IT Support and Hardware for Clinics
32.6K views | +14 today
Follow
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...
Scoop.it!

Obama Signs Cyberthreat Information Sharing Bill

Obama Signs Cyberthreat Information Sharing Bill | IT Support and Hardware for Clinics | Scoop.it

On Dec. 18, both houses of Congress enacted the Cybersecurity Information Sharing Act, which is part of a 2,009-page $1.1 trillion omnibus spending bill (see page 1,729). CISA will establish a process for the government to share cyberthreat information with businesses that voluntarily agree to participate in the program.


The legislation is an important tool to help protect the nation's critical infrastructure, says Daniel Gerstein, former Homeland Security acting undersecretary and a cybersecurity expert at the think tank Rand Corp. "Sharing information between industry and the federal government will allow for development of countermeasure signatures that can be incorporated into networks," Gerstein says. "In the absence of such sharing, protecting networks becomes much more challenging. ... CISA is not intended to be a comprehensive bill for cybersecurity. Rather, it focuses on the exchange of information between industry and the federal government. "


Larry Clinton, president of the industry group Internet Security Alliance, says the approval of the bill by large, bipartisan majorities in both the House and Senate demonstrates the growing realization that the nation faces a major cybersecurity problem. "It speaks to the need to come together in a way rarely evidenced lately in D.C. and begin to attack this problem together," Clinton says. " It's a rare instance of our government system actually working in a bipartisan fashion for the public good."

Winner, Loser

Passage of CISA is seen as a victory for big business and a defeat for privacy and civil liberties advocates.


Consumer advocates say the new law provides limited privacy protections to Americans. They object to the lack of transparency in drafting the measure's provisions in secrecy and then inserting it into a spending bill that keeps the government operational. "This shows disrespect for the people whose privacy is at stake in this process, and who deserve real cybersecurity, not more surveillance," says Drew Mitnick, policy counsel for the advocacy group Access Now. "Simply put, we expect more from our elected leadership."


But business groups generally supported the legislation. "This legislation is our best chance yet to help address this economic and national security priority in a meaningful way and help prevent further attacks," says U.S. Chamber of Commerce President Thomas Donohue. "Government and businesses alike are the target of these criminal efforts, and CISA will allow industry to voluntarily work with government entities to better prevent, detect and mitigate threats."

Key Provisions

At CISA's core are provisions designed to get businesses to voluntarily share cyberthreat information with the government. The main incentive is furnishing businesses with liability protections from lawsuits when they share cyberthreat information, such as malicious code, suspected reconnaissance, security vulnerabilities and anomalous activities, and identify signatures and techniques that could pose harm to an IT system. The new law also will provide antitrust exemption for sharing threat data among businesses.


The liability protections alone won't get many businesses to share threat information. "A bill is not going to prompt an organization to change," says Chris Pierson, chief security officer at invoicing and payments provider Viewpost. "What it will do is help the internal teams that want to share have better ammunition for their legal counterparts and compliance people to understand that sharing of threat data and indicators is being done in a coordinated fashion. The true win here will be the communication around what to share, how to share and the business benefit for companies that share."


CISA designates the Department of Homeland Security to act as the cyberthreat information-sharing hub between government and business. Civil liberties activists wanted a civilian agency, not a military or intelligence entity such as the National Security Agency, to shepherd the flow of cyberthreat information between government and business. But the legislation will not prevent the NSA and other intelligence agencies from getting hold of the cyberthreat information.


One provision of the law will require DHS to establish an automated system to share cyberthreat information in real time with other government agencies. The law also will allow the president, after notifying Congress, to set up a second information-sharing center if needed.


CISA will require the removal of personally identifiable information from data before it is shared. However, the vagueness of the law's language could result in "more private information [being] shared than the privacy community would prefer," says Paul Rosenzweig, a former Homeland Security deputy assistant secretary for policy, who analyzed the measure's language.

Healthcare Industry Study

The omnibus bill also includes language to require the Department of Health and Human Services to convene a task force 90 days after enactment of the legislation to address the cybersecurity threats facing the healthcare sector. This task force would:


  • Analyze how other industries have implemented cybersecurity strategies;
  • Evaluate challenges and barriers facing private healthcare organizations in defending against cyberattacks;
  • Review challenges the industry confronts in securing networked security devices; and
  • Develop a plan to share cyberthreat information among healthcare stakeholders.


The task force would report its findings and recommendations to appropriate congressional oversight committees.

more...
No comment yet.
Scoop.it!

SSH support is finally coming to Windows

SSH support is finally coming to Windows | IT Support and Hardware for Clinics | Scoop.it

Furthering Microsoft’s push to support open source, the company hasannounced that it plans to add Secure Shell (SSH) support to Windows in the future.


SSH is a protocol that allows users to access the command line of remote computers.


The team behind Powershell, Microsoft’s shell environment, said that it’s been working to add SSH for a number of years but it didn’t make the cut in both the first or second versions of Powershell.


The SSH library used by Windows will be OpenSSH as it’s ‘industry proven’ and Microsoft plans to give back to the project by contributing to the core library.


There’s no hard date for SSH support landing in Windows, as it’s only in the “early planning phase,” but the news will be music to the ears of network administrators and those that support Windows at scale.

more...
No comment yet.
Scoop.it!

Do you know where your sensitive data lives?

Do you know where your sensitive data lives? | IT Support and Hardware for Clinics | Scoop.it

Challenges with tracking where sensitive and regulated data is flowing, and the inability to control that flow in outsourced environments such as SaaS cloud applications, where it can move freely between data centers and cloud provider’s partner’s systems, is a key challenge for enterprises in regulated sectors.

More than 125 attendees at RSA Conference 2015 took the survey, which was conducted via in-person interviews by Perspecsys. The results interestingly reveal a split decision when it comes to trust in Cloud Service Providers (CSPs): 52 percent of respondents say they trust their CSP to take care of protecting and controlling their enterprise data and the other half (48 percent) do not.

Enterprises need to consider encrypting or tokenizing any sensitive data before it goes to the cloud, so they retain full control of their information while it is in-transit to the cloud, while it is stored at-rest in the cloud and while it is in-use being processed in the cloud.

IDC forecasts that public IT cloud services will account for more than half of global software, server, and storage spending growth by 2018. The Perspecsys survey findings align with this projection, with 67 percent of respondents preferring to store the majority of enterprise data in the cloud – that is – if data privacy and compliance regulations could be addressed. Interestingly, the current perception remains that private cloud is more secure than its public cloud cousins. For example:


  • About half of respondents say existing or impending data privacy regulations impact up to 50 percent of their cloud strategy
  • The majority of respondents still house less than a quarter of their data in public cloud environments
  • About a third claim no public cloud use at any level (IaaS, PaaS or SaaS), as far as they know.

Via Paulo Félix
more...
No comment yet.
Scoop.it!

Why Fraud Is Shifting to Mobile Devices

Why Fraud Is Shifting to Mobile Devices | IT Support and Hardware for Clinics | Scoop.it

As a result of the explosive growth in worldwide use of smart phones, mobile malware will play a much bigger role in fraud this year, predicts Daniel Cohen, who heads up the anti-fraud services group at security firm RSA, which just released its 2014 Cybercrime Roundup report.


Mobile devices will be the new focus for phishing attacks, taking the place of spam attacks that for more than a decade have been waged against PCs, Cohen, an expert on phishing trends, says in an interview with Information Security Media Group.

"Smart phone technology is the fastest adopted technology in the history of mankind," Cohen says. In 2014, 1.3 billion new smart phones were purchased by consumers throughout the world, while in 2015, forecasts suggest that another 2 billion of these devices will be shipped to consumers, he points out.

"The bad guys are looking at this ... and they understand that they have to be on those platforms and those systems," he says.

Security Challenges for Mobile

This shift to mobile fraud is posing challenges for security teams, because the methods used to protect end-users from attacks waged against PCs don't translate well for mobile, Cohen notes.

The mobile threat involves the use of what Cohen describes as "permission-ware." The end-user knowingly downloads mobile applications and gives those apps permission to run on his device, Cohen says. So when the app is malicious, the user determines the number of permissions that app will have once it's installed.

Cohen points to Svpeng, mobile ransomware identified by security firm Kaspersky Labs in summer 2014, as an example of the kind of threat that will become more common this year.

"Svpeng started out as a phishing attack on the mobile phone," Cohen says. "The app would wait for a legitimate app to launch, and once that app launched, the malicious app, Svpeng, would launch and then ask for more information. ... In 2015, we will see the mobile channel leveraged more and more in attacks like this."

In the interview, Cohen also discusses:

  • How the underground economy is evolving and fueling the rapid spread of malware and phishing attacks;
  • Why the U.S. continues to rank No. 1 for phishing attacks waged against banking brands; and
  • Why remote-access attacks waged against point-of-sale vendors are expected to increase this year.

At RSA, Cohen serves as the head of the anti-fraud services group, where he focuses on phishing attacks, malware and threat intelligence.


more...
No comment yet.
Scoop.it!

Can technology drive meaningful cultural change in healthcare?

Can technology drive meaningful cultural change in healthcare? | IT Support and Hardware for Clinics | Scoop.it

In 2005, VitalSmarts and the American Association of Critical-Care Nurses(AACN) published a groundbreaking report called Silence Kills. They found that “among 1,700 nurses, physicians, clinical-care staff, and administrators, more than half witnessed their coworkers break rules, make mistakes, fail to support others, demonstrate incompetence, show poor teamwork, act disrespectfully, or micromanage.


Specifically, 84 percent of doctors observed colleagues who took dangerous shortcuts when caring for patients and 88 percent worked with people who showed poor clinical judgment.”


These stats are startling in and of themselves, but the most worrisome item in the report was that, “despite the risks to patients, less than 10 percent of physicians, nurses, and other clinical staff directly confronted their colleagues about their concerns.”


With nearly 200,000 people in the U.S. dying each year due to preventable medical errors, this communication chasm is a major concern – one that should be addressed immediately.


In the years following this study, there has been a strong movement by a number of companies to develop improved communication and patient safety tools. However, the 2010 follow-up study The Silent Treatment concluded, “that while safety tools are one part of the solution to improving patient care, they do not compensate for crucial conversation failures in the hospital. Silence still kills.”

The lack of communication between clinical teams can have deadly consequences. (Image Source: John Crawford via Wikimedia Commons)

Essentially, many clinicians still live in a culture of fear with respect to their ability to challenge a colleague or superior regarding patient safety issues.  The most innovative communication technologies are limited in their effectiveness if the underlying culture still punishes or ignores those who use them.  However, what if the technology itself could be used to drive the desired cultural change?  Consider the following two cases:


Case A:  A nurse notices a surgeon using a potentially non-sterile device on a patient.  If the nurse speaks up and challenges the surgeon, he or she risks insulting and potentially damaging the reputation of the doctor.  Fearing retaliation, or simply being ignored, the nurse may also stay quiet, putting the patient at risk. Neither is an acceptable option.


Case B:  Consider the same situation as above, but now the hospital is equipped with an automated system that tracks and records the movements and actions of the clinicians and equipment. The system could be invisible to the clinicians in the room. If an error occurs, whether or not the other clinicians in the room observe it, such a system could record it.


Then the clinician at fault could be singled out for the failure or the team could be disciplined for not recognizing the potential problem. In this situation, there is less fear of retaliation for the nurse who speaks up about a potential medical error, because his or her silence would allow the autonomous system to record the error and the surgeon to potentially be found at fault. Proactive intervention would prevent the error, protecting both the patient’s safety and the reputation of both the doctor and the clinical team.


In Case A, the nurse may be labeled a snitch or troublemaker, but in Case B, the exact same actions by the nurse could be viewed as positive and supportive. The difference is that such automated “black box” technologies may allow a cultural shift from individual-centric to team-centric communications.


The focus is no longer on the success or failure of the individual, but on the success or failure of the team in an effort to prevent errors. A well-known example of this would be in the aviation industry, where the “black box” concept has improved team-based communications as well as changing the underlying culture to improve both quality and safety.

Silence kills, but technology and communication, integrated intelligently, save lives.

more...
No comment yet.
Scoop.it!

Healthcare IT -- An Investment Choice For The Future

Healthcare IT -- An Investment Choice For The Future | IT Support and Hardware for Clinics | Scoop.it

The very first time I saw real innovation in healthcare IT was in 2003 in Chicago, when Linda Hall presented QuickMedix (later named MinuteClinic). What really impressed me was the simplicity of the premise, based on the easy “in and out” of 1 Hour Photo. If people could drop off their film and pick up the photos at a mall kiosk within an 1 hour, why couldn’t we do the same for diagnosing and treating common maladies such as strep throat, ear infections, viruses, high fevers and the flu? The technology wasn’t so simple, but it’s what made possible a walk-in kiosk staffed by a nurse practitioner who could see a patient, take a swab, send it via e- processing and get a read-out for a prescription within 15 to 20 minutes. That prescription could then be filled at the in store pharmacy, with the patient on their way in less in 30 or 45 minutes. I just knew this would be a success.

Linda explained what a convenience the service would be, particularly for women who often sacrifice an entire day at work getting to a doctor’s appointment with a sick child, driving to the pharmacy to get the prescription filled and finally returning home to tend to her child. This convenience kiosk, introduced at Target and CVS, could be a real breakthrough in healthcare IT and people’s lives. The company became a national success when it was recognized as a forerunner to urgent care in the US. Linda and her team successfully raised $30 million to market this service which was acquired by CVSin 2006 for $214 million.


Now, years later, one of the most robust investment categories for investors in start-up companies is healthcare technology, or healthcare IT. Much of this has been prompted by the Affordable Care Act of 2010. In that year, there were only 17 seed and Series A healthcare software and application companies that were funded. Even with this astonishingly low number, we began to see more development of healthcare IT atSpringboard Enterprises, where a raft of companies applied to the Springboardaccelerator program and three were accepted.


The numbers began to build from there; several dozen companies were screened by our expert life science advisors and 22 have since been accepted into the program. This isn’t to say that Springboard, the accelerator accepting companies founded or co-founded by women, vetted a majority of the pack out there. We are just one of many, but it was an indication that the demand for technology improvements in the market was there and the investors were buying in.


Just a few examples could illustrate the range and targets of these companies. Ubiqi Health, founded by Jacqueline Thong, developed a mobile program for tracking migraine headaches. It not only tracks migraines, but provides the user with tools to help determine what causes their onset and potential options for reducing their effect. One user named Shantel wrote on their site that, “I noticed from my Ubiqi tracker that certain foods triggered my migraines, then I changed my diet”.


The potential impact of managing migraines can be huge. For example, one study on kids with migraines revealed that kids with migraines are out of school 32 days to 3 months a year compared to an average of 3 to 13 days for other kids. Being able to manage the migraine and reduce days absent would have a profound impact on kids, teachers, administrators and healthcare providers. Ubiqi has moved into tracking other chronic illnesses such as asthma and diabetes.


ZappRX, presented in 2012 by one of our youngest entrepreneurs, Zoe Bary, is developing a mobile wallet for subscription orders. What fascinated me about Zoe’s presentation is that she taught herself to write the patent for ZappRX technology and her investment documents by researching both online. Her start-up costs were next to zilch, primarily because she took on the tasks herself. In addition she was extraordinarily confident.


And it’s a good thing that she is because what she is trying to do is take the pain out of getting prescriptions filled. So many people find glitches in the prescription fulfillment process, from connecting the doctor with the pharmacy, to providing the healthcare provider with accurate pharmacy records. ZappRX intends to make this process a pharmacy agnostic one. While that certainly would make sense for consumers, it isn’t an easy process to penetrate. The biggest pharmacy chains: Wal-MartTarget,Walgreens and CVS are more interested in keeping their customers in-house.

According to a report from CrunchBase, the number of funded companies tackling problems in healthcare rose from 17 in 2010 to 89 in 2013. That doesn’t really speak to the amount of capital invested across all 195 companies in the same period. According to a report from investment firm Rock Health, a total of $1.9 billion was invested in healthcare related-firms that raised at least $2 million in capital during this time.


Funding isn’t the only engine driving healthcare IT. The $10 million X Prize competition funded by Qualcomm and supervised by Dr. Daniel Kraft , a serial entrepreneur and faculty member at Singularity and Stanford University, is another route.  The challenge is to put “Healthcare in the Palm of Your Hand” by  enabling your vital medical signs to be transmitted on a mobile device connected to your doctor for up to the minute tracking. Imagine how that will bear fruit for early detection and treatment. This truly could be life saving


One Springboard company that raised funds is Tiatros, which presented at our class of 2012. Kimberlie Cerrone, founder and CEO, was trying to solve a problem of her own; it turned out that her son had been shipped overseas to the battle zone in Iraq. Kimberlie wanted to have all of his vital mental health and treatment information in one place in case it was needed for emergency life support in battle. She couldn’t find a simple solution to bringing all his vital information together in a combined and secure file where doctors would be able to view all other medical history at the same.


Kimberlie, who has multiple degrees in biochemistry, an MBA and a law degree, started out to find a solution. She began with her colleagues at the San Francisco Medical Center for Research. If she could figure out how to bring together patient research from various potentially unrelated fields, Tiatros could be a life saver for the troops facing traumatic brain injury in war zones.


Already proven successful in beta tests in San Francisco, she may have cracked on of the most vexing problems dogging the healthcare industry: coordination among different physicians treating the same patient, with all the medical partners accessing the same data that’s housed in a secure cloud accessible via any internet connected device. Providing that info in one place could vastly improve coordination among physicians treating a patient and reduce healthcare costs.

Without a doubt, the rise of healthcare IT start-up companies is starting to grow from a stream to a fast flowing river. The San Francisco Bay area leads the charge followed by New York, Boston, Atlanta and Los Angeles. Investors are combing the stream of start-up companies for entrepreneurs and companies that can scale.


companies have been tackling the vexing problems of making healthcare more efficient and effective since the turn of this century but early attempts during internet 1.0 just couldn’t penetrate the complex system. Now nearly a decade and a half later, we are beginning to see real traction. This is good news for the industry and consumers alike.

more...
Scopidea's curator insight, June 22, 2015 2:54 AM

Scopidea provides unique time tracker software. Time tracker software helps to record time, capture screen shot and download complete works sheet.

Scoop.it!

Ransomware: The Right Response

Ransomware: The Right Response | IT Support and Hardware for Clinics | Scoop.it

So-called ransomware attacks are on the rise, namely because targeted businesses are increasingly willing to negotiate with - and even pay - their extortionists.


Ransomware has been getting a lot of media attention of late. On April 1, security firm Trend Micro reported that since the beginning of the year, numerous variants of crypto-ransomware have been discovered in the wild, striking consumers and businesses throughout the world.

 Criminals rarely hold up their end of the bargain, so negotiating with anyone who is demanding a ransom is just a bad idea. 


Just weeks earlier, security firms FireEye and Bitdefender issued warnings about new ransomware trends that were making these attacks more difficult to thwart and detect.


Now experts are calling attention to one of the reasons why ransomware attacks are becoming more common - because organizations say they'd rather not deal with the fallout that trails a breach or cyber-attack that goes public. Instead of getting law enforcement involved, they'd rather try their hands at making deals with their attackers first.


But paying ransom is short-sighted and is never a good idea. Why? Because cybercriminals rarely keep their end of the bargain. Organizations that negotiate with hackers often end up with lost data after paying a hefty ransom.


Lance James, who heads up cyber-intelligence at consultancy Deloitte & Touche, says most businesses that pay ransoms never have their data restored or their encrypted files decrypted.


During his presentation at Information Security Media Group's Fraud Summit in Atlanta, James discussed ransomware cases he has investigated. He noted that in most of those cases, businesses paid the ransom and then the attackers disappeared, never fulfilling their end of the negotiating bargain.


Of course, organizations should prepare for these types of attacks by taking steps now to ensure they have data and drive backups, and that they have strong multifactor authentication requirements for access to servers, in the event an employee's credentials are hijacked during one of these attacks.


But businesses also need to spend more time educating their staff about how ransomware attacks work, why these attacks are waged, and why reporting these attacks to law enforcement, rather than trying to handle them internally, is so critical.

The Attack Strategy

Ransomware attacks are waged in two parts. First, a PC or mobile device is infected with malware that locks the corporate user out or encrypts files so that the user can longer access them. Then a ransom is demanded through an automated message that appears on the device's screen. The user is told he or she has a limited amount of time to pay the ransom before the device will be wiped clean or the files will be erased.


The tools for these attacks are easy to buy and technical support for waging the attacks is inexpensive.


Law enforcement agencies, such as the Federal Bureau of Investigation, have advised consumers and businesses to immediately report ransomware schemes when they occur.


But security researchers say that, despite of those warnings, many businesses are opting to either pay the ransom or are engaging in direct negotiations with their attackers instead of getting the authorities involved.

Willingness to Negotiate

A new study from cyber-intelligence firm ThreatTrack Security finds that 40 percent of security professionals believe their organizations have been targeted by a ransomware attack. Of those that believe they've been targeted, 55 percent say that when under attack, they are willing to negotiate a ransom in exchange for the release of corporate data or files.


ThreatTrack's research also finds that one in three security pros would recommend to upper management that their companies negotiate a ransom to see if they could avoid public disclosure of a breach involving stolen data or files that have been encrypted as part of the attack.


In fact, 66 percent of those surveyed by ThreatTrack say they fear negative reactions from customers and/or employees whose data was compromised in a breach if those customers or employees were to learn that their organizations chose not to negotiate with cybercriminals for the return of data.


ThreatTrack's survey includes responses from 250 U.S. security professionals at companies with 500 to 2,500 employees.

Beware of a Quick Fix

When it comes to ransomware attacks waged against corporations, many victimized organizations see paying the criminals what they want as the easiest way to make the problem go away.


But criminals rarely hold up their end of the bargain, so negotiating with anyone who is demanding a ransom is just a bad idea.

Obviously, more education, from the CEO down to the employee, is needed. But we also need a shift in the corporate culture, with an emphasis on looking beyond a "quick fix" for avoiding breach publicity.

Information sharing with peers can play a critical role as well. The more we talk about these attacks and share the techniques used, the more we can learn about how to defend our networks and shield our employees from falling victim to the phishing schemes that are often used to infect systems in the first place.


Security vendors need to step up their efforts here, too. Rather than just supplying intrusion detection, they also need to provide some good-old-fashioned education.

more...
Ivan Garcia-Hidalgo's curator insight, April 8, 2015 1:33 PM

Ransomware: The Right Response #InfoSec #cybersecurity