Category Archives: Information Security

A resurgent interest in outsourcing

Posted on by Posted in Core Services, Health System, Hospital, Hospital Industry, Information Security, Information Technology, Non-Core Services, Outsoucing, Population Health, Vendor Relationship Management Leave a comment

https://mailchi.mp/12e6f7d010e1/the-weekly-gist-february-24-2023?e=d1e747d2d8

Unsurprisingly, given the mounting economic pressures many health systems are facing, we’re beginning to hear more discussions among executives about outsourcing non-core services as a way of containing costs. Whether it’s contracting with an outside company for things like laundry and dietary services, or more extensive outsourcing to vendors for revenue cycle and IT services (such as the much-ballyhooed partnerships with Optum that have grabbed headlines recently), we’ve seen a resurgence of interest in finding ways to offload key areas of non-clinical operations.

In some ways it makes sense: we’ll stick to our knitting, and let someone else handle areas that they’re probably better at. But a recent comment from one system CEO captured our concern about the outsourcing trend. “For us, outsourcing is like Lucy and the football…we’ve been here before.

What we’ve learned is the complexity of managing the vendor relationship often outweighs any potential cost savings. And in the end, we never seem to garner enough savings to make it worth the effort.” 

As to the broader “partnerships” around revenue cycle, IT, and population health, she added, “We’d never give up control of those aspects of the business—they’re too important. Plus, I’m not sure how you’d ever unwind it once you’d let your own staff become employed by a vendor. We’ll be keeping a close eye on these outsourcing deals as the year goes on, and we’d love to hear your experience with the strategy as well.

Healthcare hacking on the rise

Posted on by Posted in Cybersecurity, Data Breaches, Data Privacy, Data Security, Health System, HIPAA, Hospital, Hospital Industry, Information Security, Information Technology, Internal Audit, Internal Control, Legacy Technology, Privacy, Rev Cycle Management, Revenue Cycle, Risk Management, Risk Mitigation Leave a comment

https://mailchi.mp/ef14a7cfd8ed/the-weekly-gist-august-6-2021?e=d1e747d2d8

From the largest global meat producer to a major gas pipeline company, cyberattacks have been on the rise everywhere—and with copious amounts of valuable patient data, healthcare organizations have become a prime target.

The graphic above outlines the recent wave of data attacks plaguing the sector. Healthcare data breaches reached an all-time high in 2020, and hacking is now the most common type of breach, tripling from 2018 to 2020. This year is already on pace to break last year’s record, with nearly a third more data breaches during the first half of the year, compared to the same period last year.

Recovering from ransomware attacks is expensive for any business, but healthcare organizations have the highest average recovery costs, driven by the “life and death” nature of healthcare data, and need to quickly restore patient records. A single healthcare record can command up to $250 on the black market, 50 times as much as a credit card, the next highest-value record. Healthcare organizations are also slower to identify and contain data breaches, further driving up recovery costs.

A new report from Fitch Ratings finds cyberattacks may soon threaten hospitals’ bottom lines, especially if they affect a hospital’s ability to bill patients when systems become locked or financial records are compromised. The rise in healthcare hacking is shining a light on many health systems’ lax cybersecurity systems, and use of outdated technology.

And as virtual delivery solutions expand, health systems must double down on performing continuous risk assessments to keep valuable data assets safe and avoid disruptions to care delivery.

HP unveils advanced security for remote workers — and shows how to disinfect your laptop

Posted on by Posted in Centers for Disease Control & Prevention (CDC), Crisis, Crisis Management, Cybersecurity, Data Security, Email, Infection Control, Infectious Virus, Information Security, Information Technology, Supply Chain Leave a comment

https://www.venture-med.com/hp-unveils-advanced-security-for-remote-workers-and-shows-how-to-disinfect-your-laptop/

HP has unveiled advanced security for businesses and their remote workforces and disclosed an extensive guide to disinfecting your laptop and other computer equipment.

The new offerings include HP Pro Security Edition, HP Proactive Security, and HP Sure Click Enterprise. These are aimed at the security threats that evolve and disrupt business every day.

With the recent surge of remote workers — due to work-from-home rules forced upon us by COVID-19 — HP said we must all be aware of the increased risks of working from home. Over 80% of home office routers have been found to be vulnerable to potential cyberattacks.

Emails also pose a significant risk to organizations, with over 90% of PC infections originating from attachments and 96% of security  breaches not discovered until months later. There are 5 billion new threats per month, based on HP’s estimates.

“Our HP Pro Security Edition takes Sure Sense and Sure Click and bundles [them] with our system,” said Andy Rhodes, global head of commercial PCs, in a press briefing. “Endpoints are still an enormous risk — 90% of infections originate with emails. Every user is at risk here.”

HP Pro Security for small businesses.

With public health concerns over COVID-19 spreading worldwide, HP wants customers to have the information they need to effectively clean HP devices and maintain a healthy work environment.

The Centers for Disease Control and Prevention (CDC) recommends cleaning surfaces, followed by disinfection, as a best practice for the prevention of COVID-19 and other viral respiratory illnesses in households and community settings.

In fact, HP has issued its own whitepaper for cleaning your devices.

“We get asked [about] this every day,” said Rhodes. “If you use the wrong disinfectant, you can actually damage the product.”

A CDC-recommended disinfectant that is also within HP’s cleaning guidelines is an alcohol solution consisting of 70% isopropyl alcohol and 30% water.

The steps below use the CDC-recommended alcohol solution to clean high-touch, external surfaces on HP products:

  1. Wear disposable gloves made of latex (or nitrile gloves if you are latex-sensitive) when cleaning and disinfecting surfaces.
  2. Turn off the device and disconnect AC power (printers should be unplugged from the outlet). Remove batteries from items like wireless keyboards. Never clean a product while it is powered on or plugged in.
  3. Disconnect any external devices.
  4. Moisten a microfiber cloth with a mixture of 70% isopropyl alcohol and 30% water. Do not use fibrous materials, such as paper towels or toilet paper. The cloth should be moist, but not dripping wet. (Isopropyl alcohol is sold in most stores, usually in a 70% isopropyl alcohol/30% water solution. It may also be marketed as rubbing alcohol.)
  5. Do not spray any liquids directly onto your device.
  6. Gently wipe the moistened cloth on the surfaces to be cleaned. Do not allow any moisture to drip into areas like keyboards, display panels, or USB ports located on the printer control panels, as moisture entering the inside of an electronic product can cause extensive damage to the product.
  7. Start with the display or printer control panel (if applicable) and end with any flexible cables, like power, keyboard, and USB cables.
  8. When cleaning a display screen or printer control panel, carefully wipe in one direction, moving from the top of the display to the bottom.
  9. Ensure surfaces have completely air-dried before turning the device on after cleaning. No moisture should be visible on the surfaces of the product before it is powered on.
  10. After disinfecting, copier/scanner glass should be cleaned again using an office glass cleaner sprayed onto a clean rag to remove streaking. Streaking on the copier/scanner glass from the CDC-recommended cleaning solution could cause copy quality defects.
  11. Gloves should be discarded after each cleaning. Clean hands immediately after gloves are removed.