Overcoming Security Overload

There are too many security tools not providing comprehensive solutions.

You have to be reactive and proactive when it comes to IT security. There is always some vendor or service that states that they have a different, better, more inclusive security solution. You buy these solutions to protect your organization against security breaches. You install firewalls, SBCs, and other perimeter solutions, but a new threat seems to emerge every day. You invest in training your users, but they still cause the majority of security headaches. The CISO and staff are on overload.

Too Few – Too Many Tools

You install the proper security tools, but is this enough? Should you work with a cloud service that has more resources and staff than you, or implement DIY solutions? There appears to be no absolute answer to these security questions. If you have the budget, you could duplicate what the cloud service offers, but that is assuming the cloud security service is invulnerable — not likely.

Cloud Security Alliance surveyed more than 200 IT/IT security professionals, and the resulting report, “IT Security in the Age of Cloud,” explores how recent trends in IT management and security are shaping IT security budgets and talent acquisition. The charts in this article are taken from the report. For the full article click here 

from health IT caucus http://ift.tt/2aAd10z
via IFTTT

How to avoid ransomware attacks: 10 tips

Nigerian princes are no longer the only menaces lurking in an employee’s inbox. For healthcare organizations, schools, government agencies and many businesses, ransomware attacks—an especially sinister type of malware delivered through spear phishing emails that locks up valuable data assets and demands a ransom to release them—are a rapidly-growing security threat.

“We’re currently seeing a massive explosion in innovation in the types of ransomware and the ways it’s getting into organizations,” says Rick McElroy, security strategist for cyber security company Carbon Black Enterprise Response. “It’s a big business, and the return on investment to attackers is there—it’s going to get worse.” While ransomware has existed for years, 2015 saw a spike in activity. The FBI received 2,453 complaints, with losses of over $1.6 million, up from 1,402 complaints the year before, according to annual reports from the bureau’s Internet Crime Complaint Center. And the numbers are only growing in 2016, the FBIreports.

“The Dark Web and Bitcoin allow almost anyone to sell stolen data without identification—cyber criminals understand they can make easy cash without the risk of being jailed,” says Ilia Kolochenko, CEO of web security company High-Tech Bridge. And hackers—most of which are located in developing countries—are growing more sophisticated, even developing downloadable ransomware toolkits for less-experienced hackers to deploy, according to the 2016 Institute for Critical Infrastructure Technology Ransomware Report.

For the full article click here 

from health IT caucus http://ift.tt/2anbQy5
via IFTTT

Should You Stop Sending Private Messages Over Email?

With another high profile hack in the news, it’s worth asking: Can anyone trust email anymore?

The breach of the Democratic National Committee’s email by the website Wikileakspublished a trove of over 20,000 emails. It reminds us of the urgency of concerns surrounding cyber security.

“No email that you’ve ever written is ever deleted. There’s always a copy out there,” says Stephen Ward, a vice president with Pinkerton, an expert in risk management and security who specializes (among other things) in electronic security. “So you should always use that common sense approach: If this is something that’s groundbreaking for my company or it could change the world, should I send that in an email? Probably not.

One of the biggest problems with cyber theft, he explained, is the online data can’t be destroyed. Once a user’s secrets are released, they’re gone.  For the full article click here 

from health IT caucus http://ift.tt/2aAcVGa
via IFTTT

Infographic: The 5 phases of a ransomware attack

Ransomware is the most profitable type of malware attack in history—and attacks will only get worse in the future, according to Cisco Systems’ midyear report on the state of cyber security, released Tuesday. It’s now important for employees to understand the different phases of an attack and best practices to prevent them.

Ransomware is “weaponized encryption,” said James Scott, senior fellow and co-founder of the Institute for Critical Infrastructure Technology, and co-author of the 2016 Institute for Critical Infrastructure Technology Ransomware Report. Attacks involve malware delivered through spear phishing emails that lock up valuable data assets and demand a ransom to release them.

Hackers who previously used ransomware only to secure money from individual users are now looking to steal data from larger hospitals and corporations and sell it on the Dark Web, Scott said. For the full article click here 

from health IT caucus http://ift.tt/2anc5cK
via IFTTT

Fighting the ‘cyber caliphate’s’ social media addiction

10 tips to avoid ransomware attacks

As ransomware increasingly targets healthcare organizations, schools and government agencies, security experts offer advice to help IT leaders prepare and protect.

Nigerian princes are no longer the only menaces lurking in an employee’s inbox. For healthcare organizations, schools, government agencies and many businesses, ransomware attacks—an especially sinister type of malware delivered through spear phishing emails that locks up valuable data assets and demands a ransom to release them—are a rapidly-growing security threat.”We’re currently seeing a massive explosion in innovation in the types of ransomware and the ways it’s getting into organizations,” says Rick McElroy, security strategist for cyber security company Carbon Black Enterprise Response.

“It’s a big business, and the return on investment to attackers is there—it’s going to get worse.” While ransomware has existed for years, 2015 saw a spike in activity. The FBI received 2,453 complaints, with losses of over $1.6 million, up from 1,402 complaints the year before, according to annual reports from the bureau’s Internet Crime Complaint Center. And the numbers are only growing in 2016, the FBI reports.

“The Dark Web and Bitcoin allow almost anyone to sell stolen data without identification—cyber criminals understand they can make easy cash without the risk of being jailed,” says Ilia Kolochenko, CEO of web security company High-Tech Bridge. And hackers—most of which are located in developing countries—are growing more sophisticated, even developing downloadable ransomware toolkits for less-experienced hackers to deploy, according to the 2016 Institute for Critical Infrastructure Technology Ransomware Report.

“The days of grammatically incorrect, mass spam phishing attacks are pretty much over,” says James Scott, senior fellow and co-founder of the Institute for Critical Infrastructure Technology, and co-author of the report. Hackers can now check a victim’s social media accounts, and create a fake email address pretending to be a friend or contact in order to get them to click on an infected link or attachment.

For the full article click here 

from health IT caucus http://ift.tt/29ZwhFi
via IFTTT

HHS Issues Funding for Information Sharing and Analysis Organization

According to a news release, the HHS’ Office of the National Coordinator for Health Information Technology (ONC) and Assistant Secretary for Preparedness and Response (ASPR) have announced two funding opportunities for an Information Sharing and Analysis Organization (ISAO) for the healthcare and public health sector.

“Establishing robust threat information sharing infrastructure and capability within the Healthcare and Public Health Sector is crucial to the privacy and security of health information, which is foundational to the digital health system,” said Karen DeSalvo, M.D., M.P.H., M.Sc., national coordinator for health IT. “This coordinated resource will focus on sharing the most up-to-date threat information across the health and public health sectors and will better equip health systems to identify potential threats and further protect electronic health information.” The funding calls for and information sharing center to provide cybersecurity information and education on threats in the industry, as well as expanded outreach and education to make sure cybersecurity information is available industry-wide. For the full article click here 

from health IT caucus http://ift.tt/2asbeft
via IFTTT

APIs and Apps: The Potential Keys to Health Data Exchange

APIs, known as application program interfaces, are sets of routines, protocols, and tools used when building software applications. Though seemingly small, APIs and their use with apps might just hold the key to achieving interoperability between electronic health records (EHRs), or so the Federal government is hoping.

Earlier this year, Acting CMS Administrator Andy Slavitt named some guiding principles to the way regulators plan to interpret the reimbursement revolutionizing Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), including:

• Health care providers will be rewarded for using technology to improve care outcomes;
• Providers will be able to customize their health IT;
• Interoperability will be a top priority, through the implementation of Federally recognized, national interoperability standards and a focus on real-world uses of technology.

Apps, such as Blue Button, have been used for years, to exchange and store electronic health records. Open-source APIs could make interoperability even more achievable by allowing the exchange of secure health data through the cloud.

How important are APIs to the future of health care? Federal officials at the Office of the National Coordinator for Health Information Technology (ONC) say they are “pretty important.” For the full article click here 

from health IT caucus http://ift.tt/2atUkKv
via IFTTT

Protecting Information Assets with Data Loss Prevention

The modern healthcare ecosystem is all about data and what we can do with it, which is why Data Loss Prevention (DLP) tools should be on everyone’s list of priority solutions to implement. I used to say that DLP solutions paid for themselves based on their ability to control exfiltration, and therefore reduce the risk of breaches, but these solutions are becoming far more important than that. DLP tools have the ability to help users take control of information and do what is really important—manage it from cradle to grave.

DLP is often characterized as a security technology, but more accurately it should be characterized as an enterprise-level information management solution. DLP tools enable users to identify where sensitive information lives within the enterprise, as well as where it’s going, how it’s getting there, and who is using it. Users can also use DLP tools to manage access and storage of data on endpoints, including external destinations like the cloud. In short, it enhances awareness of what is going on with information, enables users to better control those actions, and helps to protect against unauthorized disclosures and loss of data. For the full article click here 

from health IT caucus http://ift.tt/2atUEso
via IFTTT

In-Hospital Prescriptions Boost Medication Adherence by 29%

With lacking medication adherence among diabetics costing the industry billions of dollars, researchers are trying to mitigate the solution with scalable and sustainable solutions.

Making medications available at the point of care can improve medication adherence rates by up to 29 percent, according to recent research published in the American Journal of Managed Care. The study involved an analysis of diabetic Medicare patients in an at-risk hospital serving a predominantly minority population. By examining medication adherence rates for three types of diabetes medications – oral antidiabetic agents, cholesterol medications, and blood pressure medications – the researchers were able to determine the efficacy of physician-led point of care medication delivery systems (POCMDS). Overall, the researchers found adherence improvements for all three medication classes, ranging from 17 to 29 percentage points. Adherence rates for oral antidiabetic agents rose by 17 percent, cholesterol medications by 29 percent, and blood pressure medications by 21 percent. For the full article click here 

from health IT caucus http://ift.tt/2asaUNQ
via IFTTT

VA Continues Pursuit of EHR Interoperability with DoD

Covenant Health Selects Cerner’s Enterprise-Wide Clinical, Financial and Population Health IT System

Tennessee health system to implement one unified system across entire continuum of care

KNOXVILLE, Tenn., July 25, 2016 (GLOBE NEWSWIRE) — Covenant Health, an integrated not-for-profit health system based in eastern Tennessee, has selected Cerner’s comprehensive suite of integrated health care information technology (IT) solutions to support clinical, financial and population health management initiatives, resulting in a Clinically Driven Revenue Cycle™ across the enterprise’s acute hospitals and nearly 100 ambulatory facilities.

“To advance our goal of providing excellent care for every patient, we needed to select a robust IT system that could effectively and efficiently support multiple aspects of our health system operations,” said Jim VanderSteeg
, president and CEO, Covenant Health. “We are confident that Cerner’s enterprise-wide functionalities will help us deliver high-quality care with the goal of improving health outcomes. We believe that Cerner’s predictable total cost-of-ownership will also contribute to Covenant’s financial stability and strength.” For the full article click here 

from health IT caucus http://ift.tt/2a88nT5
via IFTTT

UMMC Agrees to $2.75M HIPAA Settlement after Multiple Violations

The University of Mississippi Medical Center allegedly had multiple HIPAA violations that caused a health data breach, leading to a $2.75 million HIPAA settlement with the Office for Civil Rights.

Following numerous reports of alleged HIPAA violations that led to a healthcare data breach, the University of Mississippi Medical Center (UMMC) recently agreed to a $2.75 million HIPAA settlement. The Office for Civil Rights (OCR) explained on its website that it had investigated UMMC because of a reported health data breach that reportedly affected 10,000 individuals. Following the investigation, OCR determined that the medical center did not take adequate risk management security measures, even after UMMC was aware of certain risks and vulnerabilities to its system. For the full article click here 

from health IT caucus http://ift.tt/2a87mdO
via IFTTT

HHS Targets Population Health, Big Data with $36M in Grants

What Kaine’s record reveals on health care

The Clinton campaign plans to steer clear of Obamacare at the DNC, and hospital charity care spending significantly fell after the ACA’s coverage expansion took effect. But first: What we’ve learned about Hillary Clinton’s new running mate on health care.

KAINE’S HEALTH RECORD REVEALS PROGRESSIVE, PRAGMATIC GOVERNOR — Tim Kaine navigated Virginia politics to enact a number of public health efforts, like an indoor smoking ban and an expansion of health IT, and he also balanced progressive priorities against his own moral compass. (More on that in a moment.) At the same time, some of his biggest aspirations — including coverage expansion in Virginia — weren’t fully achieved. More for Pros on Hillary Clinton’s running mate, from me. … One reason Kaine’s full ambitions on health care went unrealized? “He is the only governor on record whose general fund revenue at the end of his administration … was less than he had four years earlier,” said Wayne Turnage, who served as Kaine’s chief of staff. “That’s how bad the budget was. … A lot of the things he wanted to do, he just couldn’t get any new money.” For the full article click here 

from health IT caucus http://ift.tt/2a93f4z
via IFTTT

Kaine has a health IT pedigree

HILLARY’S VP CHOICE HAS A SOLID HEALTH TECH RECORD: As governor of Virginia, Tim Kaine helped build one of the country’s best statewide telemedicine networks. The UVa Center for Telehealth has 152 partners across the state who have provided more than 50,000 virtual visits in 60-plus specialties, reports David Pittman. As governor from 2006 to 2010, Kaine built telemedicine services with state money and funding from the FCC and the Health Resources and Services Administration. He successfully pushed for a law requiring insurers to reimburse use of the technology.

…. Two of Kaine’s cabinet members — Secretary of Technology Aneesh Chopra and Secretary of Health and Human Resources Marilyn Tavenner — became senior federal officials. Chopra was the country’s first chief technology officer, and Tavenner administered the Centers for Medicare and Medicaid Services from 2011 until 2015. “Kaine wanted to apply technology to solve public policy problems,” says Chopra, who told POLITICO’s Dan Diamond that “Kaine has been at the forefront” of modernizing health care to prepare the ground for value-based care.

In the Senate, which he joined in 2013, Kaine did not sit on the key Finance, HELP or Commerce committees but supported much of the tech industry agenda, as Pro’s Tony Romm reports. Like Hilary Clinton, he’s been a big supporter of science and technology education and training. For the full article click here 

from health IT caucus http://ift.tt/2a87Kcq
via IFTTT

Smartphone-based system may improve health of patients with chronic diseases

A new study shows how mobile technology can allow patients to work collaboratively with clinicians to improve their health. The research, which appears in an upcoming issue of the Clinical Journal of the American Society of Nephrology (CJASN), may signal a paradigm shift in the model of healthcare delivery.

Self-management has been advocated as a way for patients to cope with the challenges of living with a complex chronic disease and gain some measure of control over their own health. It’s important that it be thoughtfully integrated into the overall goals of care, however.

With this in mind, a team led by Alexander Logan, MD FRCP(C), Stephanie Ong, BScPhm, MSc, and Vanita Jassal, MD FRCP(C) (University of Toronto, University Health Network, and Mount Sinai Hospital) recruited 47 patients with chronic kidney disease into a 6-month study on the potential of a smartphone-based system that enabled patients to monitor their blood pressure, assess their symptoms, maintain an accurate medication list, and view key laboratory test results. Patients, of whom 60% had never used a smartphone, received real-time personalized feedback, and providers received alerts when treatment thresholds were crossed or critical changes occurred. For the full article click here 

from health IT caucus http://ift.tt/27jhaLJ
via IFTTT

Community patient care transformed by technology support

The iPads have been bought by Seaton and District Hospital League of Friends to assist patients struggling with the demands of speech and communication

(Devon, UK) Patients based in a South Devon town who have communication and swallowing difficulties are benefitting from the use of two iPads with a variety of specialised apps.

The iPads were purchased by Seaton and District Hospital League of Friends. The first one is intended for inpatients at Seaton Community Hospital requiring communication support, with extra applications to enhance staff training.

The second iPad will be utilised in the local community for assessment, ongoing communication therapy and education.

Seaton Community Hospital has a number of admissions due to medical events that can affect communication, such as motor neurone disease, stroke, Parkinson’s Disease, multiple sclerosis and dementia.

As a result of these conditions, it can be very difficult and frustrating for patients to communicate the most basic of needs.

Dr Rob Daniels, a Seaton GP, backed the purchase of the iPads and Sue Renyard, community speech and language therapist, will use the technology to help with assessment and ongoing support. For the full article click here 

from health IT caucus http://ift.tt/1UQ1yuB
via IFTTT

Out Of The Lab – Into The Real World

For one determined Spanish health IT decision maker, it’s time to stop all the telemedicine and mHealth pilots – and make these promising approaches a part of mainstream healthcare practice instead.

Ask Jordi Piera Jiménez what he sees as his contribution to the healthcare organisation he leads the IT for, and you’ll get an answer you may find surprisingly broad: “To drive internal and external innovation, helping the rest of the C-suite to understand what is technologically possible today and in the near future to create new competitive advantage, products and services in order to increase the efficiency and the efficacy of the care system.” For the full article click here 

from health IT caucus http://ift.tt/1SnudUr
via IFTTT

As Healthcare Changes, So Must its CEOs, CFOs, COOs…

To keep up with big changes in how healthcare is administered, financed, and organized, top leaders are finding a need for new talents and organizational structures.

Healthcare reform as a term has become so ubiquitous that it is almost indefinable. At first, and broadly, it meant removing the waste in an excessively expensive healthcare system that too often added to the problems of the people whose health it aimed to improve. Then it became legislative and regulatory, in the form of the Patient Protection and Affordable Care Act and its incentives aimed at improving the continuum of care and expanding the pool of those covered by health insurance.

Now, for many in the industry, healthcare reform has matured into a business imperative: the process of ingraining tactics, strategies, and reimbursement changes so that health systems improve quality and efficiency with the parallel goal of weaning us all off a system in which incentives have been so misaligned that neither quality nor efficiency was rewarded.

That leaders finally are able to translate healthcare reform into action is welcome, but to many health systems trying to survive and thrive in a rapidly changing business environment, the old maxim that all healthcare is local is being proved true. Making sense of healthcare reform is up to individual organizations and their unique local circumstances. Fortunately, there are some broad themes and organizational principles that are helpful for all that are trying to make this transition. What works in one place won’t necessarily work in another, but the innovation level is off the charts as healthcare organization leaders reshape what being a leading healthcare organization means as well as what it requires.

No blueprint to follow

In some ways, Methodist Le Bonheur Healthcare in Memphis is fortunate. As a health system with 2013 total revenue of $1.66 billion, it holds a dominant position in its market. But because that market remains “99% fee-for-service,” says Michael Ugwueke, MPH, DHA, FACHE, its president and chief operating officer, Methodist’s long-term position dominating its market may be in doubt.

Without value-based contracts, the benefit of the work Methodist does to reorganize care and improve outcomes currently accrues to the payer; yet without the work to reorient to risk-based contracts that are likely in the future, Methodist will be woefully underprepared, he says. For the full article click here 

from health IT caucus http://ift.tt/1WwPH5u
via IFTTT

Global healthcare IT sector raised $1.6 bn in Q2 2016: Mercom

Led by the Chinese companies, global healthcare IT sector raised $1.6 billion in 140 deals in the three months ending June, up 33% compared a year ago period, said a report by research firm Mercom Capital Group, llc on Wednesday.

With healthcare IT companies raising $1.4 billion in 146 deals in the first quarter of the year, the first half of 2016 saw a total of $3 billion funding in 286 deals,  a 50% increase compared to nearly $2 billion raised during the same period in 2015.

Healthcare IT VC funding in the second quarter of 2016 originated from 12 countries worldwide, the report said. For the full article click here 

 

from health IT caucus http://ift.tt/2a91fdm
via IFTTT

Commentary: The truth about EHR and digital health ‘snake oil’

The healthcare industry is at a unique crossroads in regards to innovation. Has the urge to innovate accompanied with the consumerism of care driven us down a path that could impact clinical quality? Perhaps. At least that is what American Medical Association’s (AMA) CEO James Madara, MD cautioned in his original and expanded comments regarding digital health technologies as the 21st century’s “digital snake oil.” These three little words generated strong reactions on both sides.

HIMSS, PCHA and many others agree that misleading technologies guised as clinically valuable applications have no place in healthcare. But we must be careful not to lump all digital health technologies under one umbrella as many have already had a positive impact on people’s lives and our healthcare system as a whole.

Let’s celebrate how far digital health has come
Digital technologies have already improved care delivery in a number of areas. Organizations such as the Children’s Hospital of Pittsburgh of University of Pittsburgh Medical Center (UPMC) have implemented digital technologies that provide warning alerts for patient deterioration; in the program’s first year, UPMC clinicians prevented 132 intensive care unit visits for children and $5 million in savings. Missouri Health of the University of Missouri Hospital demonstrated the power of clinical decision support with catheter removal procedures as they reduced their Catheter-Associated Urinary Tract Infections by 25 percent (rates went from 6.0 to 4.5 in one year). For the full article click here 

from health IT caucus http://ift.tt/29OGtMv
via IFTTT

Using Disaster Recovery Planning for Healthcare Data Security

Updating Progress of FHIR, C-CDA Health IT Standards at ONC

Andy Murray becomes ambassador for digital health

(Scotland, UK) Murray’s involvement will raise awareness of the DHI’s work, as well as promoting skills and educational and career opportunities for young people.

The DHI’s project portfolio is worth over £4m and includes in excess of 100 projects involving more than 50 companies, 15 of Scotland’s universities, 25 third sector organisations and more than 1,000 members from over 20 nations.

Murray uses technology and data to improve his performance on court and has stated that maintaining his own health throughout the long tennis season is key to his success.

Speaking of his new role, Murray said: “My partnership with the DHI has come about because I am really interested in how digital technologies can improve health. I obviously have a personal interest in that area because anything that can improve my own health will only improve my performance on court. The work that DHI are doing is changing lives and solving some really important health and care challenges, at home and abroad, and I am proud to be supporting their work.” For the full article click here 

from health IT caucus http://ift.tt/29OGmjN
via IFTTT

Are Healthcare CISOs Suffering from Cybersecurity Solution Fatigue? An Expert Probes Some of the Issues

A recent Institute for Critical Infrastructure Technology report provided some intriguing thoughts about the pressure facing CISOs to keep their organizations secure and how they are combating information and vendor solution overload.

Given the often-reported high value of health data, healthcare organizations are facing ongoing and escalating cyber threats. In fact, media reports about ransomware attacks and data breaches against hospitals, health systems and medical practices seems to be occurring on a weekly basis at this point.

In a recent report, James Scott, a senior fellow at the Institute for Critical Infrastructure Technology (ICIT), a Washington, D.C.-based cybersecurity think tank, points out that a well-informed CISO can improve the engagement of the C-suite and improve the cyber posture of the organization.

“Due to the plague of APTs, malware, ransomware and other malicious initiatives by invisible adversaries, few C-level executive positions are as critical as the CISO,” Scott writes.

For the full article click here 

from health IT caucus http://ift.tt/29DUbBC
via IFTTT

Yale researchers launch Hugo health IT platform

A team of researchers from the Yale School of Medicine and the Yale New Haven Health System have partnered to launch Hugo, a new cloud-based health IT platform that allows users to acquire their own health data for participation in studies.

Researchers say Hugo gives people a secure way to access their electronic health records from a variety of healthcare systems, synchronizing their data with a large research database. There are features that allow users to contribute additional information through wearing certain devices and providing answers to questionnaires.

“This could be a game changer,” Harlan Krumholz, MD, SM, the Harold H. Hines Jr. Professor of Medicine at the Yale School of Medicine, director of the Yale-New Haven Hospital Center for Outcomes Research and Evaluation, and a Hugo developer, said in  a prepared statement.  “Hugo harnesses the very latest in digital health technology and puts patients in the center, making them true research partners.”

“We believe this is going to be a new era of discovery,” Robert J. Alpern, MD, dean of the Yale School of Medicine, said in the same statement. “It’s going to ensure that we’re doing research better, less expensively, and in a way that fully respects and honors those who participate.”

The first research study to use Hugo will focus on “hospital readmission and emergency department use after hospital discharge.” The Yale Center for Clinical Investigation, Yale-New Haven Hospital, and Yale Medical Group are all assisting the Yale School of Medicine with the study. For the full article click here 

from health IT caucus http://ift.tt/27jhaez
via IFTTT

UnitedHealth’s exit won’t kill ACA exchanges

Although UnitedHealth Group Inc.’s withdrawal from public health insurance exchanges in all but a “handful” of states will reduce competition, its exit doesn’t spell doom for the future of the Affordable Care Act exchanges.

UnitedHealth said last week that it will exit nearly all of the 34 states where it sold coverage on health insurance exchanges this year amid slow enrollment growth and an unhealthy population that have dented its profit. It said it expects to lose $650 million this year on exchange business, on top of $475 million it lost last year.

The Minnetonka, Minnesota-based insurer will bow out of 2017 exchange offerings that include Arkansas, Connecticut, Georgia, Louisiana, Michigan, Oklahoma and Tennessee.

UnitedHealth will, however, sell plans on exchanges that include Nevada and Virginia next year, the states’ insurance departments confirmed. For the full article click here

from health IT caucus http://ift.tt/1XRWFj0
via IFTTT

China’s Espionage Dynasty: Economic Death by a Thousand Cuts

July 28 @ 5:30 pm – 8:30 pm

ICIT is pleased to host a briefing on its forthcoming publication entitled “China’s Espionage Dynasty: Economic Death by a Thousand Cuts”

Advanced Persistent Threat Groups based in China are among the most notorious perpetrators of cyber-crime against American public and private sector organizations.  Whether for financial gain, corporate espionage or intelligence gathering, these APTs are stealing trillions of dollars’ worth of intellectual property and have quickly become one of the largest threats to our National Security.

Join ICIT experts as we discuss the findings of the Institute’s research on Chinese APTs and identify strategies to protect our Nation from this adversary, as well as hear about threat intelligence initiatives during our Federal Perspectives session. For more details about the event , Click Here 

from health IT caucus http://ift.tt/29rCw4C
via IFTTT

ICIT Brief – China’s Espionage Dynasty: Economic Death by a Thousand Cuts

The criminal culture of theft that has been injected into virtually every line of China’s 13th Five-Year Plan is unprecedented. From state sponsored smash and grab hacking and techno-pilfering, to corporate espionage and targeted theft of IP, never before in recorded history has IP transfer occurred at such a rapid velocity.

In this report, entitled “China’s Espionage Dynasty: Economic Death by a Thousand Cuts,” ICIT offers a comprehensive analysis of the primary structure of Chinese espionage initiatives and discuss the layers of espionage and theft as well as the malicious actors who carry out these overt and covert attacks on Western industry.  Specifically, this report discusses:

• China’s Thirteenth Five-Year Plan
• Economic Impact of Intellectual Property Theft
• The Structure of Chinese Espionage
  • Covert Spy Structure
  • Joint Staff Department
  • Second Department
  • Third Department
  • Fourth Department Read The Full Article Here 

from health IT caucus http://ift.tt/29PJhO7
via IFTTT

Vegetable oils are a health boon

Flax seed oil, rapeseed oil, olive oil and even avocado oil – there are dozens of edible vegetable oils which can form a part of a healthy balanced diet.

Cold pressed olive oil is one of the healthiest oils which is widely available. High in monounsaturated fats,  which are linked to good heart health, it is also jam packed with vitamins and anti-oxidants. These are the compounds which help ward off cancer and premature ageing.

The first pressing ‘virgin olive oil’ is definitely the best when it comes to health. Every time olive oil is processed, it contains less of the important active ingredients although it also becomes more affordable. Avocado oil has recently become more popular and is also high in monounsaturated ‘healthy fats.’ However, it is expensive and not widely available.

Flax seed oil is high in omega-3 long chain fatty acids, which are normally found in fish oils. Vegetarians or people on restricted diets can obtain these essential fatty acids, which are important for maintaining the brain, from this source. However, the form of omega-3s in flax seed oil is not so easily converted to useable EPA and DHA, so someone may still need to take supplements. For the full article click here

from health IT caucus http://ift.tt/1T09B55
via IFTTT

ONC webinar clears up ONC HIT Oversight Enhancement proposed rule

The Office of the National Coordinator for Health IT (ONC) held a webinar to address questions raised from the publication of the ONC Health IT Certification Program: Enhanced Oversight and Accountability Proposed Rule in March.

The rules aims to further enhance the safety, reliability, transparency and accountability of certified health IT for users by modifying the ONC Health IT Certification Program to reflect the widespread adoption of certified EHRs and the rapid pace of innovation in the health IT market.

The webinar speakers, Michael L. Lipinski, JD, director of the Department of Health and Human Services’ (HHS) Division of Federal Policy and Regulatory Affairs; and Mark A. Knee, JD, senior policy analyst, cleared up some “incorrect press” by detailing what the rule does and does not enable.

It does not create new certification requirements for health IT developers or create new certification requirements for health IT for providers participating in Department of Health and Human Services programs.  The proposed rule also does not establish a means for ONC to directly test and certify health IT. ONC’s authorized certification bodies (ACBs) will continue to test and certify health IT. It does not establish regular or routine auditing of certified health IT by ONC.

The proposed rule does enable ONC to directly review already certify health IT products, increases ONC oversight of health IT testing bodies and enables increased transparency and accountability by making identifiable surveillance results of certified HIT publicly available. For the full article click here 

from health IT caucus http://ift.tt/1NzU24E
via IFTTT

The Forrester Wave™: Privileged Identity Management, Q3 2016

The 10 Providers That Matter Most And How They Stack Up 

Why Read This Report In our 22-criteria evaluation of privileged identity management (PIM) providers, we identified the 10 most significant vendors — Balabit, BeyondTrust, Bomgar, CA Technologies, Centrify, CyberArk, Dell, Lieberman Software, ManageEngine, and Thycotic — and researched, analyzed, and scored them. This report shows how each provider measures up and helps security and risk (S&R) professionals make the right choice.

Key Takeaways Centrify, BeyondTrust, And CyberArk Lead The Pack

Forrester’s research uncovered a market in which Centrify, BeyondTrust, and CyberArk lead the pack. Thycotic, ManageEngine, CA Technologies, and Lieberman Software offer competitive options. Balabit, Dell, and Bomgar lag behind.

S&R Pros Are Looking For Ease Of Administration, And Behavioral Analytics

The PIM market is growing because more S&R professionals see PIM as part of the layered solution to address their top cyberthreat and data breach prevention challenges. This market growth is in large part due to the fact that S&R pros increasingly trust PIM providers to act as strategic partners, advising them on top PIM decisions.

Scalability, Windows Privilege Escalation, And Behavioral Analytics Are Key Differentiators

As the PIM market matures (especially when the password safe is concerned), customers are looking to see proven, easily manageable, and scalable PIM solutions that offer productized help desk integration, cloud support, Windows privilege delegation and escalation, their own behavioral analytics of privileged sessions, and PIM-as-a-service availability. Read the full Report here

from health IT caucus http://ift.tt/29BbfdC
via IFTTT

ONC Shares Updates on Health IT Certification Transparency

Why the State Department is so bad at security

In the process of essentially exonerating Secretary Hillary Clinton‘s use of a personal email system, FBI Director James Comey nevertheless slammed the State Department’s email security and handling of classified documents.

People who spoke to CNBC said that State has, for a long time, shown a disturbing lack of seriousness about information security. While some of this can be attributed to the nature of the agency’s mission — “We’re required to be outward-facing, we’re required to communicate, we’re required to foster dialogue,” said agency spokesman John Kirby — other patterns of behavior are less explicable, they said.

One former government employee told CNBC the problem is endemic.

“I completely agree that the State Department has a lax approach to security,” said a former U.S. federal employee who worked with the State Department on classified things and spoke to CNBC.com on condition of anonymity. “I experienced it several times myself in terms of their handling of classified information both in print and in speech.” For the full article click here 

from health IT caucus http://ift.tt/29wC6aC
via IFTTT

NSA Looks to IT Industry to Harden Vulnerable U.S. Nets

U.S. intelligence agencies, including the National Security Agency, are increasingly turning to commercial solutions in their efforts to head off the alarming number of cyber attacks that culminated in last year’s massive breach at the U.S. Office of Personnel Management.

With critics complaining that government agencies have done little since the OPM attack to harden their networks, NSA’s Information Assurance Directorate is seeking vendor solutions through a program called Commercial Solutions for Classified (CSfC) program. Among its goals is “developing new ways to leverage emerging technologies to deliver more timely [information assurance] solutions for rapidly evolving customer requirements,” the program’s web site explains.

Security analysts note the effort seeks to reduce the time required to certify secure architectures and devices from years to months or weeks. The effort also reflects broader U.S. efforts to reform a moribund government acquisition system by adopting industry best practices. For the full article click here 

from health IT caucus http://ift.tt/29DfGHE
via IFTTT

InfoGPS Puts Cyber Risk in to Dollars and Cents; Gives IT Security a Seat at the Table

INFOGPS NETWORKS v2.04 RELEASE NOW PROVIDES THE FINANCIAL IMPACT OF A DATA BREACH ACROSS ANY SEGMENT OF AN ORGANIZATION.

North Canton, Ohio – InfoGPS now brings “financial impact” reporting into their data security platform with their latest software release – Version 2.04. The software company automates the discovery, classification and risk ranking of unstructured and semi-structured data across large enterprise networks and small business alike, so organizations can understand what sensitive data they possess, how much they have, where it all resides and who has access to it.

Now, with Version 2.04, InfoGPS has added the financial impact, in dollars, that sensitive data represents to the organization with their new Economic Cyber Value™ feature. The feature allows a customer to assign a Cost Per Record to each piece of personal identity information (PII), personal credit information (PCI), and personal health information (PHI). Clients may also define any other type of sensitive information unique to their business model. InfoGPS will provide industry specific risk values to assist clients who are assessing this risk for the first time.

• Boards of Directors and Officers can now set thresholds on cyber risk based on financial impact; the same way they do for the rest of the operation. They can also now evaluate the effectiveness of spending to reduce those financial risks, and establish proper metrics to ensure mitigation efforts are providing the proper reduction in economic exposures.
• Individuals responsible for requesting budget dollars to acquire new security controls will be able to quantify the economic risk they are attempting to protect and compare that risk to the cost of acquisition.
• Individuals who approve expenditures will now have the ability to compare costs with the economic benefits of a solution. For the full article click here

from health IT caucus http://ift.tt/29i1VbT
via IFTTT

ICIT Report: Utilizing the NSA’s CSfC Process- Protecting National Security Systems with Commercial Layered

The acceleration of State Sponsored and Mercenary APT cyber-attacks, each of which possess new and more innovative layering of stealth and sophistication, has triggered a much needed response by the National Security Agency’s (NSA) Information Assurance Directorate (IAD). A more expedient path to technology approval has been introduced for qualified organizations. As a result, the NSA’s IAD is seeking vendor solutions to improve the national cyber-posture through the creation of a comprehensive and timely process and the establishment of the Commercial Solutions for Classified (CSfC) program.

In this report, entitled “Utilizing the NSA’s CSfC Process:  Protecting National Security Systems with Commercial Layered Solutions,” ICIT provides an overview of the CSfC Process and addresses common misconceptions regarding how commercial and government entities can leverage CSfC.  Specifically, this report discusses: For the full article click here

from health IT caucus http://ift.tt/29qWzyz
via IFTTT

eHealth Week 2016 puts patient centre stage

Last month’s eHealth Week, in Amsterdam, The Netherlands, sent out a key message about the role of the patient in healthcare. “We live in a time where the shift from doctor-centred to patient-centred healthcare draws every closer,” said Vytenis Andriukaitis, European Commissioner for Health and Food Safety. “eHealth Week places great emphasis on putting patients centre stage in developments and discussions on eHealth”.

For the full article click here 

from health IT caucus http://ift.tt/29hQNwq
via IFTTT

Technavio Announces Top Three Emerging Trends Impacting the Global Electronic Health Records Market Through 2020

Technavio’s latest report on the global electronic health records (EHR) market provides an analysis on the most important trends expected to impact the market outlook from 2016-2020. Technavio defines an emerging trend as a factor that has the potential to significantly impact the market and contribute to its growth or decline.

Amit Sharma, a lead analyst from Technavio, specializing in research on IT professional services sector, says, “The global EHR market is expected to exceed USD 28 billion by 2020, growing at a CAGR of more than 5%. The is greater adoption of EHR in developed economies as compared to developing economies owing to IT budget constraints in developing countries. The adoption of EHR systems in the European healthcare IT market is increasing at an exponential rate so as to increase the quality of patient care.”

The top three emerging trends driving the global EHR market according to Technavio ICT research analysts are:

• Increased adoption of predictive analytics
• Proliferation of health and fitness device and application
• Integration of telemedicine and EHR is on the rise

Increased adoption of predictive analytics

Big data and analytics is no more a buzzword in the healthcare industry as a range of analytical tools and statistical modeling are being used in hospitals to get structured and meaningful insights about clinical and non-clinical operations. Healthcare organizations generate massive amount of clinical data such as patient health data and non-clinical data such as administrative and financial data. The ever increasing volume, variety, and velocity of clinical and non-clinical data have compelled healthcare organizations to implement statistical tools, data science, and mining technology. For the full article click here 

from health IT caucus http://ift.tt/29lb8o7
via IFTTT

RWJF Predicts Healthcare Spending Will Drop By $2.6 Trillion By 2019

Study investigates implications of slowdown in health spending growth for the future.

According to the findings of an Urban Institute report funded by the Robert Johnson Woods Foundation, healthcare spending is anticipated to be $2.6 trillion less than projected between 2014 and 2019, when compared to initial 2010 projections. Study authors note that, despite signs of spiking health spending in 2014, the evidence suggests that spending growth has slowed once again. Researchers based their findings on health expenditure data from CMS and said they adjusted each year for the absence of the sustainable growth rate system for physician payment rates in Medicare.

The authors attributed the projected drop in national healthcare spending to the effects of the Supreme Court’s ACA decisions and sequestration in the Budget Control Act of 2011, as well as the recession and subsequent sluggish economic recovery. “There are many potential drivers of the recent slowdown in spending growth rates, and no one can be sure how MACRA may impact spending going forward,” said Katherine Hempstead, a senior adviser at the Robert Wood Johnson Foundation. “If this healthcare spending growth slowdown continues, spending will be trillions less before the end of the decade.” For the full article click here 

from health IT caucus http://ift.tt/29lb4F1
via IFTTT

Look to Income Inequality to Help Explain Population Health

Two of the big stories of 2016 have been about income inequality, which has been a significant part of the presidential election campaigns, and the increasing focus on population health in the U.S. health care system. These two are strongly connected. Indeed, if you believe the classic definitions of population health, income inequality is a, if not the, primary driver of disparities in health status. But in the contemporary U.S. context, “population health” tends to mean doing a better job at managing the care of patients along the continuum — focusing more on prevention and targeting social and medical interventions for those folks for whom we are at highest financial risk.

In contrast, scholars outside the United States view population health as much closer to the classic notions of social determinants of health. International (non-U.S.) researchers and policymakers attempt to isolate the contributions that socioeconomic factors make to health status and intervene accordingly, politics willing. In the United States, however, population health is more about the health and health care of people posing financial risk than about factors affecting the health status of the entire population such as housing, education and income. For the full article click here 

from health IT caucus http://ift.tt/29hQLoe
via IFTTT

Bexley to launch data sharing initiative to improve adult services

(London, UK) The new data sharing initiative will allow secure sharing of key information from health and social care organisations in a ‘view only’ service.

This will merge key information from hospitals, community health bodies and GPs’ patient records and from local authorities’ social care systems into one record for each person.

Connect Care is an information sharing partnership involving the local authorities of Bexley, Lewisham and Greenwich.

Key health and social care professionals will be given restricted access to the Connect Care hub and users will adhere to strict health and social care confidentiality standards.

A diabetes nurse based in Greenwich said: “I use it for looking up recent blood results and checking which medications people are taking (and how often they are ordering) prior to my diabetes clinics.   For the full article click here 

from health IT caucus http://ift.tt/29lb7R5
via IFTTT

ICIT Fellow Insights: The Ransomware Epidemic

In ICIT’s 2016 report entitled “Combatting the Ransomware Blitzkrieg”, the institute shed light on what later became one of the most talked about cybersecurity phenomenon of the year. During this discussion, ICIT Sr. Fellow Parham Eftekhari and ICIT Fellow Cindy Cullen discuss the key takeaways from the report to give listeners an overview of how ransomware works, who is a target, and how organizations can protect themselves. For the full article click here 

from health IT caucus http://ift.tt/29huWrx
via IFTTT

THE HEALTH SECTOR’S CYBER -HYGIENE EPIDEMIC

Nietzsche said, “All great things must first wear terrifying and monstrous masks in order to inscribe themselves on the hearts of humanity”. Unfortunately, for the health sector the issues of ransomware, malware and hackers must worsen before things improve. This is not a sadistic estimation; rather, it is a prediction that the healthcare communities victimised by cybersecurity attacks will not be galvanised to action until significant impact has already occurred. Sadly, only after the threat is tangible, and the attack surface left unobscured will organisations shift their culture to address the threats looming on their threshold.

The latest digital epidemic to take the healthcare sector by storm is crypto ransomware. Ransomware is nothing more than weaponised encryption. It is unique in cybercrime because in order for it to be successful, it requires the victim to become a willing accomplice after the fact. Ransomware is dangerous because it requires virtually zero technical aptitude, so practically anyone can do it. Healthcare organisations, which used to be off-limits to cyberadversaries, are now the primary targets of many cyberthreats. This shift occurred recently, when healthcare organisations began digitally retaining more customer data, and when hospitals such as Hollywood Presbyterian hospital began to pay to end ransomware and other attacks.

The Threat: Facts

There are two primary cyber-criminal groups that capitalise on these unique attack vectors against hospitals; script kiddies and hackers for hire (aka Mercenary Hackers). Script kiddies are the toxic, parasitic ‘hacker wannabes’ clinging to the fringes of dark web forums. They possess limited, if any, tech sophistication and wreak havoc on the global population by spamming ransomware without any particular target. They are able to capitalise off of the few people that fall for the spoofed emails that read as if they are coming from online retailers or payment systems, for example. For the full article click here 

from health IT caucus http://ift.tt/29gWoWE
via IFTTT