage package. Watch and learn more about Sophos Intercept X Endpoint Security: Let Us […]
It has happened again. Another hospital system has been attacked by a ransomware. A malicious software that locks down our systems, encrypts our files and will only release them once a fee has been paid. This time It’s MedStar Health in the Baltimore area. http://www.baltimoresun.com/health/bs-hs-medstar-computer-outage-20160328-story.html
Tennessee Orthopedic Alliance, Presbyterian Medical Center in Southern California, Kentucky Methodist Hospital, Chino Valley Medical Center and Desert Valley Hospital have all been in the headlines for ransomware attacks recently. Thousands of infections go unreported and the nefarious programmers who designed this are making serious money. One FBI agent is quoted during a cyber security conference as stating “the easiest thing may be to just pay the ransom… the ransomware is just that good.” –rrstar.com
As the CEO of a national IT firm, I’ve watched my team battle with the rise in virus and ransomware attacks over the past couple of years. I’ve even found myself standing in front of a teller at a national bank, transferring money into a total stranger’s account for an express bitcoin purchase to pay the ransom for a client who had no other choice. Trust me, the entire exercise is unnerving. The reality is we do have a choice, but only before the infection. We have to educate, plan and protect to avoid falling into a situation where the only options left are to either sacrifice the data or pay these cyber thugs.
The primary point of entry for ransomware is through an unsuspecting employee who really thought there might be a FedEx tracking number attached to that email, or Amazon was truly rewarding them for being a loyal customer with a gift certificate. The lures are getting smarter and so should we. Sound the alarm.
Warn the team that we all have to be incredibly conscientious when opening emails. Unless you know the sender and you are expecting it, do not click on a download, link or attachment. If its suspicious, ask administration or your IT support to take a look. Additionally, we need appropriate security measures in place as well as a solid backup solution. Onsite backup strategies with multiple generations as well as offsite snapshots of our data is a must. No data that is important to us should be stored on individual machines that are not backed up. Centralize the files for simplified backup and security. Reevaluate your disaster and recovery safeguards to include contingencies for malicious software attacks. At the rate this epidemic is spreading, the question is not IF you will face this challenge, but WHEN will it happen.
Fortunately, 98% of our clients who have endured ransomware infections have been prepared. We were able to avoid paying the ransom by tracking down the installation, removing the threat and restoring valid data from backups. Pre-planning and strategic preparation is the only way to currently protect our businesses. We’ve helped hundreds of businesses, like yours to put these preparations in motion. If you have any concerns about how ready you might be for a ransomware infection or disaster of any kind, I invite you to schedule a call with one of our security specialists. We’d be happy to review your current strategy and help plug any holes we find.
2014 Medicare MU Attestation Deadline Extended to March 20th 2015
If you are an Eligible Professional participating in the Medicare EHR Incentive Program, now you have until 11:59 p.m. ET on March 20, 2015 to attest to demonstrate Meaningful Use of the data collected during your 2014 EHR reporting period. This new deadline is an extension from the previous deadline of February 28th, so attest soon!
We urge providers to complete attestation for 2014 as soon as possible.
This extension also enables eligible professionals who have not already used their one “switch” to switch programs (from Medicare to Medicaid, or vice versa) for the 2014 payment year until 11:59 pm ET on March 20, 2015. After that time, eligible professionals will no longer be able to switch programs.
If you are participating in the Medicaid EHR Incentive Program, please refer to refer to your state’s deadlines for attestation information.
Note: The Medicare extension does not affect deadlines for the Medicaid EHR Incentive Program.
Image Source: Lygeia Ricciardi (@Lygeia on Twitter)
A PricewaterhouseCoopers-led group has linked tech giant Google in vying for the Defense Department’s $11 billion electronic health-record contract.
Google’s search services will allow providers to query EHR data extensively, Garrett said. A doctor could query it for all the patients with post-traumatic stress disorder, for example, and then search for correlations between patients with the disorder and comorbidities, or other factors that led to an improvement or decline in health.
Read the full article on Modern Healthcare
The risk of experiencing a data breach “is higher than ever,” according to Experian’s second annual industry forecast, which shows how the “consistently high value of healthcare data on the black market” means there will be little respite from risk-fraught landscape.
Nearly half of organizations across all industries were hit by at least one security incident in the past 12 months, according to the report, which has spurred 48 percent of organizations to invest in security technologies and 73 percent to develop data breach response plans. Cyber insurance policies are another important new strategy, more than doubling in popularity, from 10 percent in 2013 to 26 percent in 2014.
Federal regulators are delaying the start of phase two of the HIPAA audit program until the agency responsible for enforcement finishes the roll-out of technology that will allow audited organizations to submit data via a Web portal.
And once the program resumes, the Department of Health and Human Services’ Office for Civil Rights plans to do more on-site audits and fewer remote “desk audits” than officials originally planned, Linda Sanches, an OCR senior adviser, said during a Sept. 9 presentation at the Healthcare Information and Management Systems Society’s privacy and security forum in Boston.
Read the full article on HealthCare Info Security website
The healthcare industry has had several loud wake-up calls so far this year, providing an alarm that the sector is not immune to the kinds of hacker attacks that have been more commonly associated with banks and retailers.
The most recent was a breach at Community Health Systems, which the hospital chain says involved Chinese hackers who used “highly sophisticated malware” to gain access to information on 4.5 million patients.
The healthcare industry cannot afford to snooze while cybercriminals plan their next assault. Organizations of all sizes need to be ready to recognize the threats and mitigate the risks.
Photo courtesy of Flickr
The triple aim is the goal of current healthcare reform through the implementation and adoption of health information technology, but are healthcare organizations and providers overlooking the role of telemedicine in achieving this end?
“Perhaps the real question to ask is this: Why aren’t health systems, hospitals, and physician practices working more aggressively to allow telemedicine support their move to outcomes-based care?”
Image courtesy of Flickr