IT Support and Hardware for Clinics
35.9K views | +1 today
Follow
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...
Scoop.it!

Malware in the Cloud: What You Need to Know

Malware in the Cloud: What You Need to Know | IT Support and Hardware for Clinics | Scoop.it

Cloud security is not as simple as it may seem. Businesses have a shared security responsibility with cloud service providers, but some lack the knowledge to keep up their share of the bargain. Poor configuration and data leaks are common problems that many businesses encounter in the cloud. These issues can lead to malware infecting your cloud computing environment.

Here are a few of the different types of malware that can disrupt your cloud services.

DDoS Attacks

Botnets are becoming more and more common, with malware-as-a-service being offered by more malicious actors at an increasingly cheap price. Self-service cloud offerings allow these attackers to easily gain access and notoriety by launching large-scale DDoS attacks, which have been measured at speeds of up to 30 Gbps. Since cloud computing hosts multiple customers in a single cloud, these attacks can affect your cloud environment, as well.

Hypercall Attacks

An attacker uses a Virtual Machine (VM) to intrude the victim’s VM by exploiting the Virtual Machine Manager (VMM) hypercall handler. This gives the attacker the ability to access VMM privileges and possibly even execute malicious code.

Hypervisor DoS

This attack uses a high percentage of your hypervisor’s resources in order to leverage flaws in design or setup. Researchers found that this malware accounted for 70 percent of malware attacks targeting cloud providers’ hypervisor, which manages customers’ virtual environments. One study found that 71.2 percent of all Xen and 65.8 percent of all KVM vulnerabilities could be exploited by a guest VM. For the sake of context, AWS uses Xen for its hypervisor, and Google uses a proprietary version of KVM.

Co-Location

An attacker tries to find the target VM’s host in order to place their own VM on the same host. This is used to gain leverage in cross-VM side-channel attacks, such as Flush/Reload or Prime and Probe.

Hyperjacking

This is where an attacker tries to take control of the hypervisor, sometimes using a virtual machine-based rootkit. If the attacker is successful, they will have access to the entire machine. This could be used to change the behavior of the VM, causing it to be partially or fully compromised.

Man in the middle (MITM)

MITM is when an attacker can intercept and/or change messages exchanged between users. Ghostwriter is a common precursor to a MitM attack. This allows the attacker access to a misconfigured cloud configuration with public write access.

Exploiting Live Migration

During migration from one cloud service provider to another, the cloud management system is tricked into creating multiple migrations, which turns into a denial-of-service attack. This can also be used to potentially craft a VM Escape.

VM Escape

This accounts for 13.1 percent of all malware attacks on virtual machines in cloud environments. VM Escape involves running in a VM and escaping to infect the hypervisor. The goal in this attack is to obtain root privileges, host OS control and maybe even full access across the environment.

Flush/Reload

This attack utilizes a memory optimization technique known as memory deduplication. By enacting a sophisticated cross side-channel technique, a malicious actor can detect a full AES encryption key.

Prime and Probe

This is a VM cross side-channel attack that utilizes cache instead of memory. The attacker fills the cache with some of their own information. Once the victim uses the VM, the attacker uses this information to see which cache lines were accessed by the victim. This method has been used to recover an AWS encryption key.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

6 Reasons Why NOT Having Your Server In-house is a Good Idea

6 Reasons Why NOT Having Your Server In-house is a Good Idea | IT Support and Hardware for Clinics | Scoop.it

Benefits of having cloud based laboratory information system.

The myths surrounding data storage on Cloud are many. Most of us have preconceived notions regarding data safety and security, data vulnerability, storage, data retrieval& transfer, etc. However, what we fail to remember is that data storage on Cloud is extremely reliable and robust with most banks and financial institutions using it seamlessly. Therefore, it is about time that the healthcare fraternity embraces Cloud wholeheartedly to explore and take complete advantage of this cutting edge technology solution.

 

Today, we take a peek into the most evident advantages of having your Laboratory Information System on Cloud and what makes it one of the smartest business choices you will ever make:

1. No Hassle in data Accessibility

In this age of evidence-based medicine, data accessibility is of paramount importance as far as effective patient care is concerned. Cloud-based LIS makes data accessibility much easier as compared to the LIS, which is located in on-site servers. Since the data is stored on the Cloud, information from multiple centers can be accessed from anywhere, anytime. Cloud-based LIS makes it easy for data to be accessed from any location or any device through secure logins thereby speeding up the whole process of pathological deductions and decisions leading to faster report turn around.

2. Your Data Remains Ultra Safe

One of the major concerns in a laboratory information system is the security of the patient data that is generated on a daily basis and stored on the servers. Cloud-based LIS takes care of this perfectly. The data in the Cloud-based LIS is stored in encrypted form that has high security levels and cannot be accessed in usable form by anyone other than authorized personnel with access rights. With practically no server downtime as compared to the on-site servers, Cloud-based LIS relieves the user of any operational problems and data security issues that result from server downtime.

3. Reduced IT Requirements

A Cloud-based LIS means that the servers are off-site and all the costs associated with the hardware installation and the associated maintenance is nullified. The easy accessibility associated with Cloud based LIS also makes it simple to add users, centers, sections, services etc. to the master log. This means you don’t have to go hunting for the in-house IT team; and anyone who has the login with administrator rights can do it easily. You effectively save additional manpower cost spent on maintaining a big IT team to maintain the server, add/ edit the master logs and related activities.

4. Staggered Investments

Cloud-based LIS gives the laboratory owner the option of not buying a large server at the onset and thereby blocking up money. It takes away the risk of projecting the growth of the lab correctly and buying a server that will be able to scale and handle the data and operations load of that projected growth. Cloud-based LIS means the server space can be hired as and when the growth happens. There is no prior commitment and no blocked investment. Investment on server space only needs to happen when the need arises and that too, only as an added amount in the form of simple monthly utility fees.

5. Cost Effective

The most obvious reason why Cloud-based Laboratory Information System is a smart business choice is due to its cost effectiveness. As the servers are off-site, it requires no hardware installation and the resultant licensing fees, maintenance costs and the software updates that will keep happening life-long for the software can be cut out immediately. There is no cost of hardware either and only monthly utility fees is what you need to pay.

6. Practically Zero Maintenance

With no server within your premises you don’t need to worry about the safety of the server room, temperature maintenance, pest control, server downtime, software updates and other such factors. Fixed amounts as monthly utility fee will take care of all this for you.

Having a Cloud based LIS can smoothen your operations to a large extent. It makes automation a cost effective option and also leaves you with more time to focus on the core operations, and taking care of your patients.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

The Time to Stop Relying on Spreadsheets Has Arrived

The Time to Stop Relying on Spreadsheets Has Arrived | IT Support and Hardware for Clinics | Scoop.it

Microsoft Excel is used for a wide variety of tasks, from visualizing business data, to tracking work expenses and managing books. But in the age of cloud-empowered productivity and pervasive mobile devices, is the humble spreadsheet keeping pace? While many accountants still seem to enjoy using them, there’s a huge number of tasks that spreadsheets are ill-suited for, like business reporting and project management. Let’s take a closer look at how spreadsheets may be hurting your business, and why custom software that’s powered by a robust database is usually the better solution.

Spreadsheets are Highly Error-Prone

Have you heard of “dueling spreadsheets”? It’s a term that describes when two different versions of the same spreadsheet contain conflicting data. This is an unfortunately common scenario that can arise in a few different ways.

The most common is when spreadsheets aren’t being stored in a centralized location. If one employee downloads a spreadsheet that contains today’s data, but the next day another employee downloads a copy with tomorrow’s data, then a conflict between these two datasets is likely. The problem of dueling spreadsheets is also common when people add or delete information to a single spreadsheet then share it with others via email or cloud file-sharing systems. Which version is which? It’s hard to know.

Because spreadsheets were not built with the security or integrity of data in mind, and offer no reliable way to audit changes, the problem of errors is extremely common. According to MarketWatch, as many as 88% of spreadsheets contain an error, a problem that’s grown so severe; it’s even led to the formation of an organization specifically to address the issue of spreadsheet mistakes.

Spreadsheets Waste Time

According to a report by research and advisory firm Ventata, 44% of businesses struggle with managing their spreadsheets. Their research found that the average employee spends 12 hours a month looking for and correcting errors in spreadsheets. You can read more about that in their blog post here.

In some situations, that 12 hours a month might even be low. Microsoft Excel is not just spreadsheet software, it is, in fact, a Turing complete programming language. If your employees are not experienced Excel users, then the time required to check Excel files for problems could be even greater. Compare these wasted staff-hours with the return of customized software, which provides increased benefits as your company scales, and the problem of spreadsheet error only intensifies.

Spreadsheets Can Lead to Catastrophe

Big businesses have lost enormous amounts of money because of mishandled spreadsheets. Take for example the 6 billion-dollar loss that JP Morgan Chase incurred during the “London Whale” incident, which experts attribute in part to the improper use of spreadsheets. There are many examples of poor Excel usage leading directly to financial losses, such as this 24-million dollar cut and paste error at Canadian power company TransAlta, as well as others.

According to the white paper, Capitalism’s Dirty Little Secret, by global financial modeling and forecasting company F1F9, 1 in 5 businesses have lost money because of spreadsheets. Any loss due to spreadsheet errors, even the relatively small ones that occur at SMBs, should be considered unnecessary and could easily have been avoided with custom software.

Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

Custom Business Software Addresses All the Shortcomings of Spreadsheets

There’s evidence that shows as a business grows, it becomes more susceptible to financial losses due to spreadsheet errors. Instead of relying on spreadsheets, with all their inefficiencies and pitfalls, growing businesses must look to custom software and database solutions to provide the reliability and efficiency they need to scale. Let’s look at some of the most important benefits custom software can provide.

1 – Purpose-Built for the Future of Your Business
Software that’s specifically designed to improve the operations at your company does so much better than any off-the-shelf product can. Custom software not only responds to the workflows and business rules of your team, it also simplifies your employee training programs by reducing the number of applications your employees need to learn. These are key points that Excel lacks. Don’t adjust your company workflows or personal habits to suit your software — it should be the other way around.

2 – Empowered Data Discovery
The future of productivity points toward deeper integration between data from mobile, IoT, and cloud applications. Unlike Excel, which requires a great deal of skill to use, and doesn’t provide the power most businesses need, custom software sitting atop a database that’s tailored to your requirements can help tie all those sources together and provide a strong foundation for artificial intelligence and analytics.

3 – Security and Compliance Controls
Excel spreadsheets lack stringent access controls, so once your data is exported to Excel, it’s much harder to ensure proper security. The security weaknesses in spreadsheets can have important compliance ramifications for companies in regulated industries, such as finance or healthcare. In comparison, custom software can be built to meet even the strictest security requirement, ensuring seamless integration with your existing network and compliance controls.

4 – Custom Software is Cost Effective
Mentioning customized software makes people instantly think of expensive enterprise solutions that are available to only the largest businesses, but this is far from reality. Today, custom software solutions are readily available to SMBs and often provide cost savings over per-license commercial software. The software development division of Manhattan Tech Support, Exceed Digital, has developed an innovative payment model that allows companies to purchase software on a monthly subscription basis. Would you like to know more?

NYC’s Custom Software Development Partner

Manhattan Tech Support doesn’t just manage the IT and network infrastructure of businesses throughout greater NYC, we also provide world-class software and database development servicesto businesses throughout the United States.

If you want to streamline the flow of data through your company and empower your team with better, more intuitive software, we encourage you to call us at 646-439-3767. We’re always available to help businesses better understand the software development process, and provide them with the expertise they need to make the transition to custom software a success. We look forward to speaking with you!

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Medical Device Security Risks: What Healthcare institutions can do

Medical Device Security Risks: What Healthcare institutions can do | IT Support and Hardware for Clinics | Scoop.it

Medical devices, just like any other Internet of Things (IoT) object, are prone to hackers. These hacks can get dangerous quickly— security risks with medical devices become patient safety issues, as while medical devices carry patient data that needs to be protected according to HIPAA laws, these instruments also perform critical functions that save lives.

 

Weaknesses that augment the risk of a potential breach include the fact that medical devices tend to be five to six years old by the time they are even put in use at hospitals, after which they are operating for another fifteen years. These devices are the most prone to security breaches, as they are not built with future tech advancements in mind.

 

On top of this, many hospitals have not updated or patched their software or medical devices until something has already gone wrong. After the WannaCry ransomwareattack in May of 2017, Windows released patches for operating systems as old as Windows XP, yet many hospitals are slow to download the patch, and some did not download it at all. Hospitals, along with medical device manufacturers, are testing and deploying the patches across the millions of medical devices.

 

Due to the increasing connectivity of medical devices, cyberattacks have been steadily increasing over the past few years.

Here are some examples of alarming events that have occurred with medical devices:

  • In 2014, researchers alerted the Department of Homeland Security that certain models of the Hospira infusion pump could be digitally manipulated. A year later, the FDA issued an advisory discouraging hospitals from using the pump; however, it is still in use in many medical settings. Even if a security risk is detected, the device is still needed for patient health.

 

  • Years later, in September 2017, eight security vulnerabilities were found in the Medfusion 4000 Wireless Syringe Infusion Pump, the worst of which had a Common Vulnerability Scoring System (CVSS) score of a 9.8 out of 10.

 

  • In 2016, researchers from the University of Leuven in Belgium and the University of Birmingham in England evaluated ten types of implantable cardioverter defibrillators (ICDs) and gained the ability to turn off the devices, deliver fatal shocks, and access protected health information (PHI). Not only could they drain the battery and change the device’s operation, if the researchers had used slightly more advanced or sophisticated equipment, they would have been able to interfere with the devices from hundreds of meters away.

 

  • In late 2016, over 100,000 users of insulin pumps were notified of a security vulnerability where an unauthorized third party could alter a patient’s insulin dosage.

 

  • In May 2017, NSA hacking tools believed to have been stolen by North Korea were used to infect MRI systems in US hospitals. Although this hack did not directly threaten patient safety, the machines ceased functionality for an extended period of time, increasing the need for hospital resources and causing critical delays.

 

  • In August of 2017, the FDA recalled 465,000 implanted cardiac pacemakers due to a vulnerability where unauthorized users could modify the pacemaker’s programming.

 

After all of these life-threatening hacks, the FDA has provided updated recommendations with a revision of NIST’s 2014 Framework for Improving Critical Infrastructure Cybersecurity.

 

Cybersecurity risk assessments can facilitate calculating the vulnerability of these medical devices. One form of this is penetration testing, where security engineers target identified or unidentified vulnerabilities in code and report the product response. Other types of risk assessments can include malware testing, binary/byte code analysis, static code analysis, fuzz testing, and security controls testing.

There are four key steps that a healthcare organization using these medical IoT devices can take to protect patient data and the devices themselves:

  1. Hospitals should use proactive approaches to hacking threats rather than waiting for something to go wrong; always change default passwords and factory settings.
  2. Healthcare companies should also assess their legacy systems and any outdated hardware; systems that are outdated are not only prone to hackers but do not integrate with newer devices perfectly. This lack of interoperability leads to more security gaps, which creates a cycle of weakness.
  3. Hospitals should isolate the medical devices that cannot be patched on a separate network so that hackers do not have access to the medical devices, in a process known as network segmentation.
  4. To discard hardware, the disposal should be done domestically, include complete data destruction, and be coordinated so that data cannot be recreated from abandoned devices.

 

Medical devices are not removed from the realm of hackable devices and should be treated as such. In fact, they should be treated with even more caution and care. If these devices are infected by hackers, both safety and privacy are at risk. Hospitals have an obligation to ensure the highest degree of security controls within medical devices they use. While the FDA may issue guidelines or recommendations with caution, as they put patient well-being above all, government agencies should still do everything in their power to make cybersecurity recommendations for medical devices enforceable and part of the law.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

3 Cisco Cloud Security Products to Check Out 

3 Cisco Cloud Security Products to Check Out  | IT Support and Hardware for Clinics | Scoop.it

Cisco continues to evolve its cloud security profile with new developments from Meraki, Umbrella and Duo products. These three products are made to seamlessly integrate with your systems to better protect your business. Learn more about each below.

Cisco Meraki

Cisco Meraki combines security cameras, cloud-management, and analytics with the MV lineup. The MV22 and MV72 cameras provide reliable security. They are easy to set up and manage through the Meraki dashboard. This tool eliminates the single point of failure, so you don’t have to worry about one camera failing and taking down the whole system. Both models have 256GB of solid states storage and up to 1080 pixels of high definition resolution. The Meraki dashboard allows for monitoring and management of all cameras from anywhere in one or multiple locations with no extra software required. The dashboard uses analytics to provide valuable insights to protect your business. An example is performing a motion search, which can detect people using pixels at certain periods of time during the day. Additionally, under the Meraki brand, the Meraki SD-WAN is 100% centralized cloud management for security, networking and application control. The dashboard enables network admins to view networked clients, bandwidth consumption, and application usage across all sites. Some of its features include no external modem, high availability, and advanced security license/firewire.

Cisco Umbrella

Cisco Umbrella Solution is a cloud-based secure internet gateway and provides the first line of defense from threats on the internet – even if the end-user is working remotely from a company device or their own computer. The Umbrella boasts an easy deployment and an even easier system to operate. It integrates directly with Meraki products and the rest of the Cisco security profile. With Umbrella, users are protected anywhere they access the internet with or without a VPN. The DNS is the biggest threat to security and most of the time isn’t monitored. The Umbrella Cloud Solution solves this gap as the first line of defense. It not only solves requests, but it also looks at comparisons in the data to better detect similar threats from cyber fingerprints used by attackers.

Duo

The duo is the most recent addition to the Cisco family. This tool offers a streamlined way to improve the user experience during the multi-factor authorization while also protecting your business. The duo takes it a step further by checking devices managed and unmanaged to ensure it meets security standards before granting access. 


Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Benefits Of Wearable Technology In The Health Sector

Benefits Of Wearable Technology In The Health Sector | IT Support and Hardware for Clinics | Scoop.it

When most of us consider wearables, we include devices such as Bluetooth headsets. However, in the medical industry, we expect more from our wearables and only include devices that not only provide a specific function but will also store sensor data for later retrieval by healthcare professionals. This data is then analysed to aid medical diagnosis.

 

In a growing telehealth market, it is these sensor-based devices that will improve healthcare services for millions of patients worldwide. Existing forecasts indicate that the global telehealth spend will increase tenfold within five years, rising to $4.5 billion by 2018.

 

Like any new technology, early adoption figures are quite weak but luckily, in Australia, we are always eager to experiment with new innovations. In fact, a 2014 Kronos survey demonstrates that no less than 30 per cent of Australians already use wearable technology, twice that of our U.S. counterparts. In addition, more than 40 per cent use them for work-related tasks. This high adoption rate is encouraging for future increased use of wearables in the health and fitness areas.

 

For this adoption rate to continue, I believe we need our healthcare providers to embrace the use of wearables, as they are best positioned to encourage their patients of wearable benefits, with the most important being improved care monitoring and increased efficiency for early diagnosis of common ailments. When a medical professional recommends a product, people listen. There are several reasons for this but primarily these include:

 

A company with a commercial interest in the product is unlikely to achieve the same positive response level.


Patients trust their doctors to act in their best interest.
By using these technologies themselves, patients are encouraged to take a more proactive approach to their personal health.
Fitness plans were perhaps the first wearable that provided useful data for medical professionals and were primarily used by those in cardiovascular activities such as running and cycling. Like any product type, the features available vary by model and manufacturer but most are capable of acting as a pedometer and can also record pulse and heart rates. The data gathered by the device sensors is then transmitted to your smartphone using Bluetooth or possibly ANT+ for cycling enthusiasts with bicycle computers. This data is often useful to doctors as it can aid diagnostics, surpassing the original plans for the device as a general fitness monitor.

 

Wearables that are specifically designed for the healthcare industry work in an identical manner. Senses are used to gather data, which is then transferred to another device for later analysis. Smartphones are most commonly used, with apps available for several platforms including Apple’s iOS and Google’s Android, but residential users can also use Wi-Fi to transfer data to the cloud or to another monitoring device.

 

In my opinion, as this technology grows, I believe real-time reporting will be possible, where data is displayed on the health professional’s monitor as soon as new data is uploaded. The exact direction this technology will take requires valuable input from knowledgeable medical professionals. That is not to say that the existing range of devices for the medical industry is limited as this is far from the situation. There are several preventative care devices already on the market and these include:

 

Glucose meters that notify clinics of an emergency situation, ideal for remote monitoring of elderly diabetics
Remote monitoring devices that store information such as blood pressure, temperature, ECG data and more. These can save a vast amount of clinic time, allowing healthcare professionals to prioritize according to patient ailment and creating an environment where early diagnosis is certain for many common ailments.
There are several dedicated devices and applications for monitoring diets, all of which act as a virtual personal trainer who recommends a specific diet according to age and cardiovascular status.
The examples listed above are probably the most common but there are many other devices available that monitor specific conditions. All share the same properties, to gather information and to monitor patients in real-time, thereby improving doctor-patient interaction and the healthcare service provided.

 

The use of wearable technology is a win-win for both healthcare professionals and patients and can reduce individual patient costs while also eliminating unnecessary clinic visits for the patient. For example, if you have high blood pressure and are prescribed specific medication to alleviate the condition, you will no doubt have to make several trips to the clinic to verify that the prescribed treatment is actually working. However, with the use of wearable technology, this is no longer necessary, as the data gathered from the device is simply analysed without travelling to the clinic.

 

Australian healthcare professionals need to adopt wearable technology as soon as possible, given that the benefits surpass any possible costs or training headaches. It is a fact but careful selection of wearable devices and software apps can increase the efficiency of any medical practice, whether it is immediate access to patient data from anywhere, guided surgery, health monitoring tasks and more. Early adopters have already discovered that these solutions can reduce the frequency of clinic visits and related clinic hours per patients.

 

Individual patient costs are reduced substantially but this does not mean that clinics will lose revenue, it merely means that available clinic time is spent treating the seriously ill or patients that require emergency care.

 

Mobile devices, remote data access and analysis with the resulting ability to increase early patient diagnosis are the way of the future. It may take some effort to define the correct processes, workflows and procedures but it is clearly worth it. Can you really afford to ignore the benefits of wearable technology?

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.