3 Excuses Businesses Believe That Put Data At Risk … Do You?

3 Excuses Businesses Believe That Put Data At Risk … Do You?

Today’s best run companies are moving away from their “no” and “slow” policies on security, and are making better managed, more enhanced business decisions that support their efforts both in the present and in the near future. Security doesn’t have to be difficult, but it does take the mindset and the aptitude to learn to run it like a business, no matter how large or small your operation is.

Excuse #1 Security is a plug and play system

Every business, no matter how big or small, has a variety of risks associated with doing business.

Your data may be at risk when an employee surfs the Internet, visiting sites that allow viruses and other harmful programs to have instant access to computers.

Your client files may be at risk if they are not properly guarded.

Your documents and archives may be at risk if they are opened and used on unsecured programs and devices.

And that’s just the beginning.

Yet many businesses approach data security in a plug and play way. They purchase one off-the-shelf system and expect it to work for everything. They piece together a few inexpensive modules and expect it to offer full coverage.

Yet to be fully covered, you have to start by looking at where all of your risks exist, and choose programs and devices that leave you fully covered, internally and externally.

Excuse #2 Current security practices have worked well in the past

Most businesses have a hard time keeping up with the ever-changing world of security. Security challenges typically fall into three categories:

  • Complex, individualized threats
  • Increased regulatory pressures
  • Protection from ever-changing technology (mobile, social, cloud, etc)

Yet because each of these threats can change every day, it’s difficult for most businesses to develop strong policies to compensate the risk. IT departments must deal with legacy systems, perform with lower budgets and smaller talent pools. There also tends to be a lack of visibility throughout the company, understanding what information is truly critical, its worth, and having different levels of management understand the difference.

As a result, many companies exist in reactionary mode, choosing new technology based on “coolness” rather than how it fits into the overall system.

Excuse #3 Security is one small department within the business

Especially for upper management, it’s easy to push aside security risks and allow the IT department to handle all aspects. IT security is often thought of as a black hole division – upper management may not truly understand the risks, and it’s even more difficult to demonstrate cost justifications for new and upgraded features.

Senior executives must be involved in the decision making process of choosing security systems to take full responsibility for the risks of the business. We recommend a systematic approach from beginning to end, from the collection of data, to performance, to analyzation. This should cover all aspects of the enterprise, including financial impact, vulnerabilities, asset management, incident and threat reporting, and full compliance information.

Reducing your security risk doesn’t have to be difficult, but it does take a well thought out plan. No matter how long your security plan has been on the back-burner, there’s no better time than today to change and bring it to the forefront of conversation.

Defining Your Digital Strategy

Defining Your Digital Strategy

Of all the technologies and trends emerging in today’s business environment, which will significantly alter tomorrow’s landscape? Which will revolutionize the way people live and work? How will wearables be incorporated into our lives? Where will robotics and artificial intelligence have the greatest impact?

More importantly, which of these emerging technologies will matter most to your organization?

If your business is like most, you probably have a lot of strategies in place. A business strategy for the mission of your business. A marketing strategy to attract the right customers. They are fairly straightforward to understand and create.

Then comes a digital strategy. What is it? Who prepares it? What’s involved in creating one, and carrying it through from beginning to end? That’s where most businesses get lost in transition because there is no commonly understood definition.

In our minds, digital strategy is the process of identifying, formulating and executing digital opportunities that will help your business do what it does best. It makes the road easier to travel. It gives you more time in your day. It leads to giving you a competitive advantage.

And in our minds, one of the most critical words in the definition is “process”. A digital strategy is always a process – a progression – that has a starting point, an overall approach, and milestones to meet as you travel towards a destination that can be both acknowledged and unknown. What’s involved?

Find your audience – Your audience will dictate your behavior. This involves defining how you will engage with them, what they demand, and how they will grow over time.

How to communicate – How does your audience communicate with you and your product/service? How are others in your industry using technology? Communication should always be based on delivering the best user experience.

Finding the technology sweetspot – What technology is your customer base comfortable using? What technologies can address current and future needs in a better way? While you’ll also need to understand self-imposed limitations based on budgets, the intersection is your sweetspot.

Co-create solutions with your customers in mind – It’s easy to get caught up in delivering the best solutions for the end user, without taking into consideration what the end user really desires. Keeping feedback in the loop can help you identify trouble spots and weaknesses, and overcome them quickly and efficiently. Top technology isn’t always the best choice if the end user doesn’t understand it and has trouble using it.

Remember, a digital strategy is a process, not a solution. A digital strategy is ever-changing, ever growing to meet you and your customers most critical needs.

What’s your digital strategy? If you have any questions, I’m here to help.

Is Your Practice Ready For Telemedicine?

The entire healthcare industry is currently under significant change. The Affordable Care Act has increased the number of Americans with health insurance. And while that has increased the number of people seeking out medical care, at the same time the number of doctors graduating and seeking employment in the healthcare system is decreasing. Predictions show the US will be short by as many as 91,500 physicians by 2020, with that number swelling to more than 130,600 by 2025.

Enter telemedicine. Even though it’s important to build a long term solution to rectify the shortage, telemedicine has a way of quickly taking over the impact of this shortage. It may be something your practice is considering for a variety of reasons.

It can increase physician productivity

A physician’s time is very valuable. Yet physicians often find themselves with a lot of wasted time throughout the day left empty by patient cancellations or scheduling problems. Telemedicine services can allow a physician to use downtime productivity, meeting with more patients that truly have a need.

It can provide specialty services even in remote locations

Doctor shortages are especially high in the rural communities. While they may have generalists on hand, rarely are specialists in place. Telemedicine can relieve shortages, and bring in the right people for the patients most in need.

It can initiate collaboration

As more doctors build up unique specialties, working on cases specific in nature, telemedicine allows them to share that expertise with other doctors from around the world. This can bring fast acting solutions to conditions that may have otherwise gone untreated.

Yet with all of the benefits also comes risk.

Patient records are at greater risk

With more people needing access to patient files also comes more risk. It’s important to choose programs that can easily be accessed by any doctor or medical personnel you choose to do business with, make the process easy and seamless from any device in the world, while at the same time meeting the highest standards of control.

Cloud applications can increase risk

While there is a growing trend for medical practices to use cloud based storage and applications to eliminate the costs of having to maintain internal systems, and to allow access to data across a variety of electronic devices from anywhere in the world, choosing cloud based applications should be done with care. Chosen vendors should be analyzed for their security standards to ensure your data is well cared for at all times.

Different locations, different rules

Collaborating with a doctor in a different state increases your risk. But when you open up your patient files to medical personnel from different countries, the risks increase tenfold. Is your data being encrypted as it’s being uploaded or downloaded for view? Are the devices safe and secure on both ends? Do all parties meet your safety standards?

While the only thing that is for sure in the coming months and years within the medical world is change, there are ways to better prepare yourself and your business to ensure safety throughout. If you have questions about risks associated with the new way of running a modern day medical practice, give us a call.

Are Medical Devices A Cyber Security Risk For Your Healthcare Practice?

Are Medical Devices A Cyber Security Risk For Your Healthcare Practice?

It’s all the makings of a good spy novel. Hackers and terrorists find a weakness in medical devices installed in patients, use the breech to infiltrate the highest level of data within the medical system, and do serious damage in a lot of ways. Not only can they access sensitive and sometimes top secret information, they have total control over life and death situations as well.

It may not be fiction at all.

Two years ago, 60 Minutes reported on a situation where Dick Cheney’s cardiologist ordered that the heart defibrillator’s wireless features be disabled back in 2007 for fear a hacker could penetrate the device and kill Cheney.

A few years later, security researchers began demonstrating how easy it was to hack into things like pacemakers, defibrillators, and insulin pumps. Health care providers and the FDA alike took note and started demanding change. But that hasn’t stopped the ever-growing popularity hackers have in finding weak points and penetrating them.

In today’s world, the threat extends beyond taking control over a medical device to do patients harm. Hackers can now use a medical device such as a pacemaker or a defibrillator and go straight into their networks. This means hackers – whether they are a one-person hacker seeing what they can do, or an organized crime ring with hostile or terrorist goals – can exploit security vulnerabilities to gain unauthorized access to a providers system. And once inside, they have access to medical information, financial information, and can do everything from disrupt service to commit fraud. And injure patients in the process.

As these threats become more of a reality, all medical practices from the very largest hospitals down to the sole practitioner office, must take measures to insure safety for both their data and their patients.

Inventory and keep tighter controls on all devices

Rather than leaving medical device tracking up to individual offices and/or doctors, establish a centralized unit to inventory and track all data. This inventory is essential in allowing IT to conduct routine security risk assessments as well as detect and analyze unknown risks.

Develop policies for medical device security

Health care personnel put in charge of procuring new medical technology often aren’t aware of the security risks these devices pose. To compensate, adding a security and privacy evaluation policy as a part of the procurement process can help locate vulnerabilities before investing in the product. It is especially important to map out the data flow and understand where weaknesses lie along the path. Sometime seeing where sensitive data is weakest can lead to fixing problem spots easily.

Control access

There are many people that have access to medical device data. Employees are your first level of access. They may access the system all day long for everything from patient files to billing information. From there, you may be outsourcing specific tasks for your practice, such as transcription services or medical billing tasks. Even vendors pose a risk when they provide third-party systems and programs that help you run a more effective office.

To ensure a breech doesn’t occur, it is important that sensitive data occupy its own place in the network, away from anything involved in daily operations or ongoing management of the organization. Data segregation is crucial in maintaining adequate protection against your most sensitive data. Close monitoring of vendor access is also a crucial requirement, modifying and removing programs and access once the vendor’s work is complete or you move to a new system.

The best place to start is to collaborate with the device manufacturers and learn all you can about the safety features of the product. Many companies are now implementing their own cyber security controls, offering security updates, patches, and guidance as changes are made. Through collaboration, you can quickly make these changes in-house, and make your internal data less vulnerable to outside threats.

Also realize individuals who are working hard to exploit medical devices for their own gain have time and resources on their side. The only way to safeguard data is to pool resources throughout an organization and collectively address the security risks head on. If you would like to talk further about implementing safety procedures into your own practice, give us a call.