The digital health space refers to the integration of technology and health care services to improve the overall quality of health care delivery. It encompasses a wide range of innovative and emerging technologies such as wearables, telehealth, artificial intelligence, mobile health, and electronic health records (EHRs). The digital health space offers numerous benefits such as improved patient outcomes, increased access to health care, reduced costs, and improved communication and collaboration between patients and health care providers. For example, patients can now monitor their vital signs such as blood pressure and glucose levels from home using wearable devices and share the data with their doctors in real-time. Telehealth technology allows patients to consult with their health care providers remotely without having to travel to the hospital, making health care more accessible, particularly in remote or rural areas. Artificial intelligence can be used to analyze vast amounts of patient data to identify patterns, predict outcomes, and provide personalized treatment recommendations. Overall, the digital health space is rapidly evolving, and the integration of technology in health

Wednesday, October 2, 2019

A Phishing Epidemic: Constant Stream of Reports | The Pulse



Since at least the beginning of the summer, it seems as though no day can go by without another phishing incident being reported by a healthcare entity. The reports are almost always the same too. …
Not many practices are equipped to deal with breaches of patient data. In the not too distant past individual medical practices and/or hospitals owned and housed their own servers.  The task of monitoring was left to each individual practice.  Today in the world of the cloud programs and data are housed online in a cloud, perhaps mirrored in multiple locations.  The chance of a cybersecurity breach increased exponentially and will continue to do so.

. After some period of time (usually not the same day), the unauthorized activity will be found in the email account of one or more employees. A forensic analysis will be conducted that cannot conclusively determine what, if any, patient information or other data were accessed. Out of an abundance of caution though, breach notification is provided to enable potentially impacted individuals to monitor accounts in the event of suspicious activity, with the entity sometimes covering the cost of such monitoring.

When asked how they would respond to slow or ineffective communication after a data breach, 66 percent said they would stop doing business with the organization, and 45 percent said they would tell their friends and family to do the same. This figure includes other industries besides health care. Physician loyalty and due to lack of alternate sources may keep patients captured unwillingly. This places even greater responsibility on health care institutions.


This goes far beyond the time and expertise of medical practices and hospitals. Recent news events reveal that even major health systems notify their clients many weeks to months after the breach. Today's technology of email, e-messaging,   and patient portals enables hospitals to notify patients.

Three-quarters of respondents said they expected a government agency to notify them within 24 hours of a breach; 73 percent expected the same response time for healthcare organizations, and only 61 percent held retailers to that standard — all lower than the 83 percent who expected banks to respond within a day.

In the healthcare sector, millions of patient records have been exposed in 2019. One of the biggest exposures of information involved American Medical Collection Agency, a billing, and collections firm that was business associate of Quest Diagnostics and Labcorp.

The FDA issues a cyber warning for medical devices, hospital networks





As remote monitoring and medical devices proliferate there is a greater risk of unauthorized access to personal data, especially if a wireless device is used for the transfer of information.

How do organizations (medical and hospitals deal with this problem?  Training and familiarity with phishing techniques.  A large measure of cybersecurity is 'avoidance'.Most breaches are due to human errors.

Leaving aside the content of a notice, the real issue of concern is how to prevent or reduce the frequency of successful phishing attacks. Getting to the root of that problem requires turning a critical internally at an organization. The first step is education and training of the workforce. The subject of another blog on the Pulse, awareness among employees of security policies is lacking. As such, taking the time to push out information and training on what phishing is, how attacks occur, and what to do to prevent an attack is essential. Training does not need to be lengthy as key facts and tidbits can be conveyed through 5-minute videos or similar media. The step to take is to get the material into the hands of all individuals across an organization. Distributing materials can then transform individuals into active components of a comprehensive security process.





In considering training, what should be included? Real-world examples are frequently helpful because understanding how exactly an attack might come about is invaluable. Examples of training can be taking actual phishing emails and pointing out some of the key clues as to why an individual should identify the email as phishing. Elements can include (i) unsolicited messages about an account being compromised; (ii) bad grammar or phrasing that seems slightly off; (iii) spoofing letters by combining others letters to look the same (consider “m” and “rn” which in the right font can look nearly identical); (iv) pushing for action by preying upon an innate desire to helpful; or (v) email addresses or links that claim to be from or to a known place, but actually divert elsewhere if the highlighted link is reviewed.

 While these elements require an individual to stop and think about what is happening, the step of stopping to think about what to do is important and can be drilled home through education and training.

In addition to education and training, organizations should increase efforts to audit and monitor systems. Auditing and monitoring is admittedly a daunting task though. Enormous amounts of data go through systems all of the time and the pace of data will not slacken anytime soon. However, volume cannot be an excuse for throwing one’s proverbial hands in the air. Instead, it can be viewed as an opportunity to acquire and/or develop new tools to help. Additionally, some level of manual effort can also be utilized to comb through systems and look for suspicious activity. At the end of the day, a sign of victory is finding an issue in as short a period of time as possible and not letting n intruder roam unfettered through systems.


Stopping all phishing attacks is likely impossible







A Phishing Epidemic: Constant Stream of Reports | The Pulse:

















2 comments:

  1. Anyone can be a hero ..you can too. Learn CPR Save Lives! #WorldHeartDay2019 #KamineniHospitals
    Click Here to Learn CPR

    ReplyDelete
  2. Nice article for Health Promotion.
    Up to 78.2 billion dollars a year are wasted on poor care coordination. Our Care.Wallet is the most efficient solution available to address this issue. Watch how we are revolutionizing healthcare in this solve care .

    ReplyDelete