March 2016

Ransomware: A New Global Issue for Health Care

In February of this year a cyber attack on multiple hospitals in multiple places around the globe took place. This was achieved using a software commonly known as ransomware.  Ransomware is a type of malware that is installed by hostile agents that prevents or limits users from accessing their own system.  After the infection, the agents of the malware notify the attacked parties that they will remove the malware only on payment of a ransom.  Hence the term “ransomware”.

This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back (patients data in the case of hospitals). The implications regarding HIPAA compliance are significant. 

Although ransomware is usually aimed at individuals, this incident makes it clear that businesses, including those in the healthcare field, can be threatened by these types of cyber attacks as well. The most widely knransomewareown case of a hospital being in the cross hairs involved Hollywood Presbyterian Medical Center, in Los Angeles. This resulted in the hospital paying about $17,000  to the attackers to unlock its data. Unfortunately, given the risk the hospital faced, they had little choice.

The ransomware attack in California was followed by one in Germany on February 11th, which was generated by an email. This time the hospital involved took a different course of action.

“The hospital said that it had complete backups, meaning that it could wipe and restore affected systems, and noted that all patient data was already encrypted, which forestalled any potential data loss. But as a precautionary measure, the hospital reportedly took all of its systems offline until they were fully restored, rescheduled 20 percent of its surgeries and shifted less-severe emergency care to neighboring hospitals” according to this article.

Of course this method is a fairly extreme measure, and many institutions may not have the same type of backup system that would permit such a restore. The fact that the hospital had all of their files properly encrypted was an obvious advantage.

Titus Regional Medical Center, which is located in Mount Pleasant, Texas was similarly targeted. Their data was forcibly encrypted by ransomware and they were unable to access it.  The resulting action taken by the facility is as of yet unknown.

Until recently the targets for ransomware were individuals. And while it may seem obvious in retrospect, the new developments concerning Hospitals caught some off guard. The change in focus to the hospitals is a change in tactic.

The article also explains the similarity of the infection tactic: “the attacks differ little from what’s previously been seen in the wild. Indeed, the mechanics of ransomware attacks are well-known, starting with attackers’ malware-distribution tactics, all the crypto-ransomware we encountered in 2015 was distributed either by drive-by-download attacks or by macro malware in spam emails.”

The recent ransomware encroachments on hospitals is a new development and of obvious concern to anyone working in the healthcare field. What started off as cyber attacks on individuals has now made the obvious leap to businesses, including reputable hospitals worldwide.  As they continue their efforts to target business, steps will be taken to avoid the damage done. But its a learning process, and as it’s a relatively new development sometimes it’s (unfortunately) easier to simply pay the price.

For more information on the recent ransomware incidents involving the hospitals mentioned in this blog please click on the link below.

http://www.healthcareinfosecurity.com/ransomware-hits-hospitals-a-8872

RingRx Office Phone Capabilities

At RingRx we realize that most companies with an interest in updating the way they manage their on call schedule are actually “window shopping” for a proper fit. There are of course some options available to you and your business. And the overriding desire is a need to progress beyond the old school way of managing these calls (the switch board operator being a common example).

In addition to offering a HIPAA compliant phone system, our services also include a mobile app, easy access to the on call schedule that you obiphone1022set up for your practice, and a physical phone system. The advanced office phones are what I’d like to touch on in this blog.

The phones that are offered as part of your service are the Obi1000 series, a technically advanced user friendly office phone with the best possible clarity available on the market. These are the actual physical phones for your office to be used by you and your staff. Of course these phones provide a seamless interface between our Cloudphone and user portal, making it easy to navigate and operate the system.

Here are some of the more exciting features that you get with an Obihai phone:

 

  • High-Definition ‘HD’ Voice Technology for Crystal-Clear Call Clarity – Service Dependent
  • OBiTALK Cloud Management and Service Configuration
  • Large Vivid Color Display – User Configured Themes and Multi-Dimensional Navigation
  • Full-Duplex Speakerphone with Built-In Class D Amplifier and Audio Equalizer
  • Dual Ethernet Ports with Power over Ethernet (PoE) Support – External 12v Power Supply Included

 

 

Communication in a HIPAA Environment

We live in a world where we are connected through technology like never before. Most of us can remember a time before the Internet and instant messaging. And those of us that can remember such a time (not so long ago) can appreciate how far we’ve come. From both a personal and a work standpoint the ability to communicate virtually instantaneously with each other regardless of distance is, for the most part, taken for granted these days, but is no less incredible.

However, in regards to the Health Care industry there are still some obstacles to overcome. Especially when considering the necessary compliance to HIPAA. For instance, a regular email is not encrypted and therefore not HIPAA compliant. Which is why a patients personal information is not included in an email, not if the Health Care professionals involved wish to avoid a possible fine for noncompliance.

Reencryptcent advances in encryption technology have taken place that enable safe, secure and most importantly HIPAA compliant emailing to take place. It is a technical service that allows patient information to be sent and received securely and legally. One such service called “Tiger Text” is making the goal of secure encrypted emailing a fact.

Tiger Text offers a system that operates the same way as SMSs or emails. If you are familiar with emails, then you will understand the basics of the HIPAA compliant system offered by them. You can add files/pictures and all the usual attachments that you are familiar with when sending a regular email.

The bonus of using a system like Tiger Text (the overall selling point really) is that compliance to HIPAA is regulated by the technology itself. There is nothing for the user to have to do personally to make it work. Which is naturally helpful to anyone who works in Health Care; with the millions of other things on your plate, worrying about properly encrypted emails should not be an added headache to your already busy day. This seems like a very useful technology and is the focus, in regards to HIPAA compliant messaging, for many hospitals and clinics both large an small.

The advantages of having your patient related emails HIPAA compliant are obvious. So this is definitely a service worth investigating. There are several companies that are providing this service and Tiger Text seems to be one well worth your consideration.  Click on the link provided below to learn more.

 

http://www.tigertext.com/hipaa-compliance-for-email/

 

A Game Plan for HIPAA

It’s not that surprising that Health Care providers and hospitals/clinics are sometimes in violation of breaking HIPAA compliance. However it is probably much more prevalent than people realize. The Health Insurance Portability and Accountability Act (HIPAA) has been around for over a decade, first being enforced in 2004.  And although it is referenced often and is in general principle understood by most people, including patients and Health Care professionals alike, it still is a time consuming and sometimes difficult practice to adhere to.

The unsettling news is that, regardless of size and influence, most medical establishments are at some point in danger of violating HIPAA compliance. Luckily there are more ways available to the Health Care field in recent years to make such deviations less likely. Most have to do with the encryption of patient information, proper training for employees and an overall understanding of the laws involved.

There are some hipaa imggggggbasic tools at your disposal when it comes to complying with these laws. It’s obvious that companies in the Heath Care field want to avoid costly fines and lengthy law suits, so most are instigating these practices.

First of all it’s important to have some workforce training. If the employees in your company are properly trained and HIPPA certified then it’s less likely your organization will be in violation. In addition it is extremely helpful to instigate annual refresher courses. This will help keep everyone up to date and mistakes in adherence will be less likely. It’s basically a way to reacquaint your staff with HIPAA guidelines.

As much as you as a Health Care professional plan ahead and study, in some cases it is almost unavoidable that an issue will arise. Therefore it is good practice to have some sort of contingency plan to help deal with instances where a possible violation has occurred.  You should have some sort incident response in place to deal with the possibility. Be ready to document and address the cause of these discrepancies, it’s an important process that will have you prepared for violations should they arise.

For more information on how you can best prepare yourself and your staff in regards to HIPAA compliance please follow this link.

Download our whitepaper on
What a Phone Upgrade Should Look Like
Find out the shortcomings of "typical" solutions