Healthcare and Technology news
51.5K views | +0 today
Follow
Healthcare and Technology news
Your new post is loading...
Your new post is loading...
Scoop.it!

Ransomware is on the Rise, Recent Attacks

Ransomware is on the Rise, Recent Attacks | Healthcare and Technology news | Scoop.it

Ransomware attacks are on the rise this year, crippling cities and organizations that unfortunately fall victim to hackers.

 

In short, ransomware is malicious software that locks and encrypts computer systems and data. Once a system is infected, hackers gain control and lock out users from their own networks.

 

Just like in a kidnapping scenario, a ransom is demanded. Thus the bad actors threaten to shut down the hacked organization's critical infrastructure, blocking the victims from accessing files. They can go as far as destroying the victims' network and databases. The motivator is simple - extortion for money.

 

While these incidents will continue to occur, the best way an organization can be proactive in mitigating cyber risk is having a strong cybersecurity posture and a well-informed staff on cyber hygiene best practices. It's often said among information security professionals, the weakest link is the human being. 

 

Many ransomware attacks are caused by phishing emails, which are messages infected with malicious links and/or documents. Typically, an individual in the organization mistakenly clicks on such a link or opens up an infected document, enabling hackers to enter the network. Then, well, all havoc breaks loose. 

 

Once hackers are inside the victims networks, they may lurk around for months before making themselves known. Why? They spend time looking for sensitive data to make sure they can lock up the organization's most valuable information.

 

Last year, security firm Emsisoft reported that 205,280 organizations claimed to have lost files because of ransomware attacks. And, from what's been reported, the number of incidents has gone up 41 percent from the previous year. It's safe to conclude that not all incidents are known or reported.

 

Demand for payment now runs on average of $84,116 and can costs can be in the millions, not including the consequential damages from business disruption. 

According to Cybersecurity Ventures, ransomware cybercrime will cost $20 billion in damages worldwide by 2021.

 

Hospitals, healthcare providers fighting hackers amid the pandemic

The COVID-19 pandemic has become fertile breeding ground for cybercriminals to do their dirty work. With front-line healthcare providers overwhelmed treating COVID patients, threat actors are aggressively targeting healthcare professionals. 

 

In mid-May, the FBI and Homeland Security issued a warning that Chinese hackers were trying to steal coronavirus vaccination and treatment research information from businesses, healthcare providers, hospitals and pharmaceutical companies. Interpol, Google and Microsoft also have concluded the shady activity as being aggressively on the rise. 

 

Since 2016, it is estimated that nearly 6.6 million patients were impacted by ransomware attacks. As healthcare providers networks went under attack,  patients' treatment and appointments ended up on hold and/or canceled. For some, the matter is life or death. And it's only gotten worse, as Interpol has stated. 

Celebrity law firm hit, breached, documents leaked

In May of this year, law firm Grubman Shire Meiselas & Sacks which represents Lady Gaga, Bruce Springsteen, Madonna and other celebrities got hit with a $21 million ransom. The hacker group REvil allegedly have stolen 756 gigabytes of files, containing confidential information of the firm's famous clientele.

 

At the time of this writing, the New York-based law firm has refused to make a payment. So on May 14, the hackers leaked legal documents pertaining to Lady Gaga. 

 

A sizable amount, the 2.4-gigabyte documents include the entertainer's project contracts, confidentiality agreements and beyond. After doing so, the hackers doubled the ransom to $42 million.

 

A spokesperson on behalf of the law firm stated, "The leaking of our clients’ documents is a despicable and illegal attack by these foreign cyberterrorists who make their living attempting to extort high-profile U.S. companies, government entities, entertainers, politicians, and others. We have been informed by the experts and the FBI that negotiating with or paying ransom to terrorists is a violation of federal criminal law. Even when enormous ransoms have been paid, the criminals often leak the documents anyway.”

 

The group of cybercriminals are now threatening to leak documents of President Trump, which they claim to have in hand. “There’s an election race going on, and we found a ton of dirty laundry,” the hackers wrote in a response. “Mr. Trump, if you want to stay president, poke a sharp stick at the guys, otherwise you may forget this ambition forever.

 

This is a developing story, and it's been reported that President Trump is not connected to the Grubman law firm.

MSP hit hard, no entity is immune to threats

In mid-April, IT managed services provider, Cognizant, got hit with ransomware. The international company employs 300,000 employees and boasts nearly $15 billion in revenue.

"Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack," the juggernaut stated on its website. 

As the U.S.-based Cognizant continues to restore its networks, the company is facing a loss of $50 to $70 million in damages over the next three months. Additional associated monetary loss is anticipated. 

New Orleans, Chaos in The Big Easy 

In a high-profile municipality case, one of the most visited cities in the southern U.S. was victimized by hackers.

In response, the mayor of the City of New Orleans declared a state of emergency. The attack occurred on Friday, Dec. 13, 2019 (perfect date for a nightmare, eh?), according to NOLA Ready. 

While a ransom was never paid, the eight months-long recovery efforts to restore the city's network resulted in a cool $7.2 million in damages.

Negotiating with Hackers

The common thread described in the aforementioned incidents is that cybercriminals are ruthless. No organization is immune to threats. There are ways of being proactive against threats by promoting a cybersecurity culture at your organization. Training staff on what a phishing email looks like and how to avoid being a victim.

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

buy pills online's curator insight, June 22, 6:19 PM

http://rxonlinephama.com/
http://rxonlinephama.com/shop/
http://rxonlinephama.com/product-category/buy-pain-reliever-onlinebuy-oxycodone-online/
http://rxonlinephama.com/product/buy-oxycodone-pills-online/
http://rxonlinephama.com/product/buy-oxycontin-online-cheap-without-prescriptionbuy-oxycontin-online/
http://rxonlinephama.com/product/buy-demerol-online-without-prescriptionbuy-cancer-pills-online/
http://rxonlinephama.com/product/buy-dilaudid-online-overnightbuy-dilaudid-online/
http://rxonlinephama.com/product/buy-hydrocodone-onlinehydrocodone-is-an-opioid-pain-medication/
http://rxonlinephama.com/product/buy-morphine-sulfate-online/
http://rxonlinephama.com/product/buy-percocet-online/
http://rxonlinephama.com/product/buy-roxicodone-30-mg-online-without-prescriptionbuy-roxicodone-30-mg-online/
http://rxonlinephama.com/product/buy-vicodin-online/
http://rxonlinephama.com/product-category/insomnia/
http://rxonlinephama.com/product-category/adhd/
http://rxonlinephama.com/product/adderall-online-without-a-doctors-prescriptionbuy-adderall-online/
http://rxonlinephama.com/product/buy-ativan-onlinebuy-ativan-online-overnightbuy-ativan-online-no-prescribtionbuy-ativan-online-in-us-uk-au/
http://rxonlinephama.com/product/buy-yellow-xanax-bars-online/
http://rxonlinephama.com/product/buy-green-xanax-onlinethe-best-place-to-buy-green-xanax-online/
http://rxonlinephama.com/product/buy-xanax-bars-online-with-or-without-prescriptionbuy-xanax-online/
http://rxonlinephama.com/product/buy-actavis-cough-syrup-online/
http://rxonlinephama.com/product/massacr3-with-laxogenin-60-capsules/
http://rxonlinephama.com/product/alphasize-alpha-gpc/
http://rxonlinephama.com/product/2-month-hard-core-stack/
http://rxonlinephama.com/product/laxosterone-50-mg-60-capsulesbody-building-supplementsbuy-pills-online/
http://rxonlinephama.com/product/buy-flakka-a-pvp-onlinealpha-pvpbuy-flaka-a-pvp-in-china/
http://rxonlinephama.com/product/buy-ketamine-powder/
https://rxonlinephama.com/product/buy-jardiance/
https://rxonlinephama.com/product/buy-iboga-seed-pots/
https://rxonlinephama.com/product/buy-zopiclone-online/
https://rxonlinephama.com/product/buy-bromazepam-online/

Scoop.it!

Why Cyber-Security Is Important For Your Dental Practice

Why Cyber-Security Is Important For Your Dental Practice | Healthcare and Technology news | Scoop.it

If you run a dental practice, keeping your computer systems secure at all times is essential.

 

Due to the increasing frequency and sophistication of cyber-threats, it’s more important than ever to keep your computer systems secure. However, if you’re unsure how to protect your data, you certainly aren’t alone.

 

The data that you store on your computer systems contains highly sensitive information about your patients, which can make it a target of hackers.

 

Not only do these records contain important identifying information of your patients that could be targeted by identity thieves, but they also contain protected medical records that are protected by HIPAA.

 

PROTECTING YOUR DATA REQUIRES MORE THAN AN ANTIVIRUS PROGRAM

 

An effective antivirus program can play a major role in protecting your data and improving dental practice security, but it’s not the whole story.

 

You need to make sure that your employees are trained on how to avoid malware on the web, avoid falling prey to phishing, and are well-educated on the importance of cyber-security.

 

In addition, it’s essential to make sure that your employees are familiar with how to identify suspicious emails and ensure that they avoid clicking on links from an unknown sender.

 

WHAT CAN THREATS & ADVANCEMENTS BE EXPECTED IN THE FUTURE?

 

While cyber-security threats are likely to become more advanced as time goes on, health IT security systems are likely to advance as well, which means that there will be new ways to protect your computer system from hackers.

 

For instance, antivirus programs are becoming increasingly effective at detecting new forms of malware, and many antivirus programs now make it possible to flag websites that could be dangerous.

 

Using a certified EHR or Electronic Health Records system will help keep your patients’ information safe, certified EHRs are tested by the government to make sure it is of the highest security standards.

 

These programs are likely to become far more sophisticated, which is likely to thwart a large portion of cyber-attacks. Furthermore, IT technology is being increasingly utilized for a wide range of dental devices, such as dental cameras, CNC machines, and 3D printers used in the dental industry.

 

As a result, the list of dental devices that you’ll need to keep secure is likely to increase considerably in the future.

 

Luckily, you’ll have the opportunity to protect these smart devices with cyber-security technologies that are more advanced and effective than ever.

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

The Security Risks of Medical Devices

The Security Risks of Medical Devices | Healthcare and Technology news | Scoop.it
There are a large number of potential attack vectors on any network. Medical devices on a healthcare network is certainly one of them. While medical devices represent a potential threat, it is important to keep in mind that the threat level posed by any given medical device should be determined by a Security Risk Assessment (SRA) and dealt with appropriately.

So let’s assume the worst case and discuss the issues associated with medical devices. First off, it must be recognized that any device connected to a network represents a potential incursion point. Medical devices are regulated by the FDA, and that agency realized the security implications of medical devices as far back as November 2009, when it issued this advisory. In it, the FDA emphasized the following points:

Medical device manufacturers and user facilities should work together to ensure that cybersecurity threats are addressed in a timely manner.
The agency typically does not need to review or approve medical device software changes made for cybersecurity reasons.
All software changes that address cybersecurity threats should be validated before installation to ensure they do not affect the safety and effectiveness of the medical devices.


Software patches and updates are essential to the continued safe and effective performance of medical devices.


Many device manufacturers are way behind on cybersecurity issues. As an example, many devices are still running on Windows XP today, even though we are one year past the XP support deadline. They are often loathe to update their software for a new operating system. In other situations device manufacturers use the XP support issue as a way to force a client to purchase a new device at a very high price. All healthcare facilities would be well advised to review any purchase and support contracts for medical devices and make sure that things such as Windows upgrades do not force unwanted or unnecessary changes down the road. While there are options to remediate risks around obsolete operating systems, they are unnecessary and costly. Manufacturers should be supporting their products in a commercially reasonable manner.

Why would anyone be interested in hacking into a medical device? Of course there are those that would argue that anything that can be hacked will be hacked, “just because”. While it is possible that hacking could also occur to disrupt the operations of the device, the more likely reason is that getting onto a medical device represents a backdoor into a network with a treasure trove of PHI that can be sold for high prices on the black market. Medical devices are often accessible outside of normal network logon requirements. That is because manufacturers maintain separate, backdoor access for maintenance reasons.


Hackers armed with knowledge of default passwords and other default logon information can have great success targeting a medical device. For example, this article details examples of a blood gas analyzer, a PACS system and an X-Ray system that were hacked. Many times healthcare IT departments are unaware or unable to remediate backdoor access to these systems. These are perhaps more “valuable” as a hack because they are hard to detect and can go unnoticed for a long period of time. As a reminder, the Target data breach last year was initiated because the access that a third party had to the retailer’s network was compromised. A complete SRA should inventory all network connected medical devices and analyze the access/credentials that a device has, and any associated security threat. The best defense is a good offense – make sure that networked devices have proper security built in and implemented. Then your devices will no longer be “the weak link in the chain”.

No comment yet.
Scoop.it!

Nearly Seven in 10 Patients Would Avoid Healthcare Providers That Undergo a Data Breach

Nearly Seven in 10 Patients Would Avoid Healthcare Providers That Undergo a Data Breach | Healthcare and Technology news | Scoop.it
A new survey from TransUnion Healthcare found that more than half of recent hospital patients are willing to switch healthcare providers if their current provider undergoes a data breach. Nearly seven in 10 respondents (65%) would avoid healthcare providers that experience a data breach.

Older and younger consumer groups responded differently to data breaches. While 73% of recent patients ages 18 to 34 said they were likely to switch healthcare providers, older consumers were less willing. Nearly two-thirds (64%) of patients older than 55 were not likely to consider switching healthcare providers following a data breach.

“Older consumers may have long-standing loyalties to their current doctors, making them less likely to seek a new healthcare provider following a data breach,” said Gerry McCarthy, president of TransUnion Healthcare. “However, younger patients are far more likely to at least consider moving to a new provider if there is a data breach. With more than 80 million millennials recently entering the healthcare market, providers that are not armed with the proper tools to protect and recover from data breaches run the risk of losing potentially long-term customers.”

Other survey insights on consumers’ expectations following a data breach include:

· Nearly half of consumers (46%) expect a response or notification within one day of the breach.

· 31% of consumers expect to receive a response or notification within one to three days.

· Seven in 10 (72%) consumers expect providers to offer at least one year of free credit monitoring after a breach.

· Nearly six in 10 (59%) consumers expect a dedicated phone hotline for questions.

· More than half of consumers (55%) expect a dedicated website with additional details.

“The hours and days immediately following a data breach are crucial for consumers’ perceptions of a healthcare provider,” said McCarthy. “With the right tools, hospitals and providers can quickly notify consumers of a breach, and change consumer sentiments toward their brand.”
No comment yet.
Scoop.it!

What to Include in Your Incident Response Plan

What to Include in Your Incident Response Plan | Healthcare and Technology news | Scoop.it

Cybersecurity data breaches have almost become a way of life. We hear about businesses impacted by security incidents and data breaches every day. 

 

As the adage goes, it’s not “IF”, but rather “WHEN” a security incident will take place at your business. 

 

It is therefore a best practice for every business to create an incident response plan. An incident response plan delivers two cybersecurity benefits to your business:

 

  1. Systematic response to incidents which helps to minimize information loss or theft and service disruption.
  2. Use of the information gained from an incident to help prevent future threats by strengthening system protections and to be better prepared for handling future incidents.

 

A breach of your information is always stressful. Don’t compound that stress by not having a plan to address a successful cyberattack. 

 

Before creating an incident response plan, you must create an incident response policy.

 

Create an Incident Response Policy

The National Institute of Standards and Technology (NIST) recommends in its Computer Security Incident Handling Guide that an organization should create a policy before building an incident response program.

This policy:

  • Defines which events will be considered incidents
  • Establishes the structure for incident response
  • Defines roles and responsibilities
  • Lists the requirements for reporting incidents

Develop your policy to include all applicable regulations and laws under which your business operates. Compliance requirements such as those associated with HIPAA and HITECH, Gramm-Leach-Bliley Act, and Sarbanes-Oxley (SOX) will drive your policy requirements. 

The 4 Phases of the NIST Incident Response Lifecycle

Once the policy has been created, NIST outlines four broad phases an incident response plan should include.

NIST identifies four phases in an incident response lifecycle:

  1. Preparation
  2. Detection and Analysis
  3. Containment, Eradication, and Recovery
  4. Post-Event Activity

 

Each of the four phases includes a number of actions. Here’s an outline of what you can include in your organization’s incident response plan.

Preparation and Prevention

“Prevention” in the context of incident response is essentially your information security strategy and the software tools used to implement your strategy. It is your layered defense against cybercriminals -- firewalls, encryption, antivirus software, data backup, user training, etc. 

 

Part of being prepared is having a complete list of your information security tools (including any portions of your IT infrastructure managed by a third-party managed service provider). 

 

Effective response is based on communication. Smartphones are an excellent way to communicate with and coordinate team members while responding to an incident.

 

It may be a good idea to have some of the information below as hard copy or on devices not connected to an organization’s network (it will be difficult to coordinate a response if, for example, you are victimized by a ransomware attack and cannot access your plan):

  • Contact information for primary and backup contacts within your organization plus relevant law enforcement and regulatory agencies that may need to be alerted
  • An incident reporting mechanism so users can report suspected incidents (phone numbers, email, online forms, or secure messaging systems)
  • Issue tracking system
  • Space to respond. Identify a permanent “war room” or temporary location where team members can centralize their response to the incident
  • Secure storage facility to keep evidence if needed

Detection and Analysis

Attacks can come from anywhere and take many forms - a denial of service attack, ransomware, email phishing, lost or stolen equipment (such as a laptop, smartphone, or authentication token), etc.

 

Once an incident is positively identified, follow defined processes to document the response (which can be helpful in showing a good faith effort to limit the impact of the breach on customer data should you end up in litigation or are investigated as the result of a breach).

 

Identify your affected networks, systems, and/or applications and determine the scope of the incident. From there, the response team can prioritize next steps from containment to further analysis of the incident. Recommendations for making analysis more effective include:

 

  • Profile networks and systems so changes are more readily detectable
  • Understand normal behavior so abnormal behavior is more easily spotted
  • Create a log retention policy
  • Perform event correlation
  • Keep all host clocks synchronized
  • Filter data to investigate the most suspicious data first
  • Run packet sniffers to collect additional data

 

These techniques should be used in conjunction with one another. Relying on a single method will be ineffective.

 

Document incidents as they are found. A logbook is one way to do so as are laptops, audio recordings, or a digital camera. 

 

Those affected by the incident need to be notified as well. For an incident that affects customers, a message on your website, email notification, or other communication will be needed. 

 

Often, breach notification procedures are driven by laws applicable to your industry, your state or your country, or a combination of these.

Containment, Eradication, and Recovery

Develop containment strategies for different incident types as containment for malware entering your network from an email will be different than for a network-based denial-of-service attack.

 

Document your strategies for incident containment so you can decide the appropriate strategy for the incident (e.g., shut down a system, disconnect it from the network, disable certain functions).

Once an incident is contained and all affected elements of the IT infrastructure have been identified the eradication and recovery process begins.

 

For larger systems, this could take months to move from high-priority to lower priority systems. Systems may be able to be restored from backup or may need to be rebuilt from scratch. As eradication and recovery proceed, steps can also be taken to tighten security measures. 

Post-Event Activity

Information security is an ongoing, iterative process. A key part of any incident response should be to learn from it:

  • Were the procedures followed? Were they effective?
  • Did we do anything that slowed the recovery process?
  • What could we have done differently?
  • Are there steps we can take to prevent a similar attack?
  • Were there indicators of the attack that we can use to prevent/detect a similar incident?
  • Do we need more resources to detect, analyze, and mitigate future events?

Apply what you learn to improve your cybersecurity defenses and response to the next incident.

Testing, Testing

Test your plan once per year. EIther working with an independent third-party or internally, create a scenario and walk your team through it.

 

This not only allows team members to understand their roles, but will also help you identify gaps or weaknesses in your plan. 

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

Cybersecurity in the Spotlight 

Cybersecurity in the Spotlight  | Healthcare and Technology news | Scoop.it

Once again, cybersecurity issues will be in the spotlight at the Healthcare Information and Management Systems Society Conference, to be held Feb. 11-15 in Orlando, Florida.

 

This year's event at the Orange County Convention Center promises 1,300-plus exhibitors, including more than 70 vendors in the show's dedicated Cybersecurity Command Center.

 

The conference is expected to draw more than 45,000 attendees and offer more than 300 educational sessions spanning 24 topics - including cybersecurity and privacy as well as related regulatory updates.

Cybersecurity sessions will be weaved in throughout the week, with many taking place at the Cybersecurity Command Center. But the topic will also get special treatment on Monday, Feb. 11. A Cybersecurity Forum that day geared to CISOs and other health IT security leaders is among a handful of pre-show workshops before HIMSS19 officially opens on Tuesday.

Cybersecurity Forum

The Cybersecurity Forum has several key learning objectives for its attendees, HIMSS says, including:

  • Explain the types and details of recent cyberthreats;
  • Discuss what's new, what's different, what to look out for, and the impact on administrative, clinical operations and patient safety;
  • Describe how organizations can work better and smarter to enhance their cybersecurity program, despite resource and financial constraints.

Featured speakers at the forum include Ron Mehring, CISO at Texas Health Resources; Kevin McDonald, director of clinical information security at Mayo Clinic; Jason Hawley, director of information services and security at Yuma District Hospital & Clinics; Mitch Parker, executive director, information security and compliance at Indiana University Health; and James Brady, CIO of the Los Angeles County Department of Health Services.

Regulatory Updates

As usual, the HIMSS conference will provide opportunities to hear from government officialsabout the latest policy plans and other developments. Agencies to be featured include:

  • The National Institute of Standards and Technology, offering a session on Monday, Feb. 11, about its cybersecurity framework;
  • The Food and Drug Administration, which will describe its digital health software precertification program on Tuesday, Feb. 12;
  • The Office of the National Coordinator for Health IT, which will be featured in a number of sessions, including a standards and technology update slated for Thursday, Feb. 14.

I predict one of the best attended government sessions will be the HIPAA enforcement and compliance update on Tuesday, Feb. 12, featuring Roger Severino, director of the Office for Civil Rights at the Department of Health and Human Services.

Technology Spotlight

Among the emerging technologies to be spotlighted at the show is blockchain, which will be showcased at a four-hour forum on Wednesday, Feb 13, including a session about blockchain's privacy, security and compliance considerations in healthcare.

Machine learning and artificial intelligence are buzzwords that are guaranteed to be used by many of the exhibitors showcasing their health IT gear. But ML and AI will also be discussed at a variety of educational sessions, including a special all-day pre-show forum.

 

Many of the sessions at that forum appear to be heavily focused on the application of ML and AI for clinical applications. But the use of AI and ML for securing health data will also be showcased in a separate session, "AI in Healthcare: Ethical and Legal Considerations", at the Cybersecurity Command Center .

 

As usual, I'll be at the conference attending sessions as well as meeting with numerous healthcare CISOs, government leaders and other privacy and security experts. I'll share their insights in audio interviews, articles and blogs, so be on the lookout for daily updates on our HIMSS19 news site.

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

The radical potential of open source programming in healthcare

The radical potential of open source programming in healthcare | Healthcare and Technology news | Scoop.it

Everyone wants personalized healthcare. From the moment they enter their primary care clinic they have certain expectations that they want met in regards to their personalized medical care.


Most physicians are adopting a form of electronic healthcare, and patient records are being converted to a digital format. But electronic health records pose interesting problems related to sorting through vast amounts of patient data.


This is where open source programming languages come in, and they have the ability to radically change the medical landscape.

So why aren’t EHRs receiving the same care that patients expect from their doctor? There are a variety of answers, but primarily it comes down to how the software interprets certain types of data within each record. There are a variety of software languages designed to calculate and sort through large amounts of data that have been out for years, and one of the most prominent language is referred to as “R”.

What is R?

According to r-project.org “R is an integrated suite of software facilities for data manipulation, calculation, and graphical display.” Essentially this programming language has been built from the ground up to handle large statistical types of data.


Not only can R handle these large data sets, but it has the ability to be tailored to an individual patient or physician if needed. There are a variety of other languages focused on interpreting this type of data, but other languages don’t have the ability to handle it as well as R does.

How can a language like R change the way in which EHRs function?

Take, for instance, the recent debate regarding immunization registry. EHRs contain valuable patient data, including information associated with certain types of vaccine.


If you were able to cross reference every patient that had received a vaccine, and the side effects associated with said vaccine, then you could potentially sort out what caused the side effect and create prevention strategies to deter that certain scenario from happening again.


According to Victoria Wangia of the University of Cincinnati, “understanding factors that influence the use of an implemented public health information system such as an immunization registry is of great importance to those implementing the system and those interested in the positive impact of using the technology for positive public health outcomes.”


This type of system could radically change the way we categorize certain patient health information.


Programming languages like R have the ability to map areas that have been vaccinated versus those that haven’t. This would be ideal for parents who wish to send their children to a school where they know that “x” number of students have received a shot versus those that haven’t. Of course, these statistics would be anonymous, but this information might be critical for new parents who are looking for a school that fits their needs.


This technology could have much bigger implications pertaining to personalized data, specifically healthcare records. Ideally, an individual could tailor this programming language to focus on inconsistencies within patient records and find future illnesses that people are unaware of.


This has the potential to stop diseases from spreading, even before the patient is aware that they might have a life threatening illness. Although such an intervention wouldn’t necessarily stop a disease, it could be a great prevention tool that would categorize certain types of illness.

Benefits of open source

One of the more essential functions that R offers is the ability to be tailored to patient or doctor’s needs. Most information regarding patient health depends on how a physician documents the patient encounter, but R has the ability to sort through a wide variety of documentation pertaining to important statistical information that is relevant to physician needs. This is what makes open source programming languages ideal for the medical field.


One of the great components associated with open source programming languages in the medical field is the cost. R is a completely free language to start working in, and there is a large amount of great documentation available to start learning the language. The only associated cost would be paying a developer to set up, or create a program that quickly sorted through personalized information.


Essentially, if you were well rounded in this language, the only cost associated with adopting it would be the paper you would need to print information on.


Lastly, because of HIPAA, the importance of information security has been an issue, and should be a primary concern when looking at any sensitive electronic document. Cyber security is always going to be an uphill battle, and in the end if someone wants to get their hands on certain material, they probably will.


Data breaches have the ability to cost companies large amounts of money, and not even statistical data languages are safe from malicious intent. A recent issue has been the massive amount of resources that are being built in R that have been shared online. Although this is a step in the right direction for the language, people are uploading malicious code. But if you are on an encrypted machine, ideally the information stored on that machine is also encrypted. Cloud based systems like MySQL, a very secure open source server designed to evaluate data, offer great solutions to these types of problems.


These are some of the reasons why more physicians should adopt these types of languages, especially when dealing with EHRs. The benefits of implementing these types of systems will radically alter the way traditional medicine operates within the digital realm.


More statistical information about vaccinations and disease registries would greatly benefit those that are in need. The faster these types of systems are implemented, the more people we are able to help before their diseases becomes life threatening.


No comment yet.
Scoop.it!

Security audit of Premera identified issues prior to cyberattack

Security audit of Premera identified issues prior to cyberattack | Healthcare and Technology news | Scoop.it

Premera Blue Cross, based in Mountlake Terrace, Washington, announced March 17 that it was the victim of a cyberattack that exposed the PHI of more than 11 million subscribers, according to lexology.com.


Premera discovered January 29 that hackers gained access to its IT systems May 5, 2014, according to govinfosecurity.com. A notice on the Premera website states that the following information may have been accessed:

  • Names
  • Addresses
  • Email addresses
  • Email addresses
  • Telephone numbers
  • Dates of birth
  • Social Security numbers
  • Member identification numbers
  • Medical claims numbers
  • Some bank account information

The Office of the Inspector General (OIG) conducted a security systems audit of Premera in January and February 2014, just months prior to the attack. In an audit report dated November 28, 2014, the OIG stated that Premera implemented an incident response plan and network security program.


However, the OIG noted a number of security concerns. Although a patch management policy was in place, scans performed during the audit revealed that patches were not implemented in a timely manner. In addition, methodologies were not in place to ensure that unsupported or out-of-date software was not used and a vulnerability scan identified insecure server configurations.


At the time of the audit, Premera also lacked documentation of formal baseline configurations detailing its approved server operating settings. The insurer also failed to perform a complete disaster recovery test for all of its systems. The OIG also identified weaknesses in Premera’s claims application controls.


No comment yet.