IT Support and Hardware for Clinics
32.1K views | +1 today
Follow
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...
Scoop.it!

Telehealth drives up healthcare utilization and spending

Telehealth drives up healthcare utilization and spending | IT Support and Hardware for Clinics | Scoop.it

Telehealth, which is frequently touted as an effective strategy to decrease healthcare spending, may actually be driving up costs, according to a new study by the RAND Corp. The report, published Monday in the journal Health Affairs, found that although telehealth appointments are cheaper than in-person and emergency room visits, the online and virtual resources encourage vast new utilization, ultimately driving up healthcare spending. The findings are a surprise wake-up call as employers increasingly look to offer telehealth services to their workers. About 90% of large employers said they would offer telehealth services as part of their employee health plans in 2017, according to a 2016 survey from the National Business Group on Health. The study’s researchers used 2011-13 claims data from the California Public Employees’ Retirement System to dive into telehealth costs. The authors compared the cost and use of telehealth visits and in-person visits for patients seeking treatment for acute respiratory infections, one of the most comment conditions treated via telehealth services.The researchers found that only 12% of direct-to-consumer telehealth visits replaced a visit to another provider. The convenience of telemedicine is encouraging people to seek care when they normally wouldn’t, said Scott Ashwood, lead author of the report and associate policy researcher at RAND Corp. “You don’t even have to go anywhere … you just have to pick up the phone.”

 

An individual may be less inclined to go see their primary-care doctor or visit the ER if they have the common cold or a high fever. But the easy access and low cost of telemedicine may motivate people to seek a clinical consultation, Ashwood said.

On average, a telemedicine appointment costs about $79 compared to $146 for a doctor’s visit and $1,734 for an ER visit, the study found.

RAND Corp. found a similar trend taking place among retail clinics. A study in November 2016 found ERs near retail clinics didn’t experience a reduction of visits from patients with low-acuity illnesses.

 

To discourage telemedicine overutilization, the authors suggested increasing patient cost-sharing for the consultations. This could encourage people to consider more critically what conditions they will seek care for, Ashwood said. “If I have to pay more out of pocket to pick up the phone, maybe I don’t,” he said.

The authors also suggested health plans reach out to patients who frequently use the ER and encourage them to use telemedicine services instead. Ashwood said patients with chronic conditions that frequently use the ER for care will effectively decrease spending if they use telemedicine instead.

“We are seeing patients responding (to telemedicine) so there is a benefit to respond to certain populations,” Ashwood said.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Obama Signs Cyberthreat Information Sharing Bill

Obama Signs Cyberthreat Information Sharing Bill | IT Support and Hardware for Clinics | Scoop.it

On Dec. 18, both houses of Congress enacted the Cybersecurity Information Sharing Act, which is part of a 2,009-page $1.1 trillion omnibus spending bill (see page 1,729). CISA will establish a process for the government to share cyberthreat information with businesses that voluntarily agree to participate in the program.


The legislation is an important tool to help protect the nation's critical infrastructure, says Daniel Gerstein, former Homeland Security acting undersecretary and a cybersecurity expert at the think tank Rand Corp. "Sharing information between industry and the federal government will allow for development of countermeasure signatures that can be incorporated into networks," Gerstein says. "In the absence of such sharing, protecting networks becomes much more challenging. ... CISA is not intended to be a comprehensive bill for cybersecurity. Rather, it focuses on the exchange of information between industry and the federal government. "


Larry Clinton, president of the industry group Internet Security Alliance, says the approval of the bill by large, bipartisan majorities in both the House and Senate demonstrates the growing realization that the nation faces a major cybersecurity problem. "It speaks to the need to come together in a way rarely evidenced lately in D.C. and begin to attack this problem together," Clinton says. " It's a rare instance of our government system actually working in a bipartisan fashion for the public good."

Winner, Loser

Passage of CISA is seen as a victory for big business and a defeat for privacy and civil liberties advocates.


Consumer advocates say the new law provides limited privacy protections to Americans. They object to the lack of transparency in drafting the measure's provisions in secrecy and then inserting it into a spending bill that keeps the government operational. "This shows disrespect for the people whose privacy is at stake in this process, and who deserve real cybersecurity, not more surveillance," says Drew Mitnick, policy counsel for the advocacy group Access Now. "Simply put, we expect more from our elected leadership."


But business groups generally supported the legislation. "This legislation is our best chance yet to help address this economic and national security priority in a meaningful way and help prevent further attacks," says U.S. Chamber of Commerce President Thomas Donohue. "Government and businesses alike are the target of these criminal efforts, and CISA will allow industry to voluntarily work with government entities to better prevent, detect and mitigate threats."

Key Provisions

At CISA's core are provisions designed to get businesses to voluntarily share cyberthreat information with the government. The main incentive is furnishing businesses with liability protections from lawsuits when they share cyberthreat information, such as malicious code, suspected reconnaissance, security vulnerabilities and anomalous activities, and identify signatures and techniques that could pose harm to an IT system. The new law also will provide antitrust exemption for sharing threat data among businesses.


The liability protections alone won't get many businesses to share threat information. "A bill is not going to prompt an organization to change," says Chris Pierson, chief security officer at invoicing and payments provider Viewpost. "What it will do is help the internal teams that want to share have better ammunition for their legal counterparts and compliance people to understand that sharing of threat data and indicators is being done in a coordinated fashion. The true win here will be the communication around what to share, how to share and the business benefit for companies that share."


CISA designates the Department of Homeland Security to act as the cyberthreat information-sharing hub between government and business. Civil liberties activists wanted a civilian agency, not a military or intelligence entity such as the National Security Agency, to shepherd the flow of cyberthreat information between government and business. But the legislation will not prevent the NSA and other intelligence agencies from getting hold of the cyberthreat information.


One provision of the law will require DHS to establish an automated system to share cyberthreat information in real time with other government agencies. The law also will allow the president, after notifying Congress, to set up a second information-sharing center if needed.


CISA will require the removal of personally identifiable information from data before it is shared. However, the vagueness of the law's language could result in "more private information [being] shared than the privacy community would prefer," says Paul Rosenzweig, a former Homeland Security deputy assistant secretary for policy, who analyzed the measure's language.

Healthcare Industry Study

The omnibus bill also includes language to require the Department of Health and Human Services to convene a task force 90 days after enactment of the legislation to address the cybersecurity threats facing the healthcare sector. This task force would:


  • Analyze how other industries have implemented cybersecurity strategies;
  • Evaluate challenges and barriers facing private healthcare organizations in defending against cyberattacks;
  • Review challenges the industry confronts in securing networked security devices; and
  • Develop a plan to share cyberthreat information among healthcare stakeholders.


The task force would report its findings and recommendations to appropriate congressional oversight committees.

more...
No comment yet.
Scoop.it!

Windows 10 Ransomware Scam Represents Growing Trend in Malware

Windows 10 Ransomware Scam Represents Growing Trend in Malware | IT Support and Hardware for Clinics | Scoop.it

I don’t usually jump on the new software or device bandwagon immediately. I tend to wait until something has been on the market for a little while and let other people work the bugs out first. However, the release of Windows 10 intrigues me. I had the chance to talk to some people at RSA about it, and I’m not sure the last time I heard so much enthusiasm for a new Microsoft product.


The release came at the end of July, with the upgrade made available for free. Who doesn’t like free, right?

Consumers aren’t the only ones who appreciate a free upgrade, though. Scammers and bad guys are taking advantage of the Windows 10 launch, too, using phishing emails to spoof the arrival of the OS. As PC World explained, the scam does a very good job mimicking a legitimate Microsoft announcement regarding Windows 10. The difference, though, was this:


An attached .zip file purports to be a Windows 10 installer … the attachment contains a piece of ransomware called CTB-Locker that encrypts your files and requests payment within 96 hours, lets your files be encrypted forever.


I can’t imagine that anyone would be surprised that the bad guys would try to take advantage of the OS release. However, according to Cisco’s midyear report, using ransomware is part of a growing trend with hackers using social and breaking news events to deliver ransomware. According to the report, ransomware has really stepped up its game, with improved professional development to encourage innovation and to ensure that the malware brings in financial gains.

The Cisco blog explained more about how it works:


The ransoms demanded are usually affordable, generally a few hundred dollars depending on the bitcoin exchange rate. Criminals appear to have done their market research to determine the right price points for the best results: Fees are not so high that victims will refuse to pay or will tip of law enforcement. Ransomware authors keep their risk of detection low by using channels such as Tor and the Invisible Internet Project to communicate, and they use bitcoin so that financial transactions are difficult for law enforcement to trace.


Will we see more problems with ransomware going forward? I suspect the answer is “Yes,” especially as the developers get smarter about manipulating the ransom for their own gain. (Remember, as successful as Cryptolocker was at locking down a computer’s data, too many weren’t able to pay the ransom with Bitcoin, and, in turn, the developers weren’t able to make the money they planned to make.) We know that the spammers are very good at faking us out with phishing attacks. So enjoy your new Windows 10 upgrade. Just download with a lot of caution.

more...
No comment yet.
Scoop.it!

Healthcare IT -- An Investment Choice For The Future

Healthcare IT -- An Investment Choice For The Future | IT Support and Hardware for Clinics | Scoop.it

The very first time I saw real innovation in healthcare IT was in 2003 in Chicago, when Linda Hall presented QuickMedix (later named MinuteClinic). What really impressed me was the simplicity of the premise, based on the easy “in and out” of 1 Hour Photo. If people could drop off their film and pick up the photos at a mall kiosk within an 1 hour, why couldn’t we do the same for diagnosing and treating common maladies such as strep throat, ear infections, viruses, high fevers and the flu? The technology wasn’t so simple, but it’s what made possible a walk-in kiosk staffed by a nurse practitioner who could see a patient, take a swab, send it via e- processing and get a read-out for a prescription within 15 to 20 minutes. That prescription could then be filled at the in store pharmacy, with the patient on their way in less in 30 or 45 minutes. I just knew this would be a success.

Linda explained what a convenience the service would be, particularly for women who often sacrifice an entire day at work getting to a doctor’s appointment with a sick child, driving to the pharmacy to get the prescription filled and finally returning home to tend to her child. This convenience kiosk, introduced at Target and CVS, could be a real breakthrough in healthcare IT and people’s lives. The company became a national success when it was recognized as a forerunner to urgent care in the US. Linda and her team successfully raised $30 million to market this service which was acquired by CVSin 2006 for $214 million.


Now, years later, one of the most robust investment categories for investors in start-up companies is healthcare technology, or healthcare IT. Much of this has been prompted by the Affordable Care Act of 2010. In that year, there were only 17 seed and Series A healthcare software and application companies that were funded. Even with this astonishingly low number, we began to see more development of healthcare IT atSpringboard Enterprises, where a raft of companies applied to the Springboardaccelerator program and three were accepted.


The numbers began to build from there; several dozen companies were screened by our expert life science advisors and 22 have since been accepted into the program. This isn’t to say that Springboard, the accelerator accepting companies founded or co-founded by women, vetted a majority of the pack out there. We are just one of many, but it was an indication that the demand for technology improvements in the market was there and the investors were buying in.


Just a few examples could illustrate the range and targets of these companies. Ubiqi Health, founded by Jacqueline Thong, developed a mobile program for tracking migraine headaches. It not only tracks migraines, but provides the user with tools to help determine what causes their onset and potential options for reducing their effect. One user named Shantel wrote on their site that, “I noticed from my Ubiqi tracker that certain foods triggered my migraines, then I changed my diet”.


The potential impact of managing migraines can be huge. For example, one study on kids with migraines revealed that kids with migraines are out of school 32 days to 3 months a year compared to an average of 3 to 13 days for other kids. Being able to manage the migraine and reduce days absent would have a profound impact on kids, teachers, administrators and healthcare providers. Ubiqi has moved into tracking other chronic illnesses such as asthma and diabetes.


ZappRX, presented in 2012 by one of our youngest entrepreneurs, Zoe Bary, is developing a mobile wallet for subscription orders. What fascinated me about Zoe’s presentation is that she taught herself to write the patent for ZappRX technology and her investment documents by researching both online. Her start-up costs were next to zilch, primarily because she took on the tasks herself. In addition she was extraordinarily confident.


And it’s a good thing that she is because what she is trying to do is take the pain out of getting prescriptions filled. So many people find glitches in the prescription fulfillment process, from connecting the doctor with the pharmacy, to providing the healthcare provider with accurate pharmacy records. ZappRX intends to make this process a pharmacy agnostic one. While that certainly would make sense for consumers, it isn’t an easy process to penetrate. The biggest pharmacy chains: Wal-MartTarget,Walgreens and CVS are more interested in keeping their customers in-house.

According to a report from CrunchBase, the number of funded companies tackling problems in healthcare rose from 17 in 2010 to 89 in 2013. That doesn’t really speak to the amount of capital invested across all 195 companies in the same period. According to a report from investment firm Rock Health, a total of $1.9 billion was invested in healthcare related-firms that raised at least $2 million in capital during this time.


Funding isn’t the only engine driving healthcare IT. The $10 million X Prize competition funded by Qualcomm and supervised by Dr. Daniel Kraft , a serial entrepreneur and faculty member at Singularity and Stanford University, is another route.  The challenge is to put “Healthcare in the Palm of Your Hand” by  enabling your vital medical signs to be transmitted on a mobile device connected to your doctor for up to the minute tracking. Imagine how that will bear fruit for early detection and treatment. This truly could be life saving


One Springboard company that raised funds is Tiatros, which presented at our class of 2012. Kimberlie Cerrone, founder and CEO, was trying to solve a problem of her own; it turned out that her son had been shipped overseas to the battle zone in Iraq. Kimberlie wanted to have all of his vital mental health and treatment information in one place in case it was needed for emergency life support in battle. She couldn’t find a simple solution to bringing all his vital information together in a combined and secure file where doctors would be able to view all other medical history at the same.


Kimberlie, who has multiple degrees in biochemistry, an MBA and a law degree, started out to find a solution. She began with her colleagues at the San Francisco Medical Center for Research. If she could figure out how to bring together patient research from various potentially unrelated fields, Tiatros could be a life saver for the troops facing traumatic brain injury in war zones.


Already proven successful in beta tests in San Francisco, she may have cracked on of the most vexing problems dogging the healthcare industry: coordination among different physicians treating the same patient, with all the medical partners accessing the same data that’s housed in a secure cloud accessible via any internet connected device. Providing that info in one place could vastly improve coordination among physicians treating a patient and reduce healthcare costs.

Without a doubt, the rise of healthcare IT start-up companies is starting to grow from a stream to a fast flowing river. The San Francisco Bay area leads the charge followed by New York, Boston, Atlanta and Los Angeles. Investors are combing the stream of start-up companies for entrepreneurs and companies that can scale.


companies have been tackling the vexing problems of making healthcare more efficient and effective since the turn of this century but early attempts during internet 1.0 just couldn’t penetrate the complex system. Now nearly a decade and a half later, we are beginning to see real traction. This is good news for the industry and consumers alike.

more...
Scopidea's curator insight, June 22, 2015 2:54 AM

Scopidea provides unique time tracker software. Time tracker software helps to record time, capture screen shot and download complete works sheet.

Scoop.it!

Do you know where your sensitive data lives?

Do you know where your sensitive data lives? | IT Support and Hardware for Clinics | Scoop.it

Challenges with tracking where sensitive and regulated data is flowing, and the inability to control that flow in outsourced environments such as SaaS cloud applications, where it can move freely between data centers and cloud provider’s partner’s systems, is a key challenge for enterprises in regulated sectors.

More than 125 attendees at RSA Conference 2015 took the survey, which was conducted via in-person interviews by Perspecsys. The results interestingly reveal a split decision when it comes to trust in Cloud Service Providers (CSPs): 52 percent of respondents say they trust their CSP to take care of protecting and controlling their enterprise data and the other half (48 percent) do not.

Enterprises need to consider encrypting or tokenizing any sensitive data before it goes to the cloud, so they retain full control of their information while it is in-transit to the cloud, while it is stored at-rest in the cloud and while it is in-use being processed in the cloud.

IDC forecasts that public IT cloud services will account for more than half of global software, server, and storage spending growth by 2018. The Perspecsys survey findings align with this projection, with 67 percent of respondents preferring to store the majority of enterprise data in the cloud – that is – if data privacy and compliance regulations could be addressed. Interestingly, the current perception remains that private cloud is more secure than its public cloud cousins. For example:


  • About half of respondents say existing or impending data privacy regulations impact up to 50 percent of their cloud strategy
  • The majority of respondents still house less than a quarter of their data in public cloud environments
  • About a third claim no public cloud use at any level (IaaS, PaaS or SaaS), as far as they know.

Via Paulo Félix
more...
No comment yet.
Scoop.it!

Why It's Tough to Pass Data Breach Bill

Why It's Tough to Pass Data Breach Bill | IT Support and Hardware for Clinics | Scoop.it

Backers of a national data breach notification law say it would greatly simplify compliance for businesses, which now must comply with laws in 51 different jurisdictions - 47 states, three territories and Washington, D.C.


But does that simplification come at too high a cost? Some federal lawmakers thinks so. They say passing a national data breach notification law would weaken data security protections found in certain states' statutes, thus doing more harm than good.

And those concerns are a major reason why building a consensus that paves the way for enacting a national breach notification law will prove difficult, if not impossible.

'Confusing for Businesses'

Last January, President Obama noted when he proposed his version of national data breach notification: "Right now, nearly every state has a different law on this, and it's confusing for consumers and it's confusing for companies, and it's costly, too, to have to comply to this patchwork.


Almost every bill introduced in Congress over the past decade to create a national data breach notification standard would pre-empt state statutes. But that comes at a price. Several states, most notably Massachusetts, prescribe specific steps businesses must take to safeguard personally identifiable information. Most national data breach notification proposals don't require safeguards beyond saying businesses should take "reasonable" steps to secure PII.


Some industry experts - such as Larry Clinton, president of the trade group Internet Security Alliance - say they have seen no evidence that consumers' PII is more secure in those states that have more stringent security requirements. "To the notion that states can enact strong laws is, from a consumer perspective, a red herring," he says.

Middle Ground?

But some senators strongly disagree with Clinton's point of view.

"There are a number of like-minded senators who are paying attention to this issue and trying to push for a federal law ... that keeps state laws untouched as a middle-ground approach," says Chris Pierson, general counsel and chief security officer at payments provider Viewpost. "While this is more palatable for Congress, it does little to stem the growing diversity of state laws and the burden of conflicting state requirements."


One of those senators seeking a middle-ground approach is Richard Blumenthal, D-Conn., who, along with five other Democratic senators, has introduced legislation creating a national data breach notification law with a proviso: It won't pre-empt more stringent state laws.


"We must ensure consumers have strong protections on the federal level, but in so doing, we must make sure Congress doesn't weaken state protections that consumers rely on to keep their information safe," Blumenthal says. "Importantly, this measure strikes the right balance between state rights and strong federal enforcement and extends consumer privacy protections into a new digital era."

A right balance? Sasha Romanosky, an associate policy researcher at the think tank Rand Corp., characterizes the Democratic senators' bill as a "workaround" that sets a "national floor for breach compliance." But Romanosky is concerned that "then you'd just have the same issue as there is now: 47 potentially distinct state laws."


The Democrats' bill - like the Massachusetts statute - contains a list of security requirements with which businesses would have to comply. That makes the bill unpassable. Nearly every GOP lawmaker opposes any measure that that would place additional requirements on businesses.

60-Vote Threshold

Consumer advocacy groups generally oppose national data breach notification legislation that would weaken states' security standards. And those groups might have the clout to get enough Democratic senators to oppose any measure that would pre-empt state laws.

Sixty votes generally are needed for a bill to be considered by the Senate; the upper chamber has 44 Democrats and two independents who caucus with them. So getting 41 senators to block a vote on a data breach notification bill is possible.


Whether stricter state laws actually provide consumers with better security protections is debatable, but the perception among a number of lawmakers - mostly Democrats - is that they do. If at least 41 senators agree with that notion, then Congress will not enact a national breach notification law.


more...
No comment yet.
Scoop.it!

Who's Hijacking Internet Routes?

Who's Hijacking Internet Routes? | IT Support and Hardware for Clinics | Scoop.it

Information security experts warn that Internet routes are being hijacked to serve malware and spam, and there's little you can do about it, simply because many aspects of the Internet were never designed to be secure.

See Also: Preparing for OCR Audits: Presented by Mac McMillan of the HIMSS Privacy and Policy Task Force

The Internet hijacking problem relates to Border Gateway Protocol, which is responsible for routing all Internet traffic. In the words of Dan Hubbard, CTO of OpenDNS Security Labs: "BGP distributes routing information and makes sure all routers on the Internet know how to get to a certain IP address."

BGP provides critical Internet infrastructure functionality, because the Internet isn't a single network, but rather a collection of many different networks. Accordingly, BGP routing tables give the different networks a way to hand off data and route it to its intended destination.

That assumes, of course, that no one tampers with BGP routing, in which case they could reroute traffic or disguise malicious activity. "The trouble is it ... all relies on trust between networks, so if someone hijacks an ISP router, you wouldn't know," Alan Woodward, a visiting professor at the department of computing at England's University of Surrey, and cybersecurity adviser to Europol, tells Information Security Media Group. "It's just another example of how people are forgetting that the Internet was never built to be a secure infrastructure, and we need to be mindful of that when relying upon it."

Spam, Malware, Bitcoins

Hijacking router tables could allow an attacker to spoof IP addresses and potentially intercept data being sent to a targeted IP address. Thankfully, Woodward says, that is "not a trivial task," and Internet service providers have some related defenses in place.

But some attacks get through. One four-month campaign, spotted by Dell Secureworks in 2014, involved redirecting traffic from major Internet service providers to fool bitcoin-mining pools into sharing their processing power - which is used to generate bitcoins - with the attacker. Dell estimates that the attacker netted about $84,000 in bitcoins, although it's not clear that such attacks are widespread.

What has been on the increase, however, are incidents in which malware and spam purveyors hijack an organization's autonomous system numbers, or ASNs, which indicate how traffic should move within and between multiple networks, says Doug Madory director of Internet analysis at Dyn Research, which was formed after Dyn last year acquired global Internet monitoring firm Renesys.

In a blog post, Madory describes six recent examples of bogus routing announcement campaigns, some of which remain under way, and all of which have been launched from Europe or Russia. By using bogus routing, attackers with IP addresses that have been labeled as malicious - for example by the Zeus abuse tracker, which catalogs botnet command-and-control servers - can hijack legitimate IP address space and trick targeted autonomous systems on the Internet into thinking the attack traffic is legitimate.

"These are not isolated incidents," Madory says of the recent attacks that he has documented. "First, these bogus routes are being circulated at a near-constant rate, and many separate entities are engaged in this practice, although with subtle differences in approach. Second, these techniques aren't solely for the relatively benign purpose of sending spam. Some of this host address space is known to circulate malware."

One takeaway, Madory says, is that any information security analysts who review alert logs should know that the IP addresses attached to alerts may have often been spoofed via BGP hijacking. "For example, an attack that appeared to come from a Comcast IP located in New Jersey may have really been from a hijacker located in Eastern Europe, briefly commandeering Comcast IP space," he says.

The security flaws associated with BGP that allow such attacks to occur haven't gone unnoticed. In January, the EU cybersecurity agency ENISA urged all Internet infrastructure providers to configure Border Gateway Protocol to ensure that only legitimate traffic flows over their over networks.

But ENISA's advice belies that while BGP can be fixed, it can't be done quickly. "There are efforts to cryptographically sign IP address announcements," Madory says. "However, these techniques aren't foolproof and until they achieve a critical mass of adoption, they won't make much difference."

No Quick Fix

"Why Is It Taking So Long to Secure Internet Routing?" is the title of a recent research paper from Boston University computing science professor Sharon Goldberg, who notes that any fix will require not just a critical mass, but coordinating thousands of different groups. "BGP is a global protocol, running across organizational and national borders," the paper notes. "As such, it lacks a single centralized authority that can mandate the deployment of a security solution; instead, every organization can autonomously decide which routing security solutions it will deploy in its own network." That's one reason why BGP hasn't gotten a security makeover, despite weaknesses in the protocol having been well-known by network-savvy engineers for the past two decades.

Lately, however, BGP abuse has been rising. "It appears to be more systematized now," Dyn's Madory warns. Pending a full fix, he says that service providers might combat these attacks by banding together and temporarily blocking Internet traffic from organizations that repeatedly fail to secure their infrastructure, thus allowing BGP attackers subvert it.

In the meantime, keep an eye on security logs for signs of related attacks. "There's no easy defense, but it is kind of possible [to spot attacks] by monitoring and watching for unexpected changes in routing," Woodward says.


more...
No comment yet.
Scoop.it!

New Federal Health IT Strategic Plan -

New Federal Health IT Strategic Plan - | IT Support and Hardware for Clinics | Scoop.it

Following collaboration with more than 35 federal agencies, the U.S. Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) today issued the Federal Health IT Strategic Plan 2015-2020.

The Strategic Plan represents a coordinated and focused effort to appropriately collect, share, and use interoperable health information to improve health care, individual, community and public health, and advance research across the federal government and in collaboration with private industry.

The Strategic Plan, which is open for comments, serves as the broad federal strategy setting the context and framing the Nationwide Interoperability Roadmap that will be released in early 2015. The Nationwide Interoperability Roadmap will help to define the implementation of how the federal government and private sector will approach sharing health information.

The U.S. Government has led this charge as a major payer, purchaser and provider of care and associated health IT and through programs associated with the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. HITECH accelerated the adoption of certified electronic health record (EHR) technology among hospitals and providers, with 93 percent of eligible hospitals and 76 percent of physicians and eligible professionals taking part in the first stage of the Medicare and Medicaid EHR Incentive Programs. In addition, more than 150,000 health care providers across the nation are working with the HITECH-funded regional extension centers to optimize the use of health IT.

“The 2015 Strategic Plan provides the federal government a strategy to move beyond health care to improve health, use health IT beyond EHRs, and use policy and incentive levers beyond the incentive programs,” said Karen DeSalvo, M.D., national coordinator for health IT and acting assistant secretary for health. “The success of this plan is also dependent upon insights from public and private stakeholders and we encourage their comments.”

“We are very pleased to be collaborating with Health and Human Services, and our other federal partners, on developing the Federal Health IT Strategic Plan. This plan aligns with our health IT priorities. As a large provider and purchaser of care, we continually look for ways to expand the sharing of critical healthcare information with our healthcare partners,” said Karen S. Guice, M.D., M.P.P., principal deputy assistant secretary of defense for health affairs, Department of Defense.

“The Federal Health IT Strategic Plan collectively represents specific goals and strategies for how interoperability will be leveraged to foster the technological advancement of health information exchange to improve quality of care for Veterans while supporting patient-provider interaction,” said Gail Graham, deputy secretary for health informatics and analytics at the Department of Veterans Affairs, Veterans Health Administration, Office of Health Information.

Beyond creating financial and regulatory incentives to encourage the use of health IT, the federal government is helping to create a competitive and innovative marketplace. This effort will help bring new tools to health IT consumers and provide tools to help strengthen health care delivery that aligns with other national strategies to improve health including safety, quality, prevention, and reducing disparities.

The Federal Health IT Strategic Plan 2015-2020 can be found on HealthIT.gov. The period to comment on the Strategic Plan ends Feb. 6, 2015.

Today’s data brief found that the ability to easily share electronic information with other care givers, an important component of chronic care management, is also a major motivation for physicians to adopt EHRs. Among physicians who adopted health IT before incentive funds were available, the ability to electronically exchange clinical information with other health care providers was the greatest motivator for adoption. More than a third of physicians who adopted EHRs after HITECH was enacted cited this capability as a major influence in their decision to adopt, and almost 4 in 10 physicians who were not using an EHR reported that the ability to electronically exchange clinical information would be a major driver in their decision to adopt.



more...
No comment yet.
Scoop.it!

3 Ways Technology Can Help Treat Patients as Consumers

3 Ways Technology Can Help Treat Patients as Consumers | IT Support and Hardware for Clinics | Scoop.it

Smarter. Faster. More connected. On demand. These are the global trends that are redefining and revolutionizing every industry – and healthcare is just getting started. Today, consumers can choose to comparison shop, read reviews, crowd source recommendations for just about everything, instantly. And as consumers increasingly bear the burden of their healthcare costs, patients are starting to approach their healthcare decisions in the same way. Hence, it is critical for healthcare systems to proactively manage both the patient experience and their expectations, to increase patient loyalty, sustain the provider’s brand reputation and prevent new entrants into healthcare from siphoning patients away.

 

 

Technology can play a key role in meeting the needs of both patients/consumers and healthcare system organizations. Here are a few vital areas.

 

 

1. Transparency

 

Consumer expectations are on the rise and patients are paying more attention to their healthcare costs. As of January 2015, 19.7 million Americans had high-deductible health plans making them responsible for the first $2,000 to $5,000 of their healthcare spending. Even for those not participating in high-deductible plans, out-of-pocket costs rose substantially. From 2009 to 2015, on average, deductibles rose from $680 to $1,200. It is important to note that the business of healthcare is not exactly like other markets. While financial responsibility may encourage individuals to be more discerning about services that are optional or variably priced, it may also provide an impediment to care when needed. Regardless, it is a reality, and one of the current strategies to provide some level of health insurance coverage to everyone.

 

 

Moreover, transparent marketplaces in other industries— from Airbnb to Uber—are changing consumer expectations, at a time when health systems are under increasing competition for patient loyalty. CMS, along with consumer and employer demands are elevating the need for pricing that is clear, complete and accessible. Some health systems are responding by playing offense; many are investing to meet expectations.

 

 

One common patient pain point is the bill paying experience. According to a Consumer Reports National Research Center survey, in the last two years, nearly one third of Americans with private health insurance were surprised when their insurer paid less than expected, leaving a larger-than-expected bill for the patient. As described by one family, “We just wish that a doctor's office would give us a reliable statement at the time of service; we would rather be told to bring $1,000 or know up front that we can't afford this procedure. End of story.”

 

 

2. Real-time insights

 

In nearly every industry, there is a common challenge: “big data” is not enough to sort through the swirl of uncertainty and complexity in today’s modern society. To quote the Harvard sociologist, E. O. Wilson: “We are drowning in information, while starving for wisdom. The world henceforth will be run by synthesizers, people able to put together the right information at the right time, think critically about it, and make important choices wisely.” In healthcare, the deployment of technology and willingness of patients to engage in their care has led to a proliferation of data. The challenge; however, is in the synthesis – how do you glean actionable insights? In addition, are there ways to harness data previously unavailable from “non-clinical” sources?

 

 

In response, many health systems are revamping their online presence, as consumer-facing physician search and rating websites proliferate. Technology can also drive powerful results to improve patient experience and satisfaction. With real-time insights, providers can know how patients feel about their experience before they leave the hospital or doctor’s office. Patients can also offer perspective into health systems’ strengths and opportunity areas that can help provider organizations build patient loyalty and acquisition strategies.

 

 

One example where technology is offering new insights to improve patient experience is Binary Fountain. Binary Fountain offers a “social listening” tool that continuously monitors reviews, feedback, and mentions from the web and social media and integrates these insights with CAHPS data, point of care surveys, and other sources of patient feedback.  The solution offers a single platform where health systems can distill actionable insights to inform their operational decisions and patient experience strategies. The solution both enables health systems to address patients' needs and to take control of managing their brand.

 

 

3. Virtual access

 

Healthcare consumers increasingly seek out convenient and immediate access to care for common conditions. A 2014 survey of 3,873 patients conducted by the Advisory Board showed the number one priority for patients, when selecting a primary care clinic, was convenience. Over 70% rated I can walk in without an appointment and I’m guaranteed to be seen within 30 minutes as the attribute they sought most when seeking care. In 2013, Cisco performed an international study of attitudes regarding virtual care and found that 76% of individuals would prefer virtual care over a visit to an in-person provider, and showed while 19% of respondents preferred to visit a provider in-person, 23% preferred a consultation or visit by phone.

 

 

Seeking convenient access to care, patients have turned to non-traditional healthcare providers such as retail clinics and direct-to-consumer telehealth providers. As a result, health systems are losing both loyal patients and downstream referrals. However, offering convenient access requires a significant change in provider organization scheduling, workflow, clinic hours and staffing without disrupting clinic workflows or leading to physician burnout.

 

 

One company addressing this challenge head on is Bright.md. Bright.md's "SmartExam" is a virtual physician assistant that helps primary care groups automate up to 90% of provider time spent on low-acuity conditions. Using online exams that are easily accessible by both providers and patients, patients are able to interact with their own health system and trusted providers more efficiently.

Technical Dr. Inc.'s insight:

Contact Details :
inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com/tdr

more...
No comment yet.
Scoop.it!

Can technology drive meaningful cultural change in healthcare?

Can technology drive meaningful cultural change in healthcare? | IT Support and Hardware for Clinics | Scoop.it

In 2005, VitalSmarts and the American Association of Critical-Care Nurses(AACN) published a groundbreaking report called Silence Kills. They found that “among 1,700 nurses, physicians, clinical-care staff, and administrators, more than half witnessed their coworkers break rules, make mistakes, fail to support others, demonstrate incompetence, show poor teamwork, act disrespectfully, or micromanage.


Specifically, 84 percent of doctors observed colleagues who took dangerous shortcuts when caring for patients and 88 percent worked with people who showed poor clinical judgment.”


These stats are startling in and of themselves, but the most worrisome item in the report was that, “despite the risks to patients, less than 10 percent of physicians, nurses, and other clinical staff directly confronted their colleagues about their concerns.”


With nearly 200,000 people in the U.S. dying each year due to preventable medical errors, this communication chasm is a major concern – one that should be addressed immediately.


In the years following this study, there has been a strong movement by a number of companies to develop improved communication and patient safety tools. However, the 2010 follow-up study The Silent Treatment concluded, “that while safety tools are one part of the solution to improving patient care, they do not compensate for crucial conversation failures in the hospital. Silence still kills.”

The lack of communication between clinical teams can have deadly consequences. (Image Source: John Crawford via Wikimedia Commons)

Essentially, many clinicians still live in a culture of fear with respect to their ability to challenge a colleague or superior regarding patient safety issues.  The most innovative communication technologies are limited in their effectiveness if the underlying culture still punishes or ignores those who use them.  However, what if the technology itself could be used to drive the desired cultural change?  Consider the following two cases:


Case A:  A nurse notices a surgeon using a potentially non-sterile device on a patient.  If the nurse speaks up and challenges the surgeon, he or she risks insulting and potentially damaging the reputation of the doctor.  Fearing retaliation, or simply being ignored, the nurse may also stay quiet, putting the patient at risk. Neither is an acceptable option.


Case B:  Consider the same situation as above, but now the hospital is equipped with an automated system that tracks and records the movements and actions of the clinicians and equipment. The system could be invisible to the clinicians in the room. If an error occurs, whether or not the other clinicians in the room observe it, such a system could record it.


Then the clinician at fault could be singled out for the failure or the team could be disciplined for not recognizing the potential problem. In this situation, there is less fear of retaliation for the nurse who speaks up about a potential medical error, because his or her silence would allow the autonomous system to record the error and the surgeon to potentially be found at fault. Proactive intervention would prevent the error, protecting both the patient’s safety and the reputation of both the doctor and the clinical team.


In Case A, the nurse may be labeled a snitch or troublemaker, but in Case B, the exact same actions by the nurse could be viewed as positive and supportive. The difference is that such automated “black box” technologies may allow a cultural shift from individual-centric to team-centric communications.


The focus is no longer on the success or failure of the individual, but on the success or failure of the team in an effort to prevent errors. A well-known example of this would be in the aviation industry, where the “black box” concept has improved team-based communications as well as changing the underlying culture to improve both quality and safety.

Silence kills, but technology and communication, integrated intelligently, save lives.

more...
No comment yet.
Scoop.it!

SSH support is finally coming to Windows

SSH support is finally coming to Windows | IT Support and Hardware for Clinics | Scoop.it

Furthering Microsoft’s push to support open source, the company hasannounced that it plans to add Secure Shell (SSH) support to Windows in the future.


SSH is a protocol that allows users to access the command line of remote computers.


The team behind Powershell, Microsoft’s shell environment, said that it’s been working to add SSH for a number of years but it didn’t make the cut in both the first or second versions of Powershell.


The SSH library used by Windows will be OpenSSH as it’s ‘industry proven’ and Microsoft plans to give back to the project by contributing to the core library.


There’s no hard date for SSH support landing in Windows, as it’s only in the “early planning phase,” but the news will be music to the ears of network administrators and those that support Windows at scale.

more...
No comment yet.
Scoop.it!

The first Apple Watch update arrives with faster app performance

The first Apple Watch update arrives with faster app performance | IT Support and Hardware for Clinics | Scoop.it

The Apple Watch arrived on the scene with at least a few rough edges, but the crew at 1 Infinite Loop is trying to smooth at least some of them today. The company has released a 1.0.1 update for the Watch that improves performance across the board, and should be a particular help with third-party apps hosted on your iPhone -- many of which seemingly took forever to load in the original release. The difference isn't dramatic in our experience, but it is there. Your wristwear should also do better jobs with Siri voice recognition and calculating fitness data (such as calories and distance), and the interface supports seven extra languages ranging from Brazilian Portugese to Turkish. This doesn't include any of the big interface-level features hinted at in recent rumors, but it's good to see Apple's first wearable get some much-needed polish.


more...
No comment yet.
Scoop.it!

Windows 10: No More Monthly Patches

Windows 10: No More Monthly Patches | IT Support and Hardware for Clinics | Scoop.it

For its soon-to-be-released Windows 10 operating system, Microsoft will abandon its longtime practice of issuing a batch of "Patch Tuesday" product and security updates once per month. Instead, the company will begin offering 24/7, cloud-based patching, which will become the new default for consumers. For the enterprise market, a new Windows Update for Business will enable IT managers to take advantage of these anytime updates or define their own patch-release schedules.


Those are just some of the new Windows 10 features announced this week at Microsoft's Ignite conference in Chicago. Windows 10 could ship as early as summer 2015 for PCs, the company says, but the OS will launch later for smartphones, tablets, the Xbox and other devices. The operating system is the successor to Windows 8 - Microsoft skipped "Windows 9" - which was released in late 2012.


"Windows 10 follows the path first taken by the smartphone sector where iPhones, versions of Android and Windows Phones pioneered getting updates delivered to users as soon as they become available," says Wolfgang Kandek, CTO of security firm Qualys. "This strategy has worked out exceptionally well when it comes to security." Indeed, Verizon's 2015 Data Breach Investigations Report found that a scant 0.03 percent of smartphones get infected with "higher-grade" malicious code, which is orders of magnitude below PC infection rates.


But some notable Windows 10 security questions as yet remain unanswered. Microsoft has yet to reveal if its cloud-based approach to updating devices will work with just Windows 10, or also with Windows 7 and Windows 8. It's also unclear whether Windows Update for Business will replace the widely used Windows Server Update Services.

Windows 10 Security Overview

Ahead of the new operating system's debut, Terry Myerson, executive vice president of Microsoft's operating systems group, took to the stage in Chicago to describe four key information security areas that are being addressed in Windows 10:

  • Device protection: Hardware-based Secure Boot can restrict the types of software that load when the device is powered on. A new Device Guard can be set to only allow a "white list" of approved applications to run, backed by Hyper-V, a native hypervisor that creates virtual machines. And Microsoft is touting a "new device health capability" that ensures endpoints are free from malware and bugs, and fully updated, before they're allowed to connect to enterprise resources.
  • Identity protection: Microsoft says the Windows 10 Passport - which also uses Hyper-V - can protect credentials and handle secure authentication with networks and websites without sending passwords, thus providing a defense against phishing attacks. The new Windows Hello feature, meanwhile, allows for biometric access controls via faces or fingerprints.
  • Application protection: Microsoft will certify the security of applications purchased via its Windows Store for Business. Businesses can also set Device Guard to only allow those certified applications to run on a device. All applications will also be restricted to only using kernel-level drivers that are digitally signed by Microsoft. "Windows 10 will not allow older drivers to run unless fully compatible with Windows 10," says Sean Sullivan, security adviser at anti-virus vendor F-Secure. "Microsoft expects developers to tighten up their old code ... which is better for both security and the user experience."
  • Information protection: Enterprise Data Protection can be set to automatically encrypt all corporate data, including files, emails and website content, as it arrives on the device from online or corporate networks.
Security-Only Patching

With the introduction of Windows 10, Microsoft is also planning big changes to how Windows devices can be updated.

One notable change centers on updates for mission-critical systems - such as medical equipment or the supervisory control and data acquisition systems that power factories and refineries - that must never be allowed to crash, and for which IT managers thus often never install any Windows updates. As a result, such devices are often at risk from exploits that target known vulnerabilities.


With Windows 10, however, Microsoft will now issue "Long Term Servicing Branches" that will "contain only security updates, without any functional updates," Microsoft's Myerson says. That way, businesses should be able to keep these mission-critical systems patched against attacks that target known flaws, without worrying that various feature changes or upgrades will crash the system.

Windows Update for Business

With Windows 10, businesses will also have new types of patch-distribution capabilities, via Windows Update for Business, which Myerson says will be a free service for business-focused Windows Pro and Windows Enterprise devices. Windows Update for Business will offer four options that are designed to make updates easier and less expensive to manage, while also enabling IT managers to get security and functionality updates into users' hands more quickly:

  • Distribution waves: IT managers can specify update waves, so critical devices get untested patches first. Others could be set to still receive monthly patch updates. F-Secure's Sullivan says that this "looks like good stuff," because it will allow businesses to reduce the time they need to patch enterprise systems.
  • Maintenance windows: Patch managers can specify when updates should - or should not - occur.
  • Peer-to-peer delivery: P2P can be used to get updates to remote offices or workers. "The peer-to-peer distribution model for these updates will help with connectivity bottlenecks," Kandek says. "It's an attestation to the power of this networking technology which has been well tested in gaming and video distribution."
  • Integration: Microsoft says the new patching capabilities will work with existing systems management tools that handle patching, such as System Center and the Enterprise Mobility Suite.
Goodbye, Patch Tuesday

Windows 10 marks a big change to Microsoft's policy of releasing patches in monthly batches, which dates back to 2003. The rise of agile programming has changed businesses' and consumers' expectations about how - and how quickly - their software should receive updates.


Some vendors now patch and release fixes for flaws in a matter of days, or less. At the annual Pwn2Own hacking contest, for example, after security researchers demonstrate new flaws in widely used software products, Google and Mozilla regularly issue patches for those vulnerabilities in their Chrome and Firefox browsers in less than 24 hours.


Recent versions of those browsers have been built using agile development techniques - including rapid development "sprints" - that might see new versions of an application get released at least every few weeks. Coupled with those browsers having the ability to automatically receive and install updates, these more frequent releases allow developers to patch products more frequently, and that's led some companies, including Google, to adopt more rapid patching as the norm.


With Windows 10, Microsoft is positioning itself to embrace these techniques too, in part via its new "Microsoft Edge" browser, known previously by its "Project Spartan" code name.


"For enterprises, IT teams there do have the option to continue with tighter patch control and testing," Kandek says. "However, I don't doubt that most IT teams will see the advantages of shifting over to the new model, as it supports fast patching on the desktop level. More and more, our desktop PCs and laptops have become pure Internet-connected workstations that will have no dependencies on legacy applications that force the use of outdated software versions, so the old model for patching becomes less relevant over time."


more...
No comment yet.
Scoop.it!

Ransomware: The Right Response

Ransomware: The Right Response | IT Support and Hardware for Clinics | Scoop.it

So-called ransomware attacks are on the rise, namely because targeted businesses are increasingly willing to negotiate with - and even pay - their extortionists.


Ransomware has been getting a lot of media attention of late. On April 1, security firm Trend Micro reported that since the beginning of the year, numerous variants of crypto-ransomware have been discovered in the wild, striking consumers and businesses throughout the world.

 Criminals rarely hold up their end of the bargain, so negotiating with anyone who is demanding a ransom is just a bad idea. 


Just weeks earlier, security firms FireEye and Bitdefender issued warnings about new ransomware trends that were making these attacks more difficult to thwart and detect.


Now experts are calling attention to one of the reasons why ransomware attacks are becoming more common - because organizations say they'd rather not deal with the fallout that trails a breach or cyber-attack that goes public. Instead of getting law enforcement involved, they'd rather try their hands at making deals with their attackers first.


But paying ransom is short-sighted and is never a good idea. Why? Because cybercriminals rarely keep their end of the bargain. Organizations that negotiate with hackers often end up with lost data after paying a hefty ransom.


Lance James, who heads up cyber-intelligence at consultancy Deloitte & Touche, says most businesses that pay ransoms never have their data restored or their encrypted files decrypted.


During his presentation at Information Security Media Group's Fraud Summit in Atlanta, James discussed ransomware cases he has investigated. He noted that in most of those cases, businesses paid the ransom and then the attackers disappeared, never fulfilling their end of the negotiating bargain.


Of course, organizations should prepare for these types of attacks by taking steps now to ensure they have data and drive backups, and that they have strong multifactor authentication requirements for access to servers, in the event an employee's credentials are hijacked during one of these attacks.


But businesses also need to spend more time educating their staff about how ransomware attacks work, why these attacks are waged, and why reporting these attacks to law enforcement, rather than trying to handle them internally, is so critical.

The Attack Strategy

Ransomware attacks are waged in two parts. First, a PC or mobile device is infected with malware that locks the corporate user out or encrypts files so that the user can longer access them. Then a ransom is demanded through an automated message that appears on the device's screen. The user is told he or she has a limited amount of time to pay the ransom before the device will be wiped clean or the files will be erased.


The tools for these attacks are easy to buy and technical support for waging the attacks is inexpensive.


Law enforcement agencies, such as the Federal Bureau of Investigation, have advised consumers and businesses to immediately report ransomware schemes when they occur.


But security researchers say that, despite of those warnings, many businesses are opting to either pay the ransom or are engaging in direct negotiations with their attackers instead of getting the authorities involved.

Willingness to Negotiate

A new study from cyber-intelligence firm ThreatTrack Security finds that 40 percent of security professionals believe their organizations have been targeted by a ransomware attack. Of those that believe they've been targeted, 55 percent say that when under attack, they are willing to negotiate a ransom in exchange for the release of corporate data or files.


ThreatTrack's research also finds that one in three security pros would recommend to upper management that their companies negotiate a ransom to see if they could avoid public disclosure of a breach involving stolen data or files that have been encrypted as part of the attack.


In fact, 66 percent of those surveyed by ThreatTrack say they fear negative reactions from customers and/or employees whose data was compromised in a breach if those customers or employees were to learn that their organizations chose not to negotiate with cybercriminals for the return of data.


ThreatTrack's survey includes responses from 250 U.S. security professionals at companies with 500 to 2,500 employees.

Beware of a Quick Fix

When it comes to ransomware attacks waged against corporations, many victimized organizations see paying the criminals what they want as the easiest way to make the problem go away.


But criminals rarely hold up their end of the bargain, so negotiating with anyone who is demanding a ransom is just a bad idea.

Obviously, more education, from the CEO down to the employee, is needed. But we also need a shift in the corporate culture, with an emphasis on looking beyond a "quick fix" for avoiding breach publicity.

Information sharing with peers can play a critical role as well. The more we talk about these attacks and share the techniques used, the more we can learn about how to defend our networks and shield our employees from falling victim to the phishing schemes that are often used to infect systems in the first place.


Security vendors need to step up their efforts here, too. Rather than just supplying intrusion detection, they also need to provide some good-old-fashioned education.

more...
Ivan Garcia-Hidalgo's curator insight, April 8, 2015 1:33 PM

Ransomware: The Right Response #InfoSec #cybersecurity

Scoop.it!

Why Fraud Is Shifting to Mobile Devices

Why Fraud Is Shifting to Mobile Devices | IT Support and Hardware for Clinics | Scoop.it

As a result of the explosive growth in worldwide use of smart phones, mobile malware will play a much bigger role in fraud this year, predicts Daniel Cohen, who heads up the anti-fraud services group at security firm RSA, which just released its 2014 Cybercrime Roundup report.


Mobile devices will be the new focus for phishing attacks, taking the place of spam attacks that for more than a decade have been waged against PCs, Cohen, an expert on phishing trends, says in an interview with Information Security Media Group.

"Smart phone technology is the fastest adopted technology in the history of mankind," Cohen says. In 2014, 1.3 billion new smart phones were purchased by consumers throughout the world, while in 2015, forecasts suggest that another 2 billion of these devices will be shipped to consumers, he points out.

"The bad guys are looking at this ... and they understand that they have to be on those platforms and those systems," he says.

Security Challenges for Mobile

This shift to mobile fraud is posing challenges for security teams, because the methods used to protect end-users from attacks waged against PCs don't translate well for mobile, Cohen notes.

The mobile threat involves the use of what Cohen describes as "permission-ware." The end-user knowingly downloads mobile applications and gives those apps permission to run on his device, Cohen says. So when the app is malicious, the user determines the number of permissions that app will have once it's installed.

Cohen points to Svpeng, mobile ransomware identified by security firm Kaspersky Labs in summer 2014, as an example of the kind of threat that will become more common this year.

"Svpeng started out as a phishing attack on the mobile phone," Cohen says. "The app would wait for a legitimate app to launch, and once that app launched, the malicious app, Svpeng, would launch and then ask for more information. ... In 2015, we will see the mobile channel leveraged more and more in attacks like this."

In the interview, Cohen also discusses:

  • How the underground economy is evolving and fueling the rapid spread of malware and phishing attacks;
  • Why the U.S. continues to rank No. 1 for phishing attacks waged against banking brands; and
  • Why remote-access attacks waged against point-of-sale vendors are expected to increase this year.

At RSA, Cohen serves as the head of the anti-fraud services group, where he focuses on phishing attacks, malware and threat intelligence.


more...
No comment yet.