Healthcare hacking on the rise

https://mailchi.mp/ef14a7cfd8ed/the-weekly-gist-august-6-2021?e=d1e747d2d8

From the largest global meat producer to a major gas pipeline company, cyberattacks have been on the rise everywhere—and with copious amounts of valuable patient data, healthcare organizations have become a prime target.

The graphic above outlines the recent wave of data attacks plaguing the sector. Healthcare data breaches reached an all-time high in 2020, and hacking is now the most common type of breach, tripling from 2018 to 2020. This year is already on pace to break last year’s record, with nearly a third more data breaches during the first half of the year, compared to the same period last year.

Recovering from ransomware attacks is expensive for any business, but healthcare organizations have the highest average recovery costs, driven by the “life and death” nature of healthcare data, and need to quickly restore patient records. A single healthcare record can command up to $250 on the black market, 50 times as much as a credit card, the next highest-value record. Healthcare organizations are also slower to identify and contain data breaches, further driving up recovery costs.

A new report from Fitch Ratings finds cyberattacks may soon threaten hospitals’ bottom lines, especially if they affect a hospital’s ability to bill patients when systems become locked or financial records are compromised. The rise in healthcare hacking is shining a light on many health systems’ lax cybersecurity systems, and use of outdated technology.

And as virtual delivery solutions expand, health systems must double down on performing continuous risk assessments to keep valuable data assets safe and avoid disruptions to care delivery.

Colonial hack a wake-up call to CFOs with legacy systems

What is a cyber attack? Recent examples show disturbing trends | CSO Online

CFOs whose finance and accounting functions are built on legacy computer systems got a stark reminder last week from the Colonial pipeline hacking of what’s at stake if their system is breached.

The hack to Colonial’s system led to widespread gas shortages throughout the East and reportedly forced the company to pay $5 million in ransomware to get the instructions for reclaiming its data. 

“For finance departments, the cybersecurity risk is huge,” Samir Jaipati, a finance solutions leader with EY Americas, told CFO Dive in an email. “Something built on outdated technology won’t be able to keep hackers out.” 

Security specialists generally agree legacy, on-premises systems starting from about 10 years ago typically have solid cybersecurity features built in, but those that are older might require significant upgrades if they’re going to stand a chance against today’s sophisticated hackers.

The risk for CFOs who must manage their processes on an outdated system is they’ll try to get by with short-term fixes that won’t solve the systemic problems they face. 

“These temporary fixes aren’t as dependable and in the long-term may cost more,” said Kaipati.

Best effort

For CFOs who don’t have the time or budget to implement the system overhaul they need or to transfer their processes to a more secure on-premises system or to a cloud-based system, the best step is to do a comprehensive review of their end-to-end finance processes to audit for consistency and reliability, said Steve Adams, Gartner finance director. 

He suggested reviewing the organization’s record-to-report process from start to finish to understand where non-secure platforms are used, whether there are audit trails that don’t exist, and if exogenous data is incorporated. By eliminating these and other red flags, CFOs can go a significant way to clean up their processes and reduce risk without making system changes, Adams said. 

CFOs taking this approach should first engage their IT business partner and ask for a full audit of the cybersecurity capabilities of the suite of financial applications and to use that review as a starting point to making improvements, he said. 

Wider integration

Legacy systems pose a broader problem than just security risk; they can impede company growth because CFOs aren’t generating the data or producing the analytics that can help them identify ways to make more money or reduce costs in the same way they can get from sophisticated cloud-based solutions. 

Nor can legacy systems be expected to be as good at integrating data throughout the organization in the same way as cloud systems.

For CFOs who can do it, switching from an old on-premises system to the cloud can be a game-changer, said Manish Sharma, an Accenture operations group executive.

“CFOs that are agile and able to overcome these restrictions by scaling digital and cloud-powered technologies have been able to break down data silos and siloed ways of working to support the ever-evolving business strategy with speed and flexibility,” he said. 

The importance of using up-to-date IT was emphasized in a recent Accenture report that found “future-ready” leaders are emerging ahead of the pack with higher efficiency and profitability by scaling digital capabilities in ways to improve operational maturity.

“These leaders use better, more diverse data to inform decision-making as part of a cloud-powered continuous feedback loop,” said Sharma.

Flexible categorization

Another benefit of moving to the cloud or a hybrid cloud-on-premises arrangement is cost flexibility. 

On average, the cost of managing an outdated IT system can cost a business around $3.61 per line of code or over $1 million for an application with 300,000 lines of code, said Kevin Shuler, owner and CEO of the Quandary Consulting Group, a Denver-based IT firm. 

“It accounts for customizations, maintenance, reporting, server and hardware, etc.,” he said. 

While replacing the old with the new might appear to be prohibitively expensive at first glance, Shuler noted what can put a CFO more at ease is the costs are more transparent than maintaining a legacy system.

“Better, they can be categorized as either an operating expense or a capital expense since a lot of software is classified as a service rather than software,” he said. 

This gives flexibility to the CFO’s finances and forecasting. It also means more resources can be available for modernized systems. 

“That means you can get superior resources at a lower cost than trying to pull from a pool of highly specialized and competitive contractors who work mainly with legacy systems,” he said.

Healthcare CFOs weigh-in on the challenges ahead

https://www.pwc.com/us/en/library/covid-19/pwc-covid-19-cfo-pulse-survey.html

What CFOs think about the economic impact of COVID-19

How finance leaders see a return to work

Business perspectives on what it will take to shift from crisis mode are solidifying. US finance leaders are focused on shoring up financial positions, as US businesses head into a period of even more operational complexity while they orchestrate a safe return to the workplace. Back-to-work playbooks put workforce health first, as companies set course for a phased-in return to the workplace that will not be uniform across the US or internationally, findings from the survey show. Returning employees and customers are going to experience a work environment that will differ in marked ways as a result. Another change likely to endure post-crisis is the strong role corporate leaders have taken within their communities, placing a renewed emphasis on environmental, social and governance (ESG) efforts going forward.

The actions CFOs are taking show how US businesses continue to adjust to very difficult current conditions with an eye toward an evolving post-COVID world. The level of concern related to the crisis is holding steady. It is high but stabilizing, with 72% of respondents reporting that COVID-19 has the potential for “significant impact” to their business operations vs. 74% two weeks ago.

Key findings

Back-to-work playbooks reshape how jobs performed
49% say remote work is here to stay for some roles, as companies plan to alternate crews and reconfigure worksites.

Protecting people top of mind
77% plan to change safety measures like testing, while 50% expect higher demand for enhanced sick leave and other policy protections.

Substantive impacts expected in 2020 results
Half of all respondents (53%) are projecting a decline of at least 10% in company revenue and/or profit this year.

Cost pressures intensify
A third (32%) expect layoffs to occur, as CFOs continue to target costs, while 70% consider deferring or canceling planned investments.

Economic events shaping CFO response last week

This survey, our fourth since emergency lockdowns took effect in the US, reflects the views of 305 US finance leaders during the week of April 20. It was a week when oil futures traded below $0 as energy markets confronted downshifting global demand, Congress replenished emergency funding of $480 billion for small firms and healthcare systems, and everyone heard the call to get ready to go back to work as the US and Europe firmed up plans to ease quarantines.

Post-crisis world taking shape in plans to reboot the workplace

Health and safety are top priorities for leaders as they prepare to bring people back to on-site work. More than three-quarters (77%) are putting new safety measures in place, while others are taking steps to promote physical distancing, such as reconfiguring workspaces (65%). Findings also show where the virus may have longer-lasting impact on ways of working. Half (49%) of companies say they’re planning to make remote work a permanent option for roles that allow. That’s even higher (60%) among financial services organizations.

Takeaways

Among the small percentage of companies that are beginning to bring people back, returning to work will not mean a return to normal. Companies should consider how to help frontline managers lead with empathy, to communicate transparently and make decisions quickly so employees understand where they stand, have access to the resources available to them, and can share feedback to ensure they feel safe and get what they need. Tools such as workforce location tracking and contact tracing can help support employees with suspected or confirmed infections, while also helping to identify the level of risk exposure. Companies looking to make remote work a permanent option will need to enable leaders to manage a blended workforce of on-site and remote workers during the next 12 to 18 months.

Given that many people may be wary of returning to on-site work, there’s an opportunity for companies to create more targeted benefits to help make the transition easier. Paid sick leaves and worker protections, help with childcare, private transportation to and from work, or other benefits could help employees who may need extra flexibility or who want additional support as they prepare to come back.

Forecasting substantive impacts on 2020 performance

A majority of respondents (80%) continue to expect a decline in revenues and/or profits in 2020. Projections by sector vary, with consumer markets likely the hardest hit: one-third (32%) of CFOs expect a 25% or greater decline in revenues and/or profits this year, compared to 24% of respondents in all sectors.

Takeaways

Outlooks for financial results have held relatively steady in the survey over the last month, and are probably indicative of actual impact. Companies have had the time to evaluate the effects. CFO projections for declining revenue and profits coincide with a widening realization that the US economy is in recession. Since mid-March, jobless claims have soared past 26 million, and Congress passed relief packages of $2.5 trillion. CFOs are evaluating a wide range of scenarios that cover the health situation, the shape of the economic recovery, the spillover into the financial markets, and the resulting impacts on their business. This crisis is setting a new benchmark standard for “unknowable.”

Cost pressures intensifying

CFOs are considering additional ways to scale back on planned investment and/or other fixed costs amid volatility in demand. A third (32%) expect layoffs to occur in the next month, up from 26% two weeks ago. Protecting cash and liquidity positions is paramount. Financial impacts of COVID-19, including effects on liquidity and capital resources, remain the top concern of CFOs (71%). Over half (56%) say they are changing company financing plans, up from 46% two weeks ago.

Among other actions, 43% plan to adjust guidance, which is consistent with responses two weeks ago. This figure will likely increase as companies go through the earnings season over the next two to three weeks. Separately, 91% of respondents are planning to include a discussion of COVID-19 in external reporting. Depending on the type of company, this can mean inclusion in financial statements and/or in risk factors and MD&A results of operations, earnings release or MD&A liquidity sections.

Takeaways

Many CFOs have focused on how they can manage their cash pressures to ride out the crisis. Common approaches have included stop-gap measures, such as hiring freezes and tightening controls on discretionary costs to put an end to travel and events, or the use of contractors. Findings show that these types of cost actions are likely to continue, and they remain at the top of the CFO agenda.

Of those who say they’re considering deferring or canceling planned investments, 80% are considering facilities and general capital expenditures. At the same time, investment programs in areas that are considered important to future growth — including digital transformations, customer experience, or cybersecurity and privacy — are less likely to be targeted. CFOs will increasingly look for ways to prioritize costs in these areas, as businesses grow more confident in recovery prospects — even though current demand is subdued.

Priorities to de-risk supply chains

As companies continue to wade through mitigation efforts and start to think about recovery, many are planning changes to make their supply chains more resilient. Findings show CFOs prioritizing specific actions: 56% cite developing alternate options for sourcing, and 54% say better understanding the financial and operational health of their suppliers.

Takeaways

Findings confirm an emphasis on de-risking supply chains, as companies prioritize the health and reliability of their supplier base among changes they’re planning as a result of COVID-19. In particular, there is a focus on managing risk around supply elements, such as reducing structural vulnerability with other sourcing options.

Some companies are starting to invest in creating data-backed profiles of their supplier base so they know where and when to look for second sources. Others are increasing communication with suppliers to better understand financial health. For many, conducting deeper financial and health reviews of suppliers will become a regular part of their business reviews. Physical supply chain relocations will likely happen only as a last resort, given the costs involved. However, automation of certain elements of the supply chain — to eliminate time-consuming manual tracking efforts and check tariff structures, for example — will likely become more common as companies seek better data to make more informed decisions.

Strategies yet to change, but tech likely to drive M&A

The impact of the outbreak on mergers and acquisitions (M&A) strategies remains mixed. While 40% of respondents say their company’s M&A strategy is not being affected by COVID-19, compared with 34% two weeks ago, one in five say it’s too difficult to assess what changes, if any, will need to be made to strategy. CFOs within the technology, media and telecommunications industry stand out in particular. They are less likely to report decreasing appetite for M&A due to COVID-19, compared with peers in other sectors, and 55% say the crisis hasn’t changed their M&A strategy.

Takeaways

These findings highlight the fundamental strengths of the tech sector and suggest it will be among those driving M&A in the months ahead.  Tech giants, in particular, have large cash reserves. Moreover, demand for some tech products and services is strong as businesses return to work — 40% of CFOs say they will accelerate automation and new ways of working as they transition back. Additionally, technologies such as drones, artificial intelligence and robotics, will likely enjoy wider adoption in the post-COVID-19 environment. This leaves tech better-positioned to weather the pandemic’s economic fallout and to execute on inorganic growth strategies. M&A is likely to recover faster than the US economy, with tech among the cash and capital-rich sectors leading the charge. PwC studies show that a combination of factors has been driving a decoupling of deals from the broader economy.

Business recovery timeframes have extended

Organizations are realizing the business recovery from the impacts of the virus will take longer. The March measures of manufacturing and services activities show sharp drops. Demand is not only declining, it’s shifting. Moreover, even as some US states start to reopen, difficulties in setting up testing could keep some states in a holding pattern. As a result, for CFOs, the time required to return to “business as usual” the moment that COVID-19 ends continues to lengthen. Currently, 48% believe it will take at least three months to return to normal, up from 39% two weeks ago.

Takeaways

As reality sets in and companies understand the true impacts to their operations, CFO perceptions of the length of time to business recovery has extended. According to our analysis of how companies gauge their response to the crisis in PwC’s COVID-19 Navigator diagnostic tool, the expected impact of COVID-19 on businesses globally remains high, with consumer markets and manufacturing the most susceptible among industries. Put another way, businesses that are less reliant on a large, complex supply chain to deliver products, or are able to work relatively effectively while remote, are also likely to be among the least exposed.

Consumer-facing companies reconfigure physical sites as shutdowns start to lift

Companies in consumer-facing sectors continue to contend with both sides of the demand equation, as consumers sheltering in place focus single-mindedly on essential products to the exclusion of other offerings. Consumer markets (CM) CFOs are more likely to list a decrease in consumer confidence and spending as a top-three concern than they were two weeks ago (66% vs. 50%). For CM CFOs, consumer confidence trends translate almost directly to revenues, with 32% projecting an adverse impact on revenue and/or profit of at least 25% in 2020, compared with 24% of respondents across all industries.

In response, almost three-quarters of CM CFOs (73%) are considering deferring or canceling planned investments, targeting mostly general capital expenses, such as facilities. They also say technologies that can improve their understanding of changes in customer demand are a top-three priority as they plan changes to their supply chain strategies (41% vs. 30% for all sectors).

CM CFOs are planning workplace safety measures (86% vs. 77% for all sectors) and reconfiguring work sites to promote physical distancing as part of their transition back to on-site work (77% vs. 65% for all sectors). They recognize that consumers want the assurance of a safe physical environment above all else, especially because the majority of CM products and services require a physical component, despite the continuing shift to online.

Takeaways

Consumer-facing companies continue to be among the hardest hit, as the public health crisis keeps the majority of consumers confined to their homes for now. As they grapple with immediate challenges, CM companies are pulling back on capital investments. However, most are still planning to shore up their digital presence in response to accelerated online demand that could last well beyond the recovery period.

Health system pivots to new ways of working

What’s on the mind of financial leaders in the health industry? As they plan to bring more of their workforce back on-site, they are more likely than leaders in other industries to be leaning on technology to help them manage staffing uncertainties. Fifty-four percent of healthcare CFO respondents said they plan to accelerate automation and new ways of working, compared with an average of 40% across all industries.

Healthcare organizations are simultaneously solving two critical issues: uncertainty about demand and protecting their workforce. Health organization CFOs (70%) were more likely than executives from other industries (an average of 50%) to report that they expect higher demand for employee protections in the next month. Meanwhile, consumer anxiety over their own safety is driving up uncertainty about demand for healthcare and medical products. Forty-one percent of healthcare finance leaders listed tools to better understand customer demand as a top-three priority area when considering changes to their supply chain strategies, compared to 30% of financial leaders in all sectors. Fifty-one percent of healthcare finance leaders said they are making staffing changes as a result of slowed demand.

Takeaways

survey conducted by PwC’s Health Research Institute in early April found that some consumers are delaying care and medications amid the pandemic. In this latest PwC survey of CFOs, healthcare leaders report uncertainty about how much of their business will return as the threat of the pandemic ebbs, making staffing decisions difficult.

As the nation continues to grapple with the pandemic, getting back to work is top of mind for US financial leaders overall, but this is an especially pressing issue for health leaders. They must plan for their own workforces, while dealing with an unfolding financial calamity — 81% expect their company’s revenue and/or profits to decline this year as a result of COVID-19. On par with other industries, they expect this decline, even though their organizations play central roles in addressing the human toll of the pandemic. One strategy is to use telehealth technology to virtually care for patients, thereby protecting patients and caregivers during the pandemic.

Financial firms see fewer layoffs, but slower recovery

Financial services (FS) CFOs are bracing for a longer road back to normal. About a third (35%) now think it could take six months to get back to business as usual, up sharply from 15% just two weeks ago. They’re also more optimistic about the bottom line. More than a quarter (27%) of FS survey respondents expect revenue and/or profits to fall by 10% or less. Across all industries, only 18% felt as confident.

Takeaways

Banks are playing a critical role in helping stabilize the economy, as they work on the front lines to distribute CARES Act provisions. Along with insurers and asset managers, they also rely heavily on workers with specialized technical and institutional knowledge. This may explain why FS CFOs expect fewer layoffs (15% vs. 32% overall) or furloughs (17% vs. 44% overall) over the next month. Now, they’re trying to focus on keeping workers healthy and safe.

Conversations are starting to shift toward when and how to transition back to physical offices. For some employees, work may look very different: More FS CFOs are considering making remote work a permanent option for roles that allow it (60% vs. 49% overall). To better protect their employees, they’re also looking to evaluate new tools to support workforce tracking and contact tracing (32% vs. 22% overall) as part of the return-to-work process.

Deeper insight into health of suppliers is top priority for industrial products

The industrial products (IP) sector is in full-throttle cost-cutting mode. Nearly all IP CFOs (96%) report considering cost containment measures, compared with 87% two weeks ago. Some of this comes in the form of layoffs: 49% of IP CFOs expect layoffs to occur vs. 36% two weeks ago. The longer the crisis lasts, the longer the impact on recovery times for their business. When asked how long it would take for their business to return to business as usual if the COVID-19 crisis were to end today, 15% of IP CFOs said less than one month, down from 25% two weeks ago.

Meanwhile, they’re closely examining challenged supply chains. When asked to list their top-three priority areas when planning changes to supply-chain strategies, 66% of IP CFOs identified understanding the financial and operational health of their suppliers, compared to 54% of CFOs across all industries. A majority (56%) also cited developing additional and alternate sourcing options as a priority. And the extent of the financial damage is sinking in: 65% of IP CFOs estimate 2020 revenues and/or profits will drop at least 10%.

Takeaways

IP CFOs are signaling they’re in the thick of the crisis, as they absorb historical lows in production, with March US industrial output plunging to levels not seen since the end of WWII. Continued cost actions are still in the cards.

IP finance leaders are looking ahead to get back to business, with some already bringing workers back on-site. Some are expecting changes to the workplace. Thirty-nine percent of IP CFOs are considering making remote work a permanent option for roles that allow, and 31% are considering accelerating automation and new ways of working. While these are still early days for US producers in returning to work, bringing millions of workers back into the fold may well usher in more change management than the industry now expects.

Tech, media and telecom well-positioned to power the recovery

Technology, media and telecommunications (TMT) companies are well-positioned for recovery from the initial blow of COVID-19. As they stabilize operations in response to the crisis, the percentage of TMT CFOs anticipating revenue and/or profit declines is down 19 percentage points from two weeks ago to 65%. The data suggest that TMT companies are preparing for a future in which virtual work options gain greater acceptance over traditional office settings. TMT companies are more likely to reduce their real estate footprint as they transition back to on-site work (38% compared to 26% for all sectors), and 55% say they’re planning to make remote work permanent for positions that allow.

Of those who said they’re considering deferring or canceling planned investments, TMT companies are less likely to reduce digital transformation investments (13%) than all sectors (22%). Their increased optimism about digital investment as they strategize for the future is further borne out by the data: Two weeks ago, of those who said they were deferring or canceling planned investment, TMT was on track to reduce digital investments at the same rate as other sectors (25%).

Takeaways

The resilience of TMT companies is evident in their approach to this crisis. Bolstered by robust liquidity, the majority of companies in the sector are looking ahead to a recovery they will power by using both organic growth and M&A. In the wake of a crisis that has accelerated more widespread virtual connectivity, look for new emerging-tech-enabled business models to take shape.

Where to focus next

COVID-19 has put businesses under enormous strain to drive new ways of working. When the pandemic began, many companies put their people’s health and safety at the center of their decision-making, and they appear to be doing the same as they prepare to ramp up business. With most firms expecting to bring people back on-site in phases, leaders will need to help employees adjust to a changed environment while still managing the well-being, engagement and productivity of all workers. Purpose-led communication will continue to be critical to keep people informed, and leaders should demonstrate empathy while helping employees adjust to what will likely be an extended transition period. 

 

 

HP unveils advanced security for remote workers — and shows how to disinfect your laptop

HP unveils advanced security for remote workers — and shows how to disinfect your laptop

HP has unveiled advanced security for businesses and their remote workforces and disclosed an extensive guide to disinfecting your laptop and other computer equipment.

The new offerings include HP Pro Security Edition, HP Proactive Security, and HP Sure Click Enterprise. These are aimed at the security threats that evolve and disrupt business every day.

With the recent surge of remote workers — due to work-from-home rules forced upon us by COVID-19 — HP said we must all be aware of the increased risks of working from home. Over 80% of home office routers have been found to be vulnerable to potential cyberattacks.

Emails also pose a significant risk to organizations, with over 90% of PC infections originating from attachments and 96% of security  breaches not discovered until months later. There are 5 billion new threats per month, based on HP’s estimates.

“Our HP Pro Security Edition takes Sure Sense and Sure Click and bundles [them] with our system,” said Andy Rhodes, global head of commercial PCs, in a press briefing. “Endpoints are still an enormous risk — 90% of infections originate with emails. Every user is at risk here.”

HP Pro Security for small businesses.

With public health concerns over COVID-19 spreading worldwide, HP wants customers to have the information they need to effectively clean HP devices and maintain a healthy work environment.

The Centers for Disease Control and Prevention (CDC) recommends cleaning surfaces, followed by disinfection, as a best practice for the prevention of COVID-19 and other viral respiratory illnesses in households and community settings.

In fact, HP has issued its own whitepaper for cleaning your devices.

“We get asked [about] this every day,” said Rhodes. “If you use the wrong disinfectant, you can actually damage the product.”

A CDC-recommended disinfectant that is also within HP’s cleaning guidelines is an alcohol solution consisting of 70% isopropyl alcohol and 30% water.

The steps below use the CDC-recommended alcohol solution to clean high-touch, external surfaces on HP products:

  1. Wear disposable gloves made of latex (or nitrile gloves if you are latex-sensitive) when cleaning and disinfecting surfaces.
  2. Turn off the device and disconnect AC power (printers should be unplugged from the outlet). Remove batteries from items like wireless keyboards. Never clean a product while it is powered on or plugged in.
  3. Disconnect any external devices.
  4. Moisten a microfiber cloth with a mixture of 70% isopropyl alcohol and 30% water. Do not use fibrous materials, such as paper towels or toilet paper. The cloth should be moist, but not dripping wet. (Isopropyl alcohol is sold in most stores, usually in a 70% isopropyl alcohol/30% water solution. It may also be marketed as rubbing alcohol.)
  5. Do not spray any liquids directly onto your device.
  6. Gently wipe the moistened cloth on the surfaces to be cleaned. Do not allow any moisture to drip into areas like keyboards, display panels, or USB ports located on the printer control panels, as moisture entering the inside of an electronic product can cause extensive damage to the product.
  7. Start with the display or printer control panel (if applicable) and end with any flexible cables, like power, keyboard, and USB cables.
  8. When cleaning a display screen or printer control panel, carefully wipe in one direction, moving from the top of the display to the bottom.
  9. Ensure surfaces have completely air-dried before turning the device on after cleaning. No moisture should be visible on the surfaces of the product before it is powered on.
  10. After disinfecting, copier/scanner glass should be cleaned again using an office glass cleaner sprayed onto a clean rag to remove streaking. Streaking on the copier/scanner glass from the CDC-recommended cleaning solution could cause copy quality defects.
  11. Gloves should be discarded after each cleaning. Clean hands immediately after gloves are removed.

 

 

 

“We’re looking at a tsunami”

https://mailchi.mp/a3d9db7a57c3/the-weekly-gist-march-20-2020?e=d1e747d2d8

Yesterday we spoke with a senior healthcare executive leading the COVID-19 response for a regional health system on the West Coast. Their area is now experiencing exponential growth of new cases, with the number of local diagnoses doubling every couple of days. In all likelihood, they’re less than two weeks from having the number of cases seen in harder-hit areas like San Francisco, Seattle and New York City. She said the “anticipation of what is about to happen” is the scariest part of the around-the-clock work they are doing to prepare.

But that two-week lead time has given them precious time to organize, and she generously shared key elements of their action plan. Their preparation work—surely similar to what hundreds of health systems around the country are doing—impressed us not only with its breadth, depth and comprehensiveness, but also the level of energy and confidence conveyed by the hundreds of actions and decisions, large and small, the system is making every day. Here are some of their important learnings so far:

  1. Even though the surge of patients has yet to begin, staff are “worried and scared”. They are concerned about PPE shortages and personal safety and stressed at home with schools and daycare closed. Detailed and regular communication is more critical than ever—and they’re trying to answer every inbound concern or question from associates directly. They are funding and expanding childcare options for staff, through partnerships with community organizations and daily stipends for home-based care.
  2. As the system works through worst-case scenario planning, they anticipate the need for critical care nurses, respiratory therapists, and emergency physicians will be the worst bottlenecks, and they are working to cross-train adjacent clinicians and build new staffing models to increase capacity. While most providers are deeply dedicated to providing care for COVID-19 patients, a small number have already “called off” and refused to report—creating unanticipated questions around how to manage these difficult situations.
  1. As they prepare to implement new surge staffing models, the system is now navigating through a period of downtime. With elective procedures cancelled and some ambulatory sites closed, they currently need fewer nurses and clinical staff than a month ago, and are creating policies, like allowing staff to go negative into PTO, to maintain income while they wait for the surge. Staff who must work in-person are working variable shifts to reduce crowding. They are also working to credential nurses and staff furloughed from local ambulatory surgery centers, so they have them ready to deploy when needed.
  1. IT staff are working nonstop to quickly make it possible for all eligible employees to work remotely, and to enable staff to safely gain access to the system’s intranet while guarding against new cybersecurity threats. The system is training and enabling hundreds of doctors to deliver care virtually, including affiliated independents.
  1. Guidelines for coronavirus patient management and recommended PPE practices change daily; it’s a full-time job for clinical leaders to keep up. Doctors are eager to try novel and creative treatments for very sick patients. (For instance, one doctor is developing a 3-D printed device that will allow one ventilator to be used for four patients simultaneously.) This eagerness to “do something” is understandable but creates a bit of chaos as leaders work to create policies around how to best manage patients.
  1. While leaders communicate with other health systems and local and state authorities daily, the vast majority of decisions are made internally, on the fly. For instance, the system is connecting with now-empty local hotels and universities to provide options for low-acuity patient capacity, but leaders hope that parallel efforts at other organizations can be brought together into a more unified regional response. For now, however, coordination would likely create unacceptable delays.
  1. Long-term health and stamina of staff is top among the system’s concerns. “If I borrow worry from the future”, this leader said, “I am worried that we are facing years-long trauma, both emotional and financial, and I’m not sure how we will sort it out”. For now, efforts to support staff and provide moments of relief and joy, are critical, and very appreciated by front-line team members.

We left this conversation emotionally overwhelmed ourselves, and with a huge sense of gratitude for clinicians and health system leaders. Americans can take comfort in the amount of work that is taking place even before critical patients begin to appear—and that doctors, nurses and hospitals are truly dedicated to providing us the best possible care under circumstances they have never faced before. If you know about creative approaches or new ideas organizations are putting in place to contend with the current situation, please let us know. We’re eager to share great ideas!

 

 

 

Healthcare’s number one financial issue is cybersecurity

https://www.healthcarefinancenews.com/node/139027?mkt_tok=eyJpIjoiTURRMk1tVTFaVE15TkRjMiIsInQiOiJPNUYydDU5cFVodjB4bnlnb2M0eVhDNjg2YU53NDl6MWFRQlVpUEpmTzV5cEcrVVZMWldhd1AzbHNlckIwUWJHczlhOVRMZUxxSngyWk02VVhXTktXRjN1OE9mbkQ2V2FhQlBqVFIzOWpMS0pNUEdCYWh0SUQyZWZHRmpBQjRFWiJ9

Image result for hospital cybersecurity

The cost of a healthcare breach is about $408 per patient record and that doesn’t include the loss of business, productivity and reputation.

Cyber attacks affect the finances of every hospital and insurer like no other.

“I’ve seen estimates of over $5 billion in costs to the healthcare industry annually,” said Lisa Rivera, a partner at Bass, Berry and Sims who focuses on healthcare security. “That’s enormous and is not going away.”

Beyond the cost to find a solution to fix breaches and to settle any civil complaints are fines from the Department of Health and Human Services Office of Civil Rights. In 2018, OCR issued 10 resolutions that totalled $28 million.

The HHS Office of Civil Rights is stepping up breach enforcement of private health information, according to Rivera, who is a former assistant U.S. Attorney and federal prosecutor handling civil and criminal investigations for the Department of Justice.

What officials want to see is that the hospital or insurer has taken reasonable efforts to avoid a breach.

“There is no perfect cybersecurity,” Rivera said. “They say it’s not perfection, it’s reasonable efforts. That’s going to require an investment up-front to see where data is located, and educating the workforce on phishing incidents.”

Also, hospital finance professionals who are relying more on contractors for revenue cycle management and analytics should take note on the security issues involved in sharing this information.

“Every sector of business has attacks, but healthcare is experiencing the largest growth of cyber attacks because of the nature of its information,” Rivera said. “It’s more valuable on the dark web.”

It’s also not easily fixed.

If an individual’s credit card is stolen, the consumer can cancel his or her credit card. But in health records, the damage is permanent.

THE IMPACT

Despite the number of breaches, healthcare has been behind other sectors in taking security measures. Four to seven percent of a health system’s IT budget is in cybersecurity, compared to about 15% for other sectors such as the financial industry, according to Rivera.

Hospitals are behind because first, it’s a challenge to keep up with the move to more information being in electronic form.

“There’s no hospital that doesn’t have mobile EHR information,” Rivera said. “Then there was this transition with incentives from the government to go to electronic medical records. There were vast routes to doing that without a lot of experience involved in doing it. The push to become electronic began happening with this enormous uptick in cyber attacks.”

Also, the focus of healthcare has always been patient care. The population health explosion also involves the sharing of information.

And consolidation across the healthcare industry can potentially make covered entities more vulnerable to lapses in security during the transition and integration phases.

RECOMMENDATIONS

The number one way to cut costs is to prevent a breach. Once one has happened, hospitals must be able to identify it as soon as possible and then be able to respond to it.

Hospitals should be able to determine where certain data goes off the rail, Rivera said. For instance, large systems doing research have outcome information that may not be within the system of protection.

“You don’t want to learn about a data breach because the FBI saw it on the dark web,” Rivera said. And some hospitals have.

It’s a constant battle of software updates and checks. Criminals are pinging systems thousands of times a day. It’s like locking down doors and windows.

The first thing that’s needed for systems large and small is a risk assessment. This is the first thing the OCR wants to see, she said. Many hospitals use an outside vendor to do the job.

Prices for other cybersecurity measures vary from a software purchase that could be in the millions, to having vendor monitoring.

But the cost of a healthcare breach is about $408 per patient record and that doesn’t include the loss of business, productivity, reputation and the service disruption.

Hospitals can also purchase cyber insurance, which varies in cost and coverage. Some obtain it for purposes of class action lawsuits.

THE LARGER TREND

OCR enforcement activity during 2018 demonstrates the agency’s continued emphasis on enforcing violations of the security risk assessment and risk management requirements, Rivera said.

Covered entities and business associates are required to: conduct a thorough assessment of the threats and vulnerabilities across the enterprise;    implement measures to reduce known threats and vulnerabilities to a reasonable and appropriate level; and ensure that any vendor or other organization accessing or storing private health information is security compliant.
The OCR concluded 2018 with an all-time record year for HIPAA enforcement  activity. The OCR settled 10 cases and secured one judgment, together totaling $28.7 million. This surpassed the previous record of $23.5 million from 2016.

In addition, OCR also achieved the single largest individual HIPAA settlement  of $16 million with Anthem, representing a nearly three-fold increase over the previous record settlement of $5.5 million in 2016. Anthem was held responsible for cyber attacks that stole the protected health information of close to 79 million people.

 

Hackers try to reroute payroll deposits at Texas health system

https://www.beckershospitalreview.com/cybersecurity/hackers-try-to-reroute-payroll-deposits-at-texas-health-system.html

Image result for phishing

After Wise Health System fell victim to a phishing attack, the hackers used the information to access an employee’s information in an attempt to reroute direct deposit checks, according to the Wise County Messenger.

The Decatur, Texas-based health system said the hackers tried to change around 100 payroll direct deposits. Wise County Messenger discovered the breach on April 5 because the hospital’s payroll system requires paper checks be printed for payrolls after any changes are made by employees.

When payroll was being processed, Wise Health System discovered an unusual number of checks that needed to be printed. This red flag spurred an investigation that found hackers gained access to the system through a phishing attack in March, Wise Count Messenger reports.

There has been no indication that the information was misused. All employees were still payed on time, and the health system required employees to change passwords immediately.

Because the security breach occurred through a phishing attack, Wise Health System has notified 35,000 patients whose information was stored in the email account that was affected. The email may have included patients’ medical record numbers, diagnostic and treatment information and potentially insurance information.

Wise Health System is offering affected patients identity theft protection services. All affected have been notified of the breach, reports Wise County Messenger.