fbpx

Cyber Extortion: Don’t Be a Victim

We’ve all seen movies where a couple of thugs in trench coats walk into a store, take a look around and say something like, “Nice place you got here, shame if something were to happen to it.” Many people might think the days of extortion went away with the end of mob-run New York and Chicago, but it’s still alive and well on the internet — in the form of ransomware.

To make things worse, as the world has been buckling down with the COVID-19 pandemic, hackers have been working overtime to take advantage of lax cybersecurity. But before we get into how to protect your company from ransomware threats, let’s see how we got here.

Understanding the Problem

For those unaware, ransomware is a form of computer virus that allows a hacker to enter your system and lock you out of every file and program you use. Then, out of the goodness of their hearts, the hackers give you two options: pay them a set amount of money or lose access to everything forever.

Ransomware has been around for decades (and we’ve written many blogs on the topic) but it has proliferated exponentially in recent years. The main reason for this is because it works. Merely stealing your information and then selling it can make them money, but not nearly as much as ransoming that same information to its rightful owner.

Over the course of just a few months (Q4 of 2019 to Q1 of 2020), Forbes magazine stated that overall attacks rose by 25%. Why such a rise? Well, it could have something to do with payouts also rising by 33% within that same timeframe. With that kind of increase, it’s no wonder why hacking is a growing industry.

Ransomware in the Age of Covid-19

When the pandemic started, many people began working from home. For many of us, working from home presents no problems at all, but for others, it creates a whole list of issues that won’t be resolved until their whole department can be back in the office.

This has especially been the case with IT departments. While it’s true that they can do a lot of their work remotely, sometimes they just need to be in the server room to do their job. And don’t think for a minute that hackers don’t know that.

With so many fractured IT departments out there, businesses have been getting swarmed with attacks. For example, the city of Florence, Alabama was attacked just a few weeks ago and said that paying the $300,000 demand was better than having its citizen’s information exposed and for sale.

Even more recently, Honda was attacked by a cybercriminal that actually ended up shutting down production. Ransomware is getting more dangerous by the day.

The New Frontier

The recent pandemic has taught us that we don’t need as many people in the office or even at the factory as we thought we did. Work can be done via automation or with remote workers and keep the business running. That means that our businesses can become even more efficient than ever before. It also means that if a hacker were to get into your system, the damage can be even more devastating.

With the way businesses are depending more and more on technology, your entire business can grind to a halt from a single bad decision someone took when opening the wrong email.

Lighting Can Strike Twice

Imagine your company has been a victim of a ransomware attack and the crisis passes. Perhaps you paid the hacker or were able to gain access to your system again some other way. Now imagine that life has gone back to normal until one day the unthinkable happens: you get hacked again with a ransomware demand.

Sadly, this is not a one-off situation. In fact, not only can this happen to a single business, but it can happen to multiple parts of an organization. One of the most famous examples of this is when a single school is hacked, then multiple other schools in the same district get hit with the same ransomware, one by one.

The reason this is somewhat common in the tech world is that organizations can have similar (or identical!) safety protocols across the board. It’s a lot less work for a hacker to work this way than to go search out other targets every time they want a hit. However, we all know one of the biggest reasons we’re unprepared is because we all think it can’t happen to us. The harsh reality is that’s what all the businesses who were hit thought too.

What Can You Do?

While it’s true that hackers are getting more sophisticated every day, the majority of their attacks are opportunistic. Hackers take the path of least resistance, so if they can enter your system by Carol in accounting falling for a phishing scam, or if your IT department did not update their protocols after a previous attack, they’ll take that route.

That’s where we come into play. By dealing with a company to work on your behalf, you don’t need to worry every time someone logs into your system. And why should you waste all that time? Any effort you put into protecting your system is effort that could have been spent growing your business. By having us go over your current system and helping you implement a better one, you stand a much better chance when the internet goons come for your data.

How Secure is Your Data?

Hacking, Phishing, Ransomware, and over-all Data Breaches are on the rise. It seems that every advancement we make with data security, hackers are able to find a way through.

In this blog, we will discuss the importance of keeping your data secure. While we are using Medical Offices as an example, this information crosses over to almost every industry. If you use cloud storage, proprietary software, and store personal data, this blog holds valuable information for you.

Your Clients Put Their Trust in You

Medical professionals are not only entrusted with caring for the health of their patients, but also for keeping their information private. Given that, it’s no wonder why physicians must be some of the most trustworthy people in our communities.

However, on the other end of the spectrum are those who actively look to take advantage of the information that medical practices and hospital systems have accumulated over the years. But why are medical records so valuable and what can be done to protect them?

Richer Than You Think

Medical databases are among the top targets for hackers with more and more breaches taking place each year — but why? CBS News reported that while a social security number may be worth $1 and a credit card number $110 on the dark web (average numbers), a single medical record can be worth a whopping $1000 or more!

The reason for the value is that your medical records typically have more personal information than any other source out there. This may include your social security number, address, phone number, banking information, and a lot more. With so much at play, it’s no surprise why hackers are starting to focus more on these records than any other.

Who’s Bears the Responsibility?

Everyone in the healthcare industry in the US is aware that HIPPA prevents sharing medical information except under particular circumstances. But what if that information left your hands and was spread involuntarily? Although it may be a gray area, there’s still the strong likelihood that the medical office could be held liable, at least in a civil court — especially if they haven’t done everything possible to avoid the hack. Don’t forget that data breaches cost the healthcare industry upwards of $6 billion per year.

How to Protect Your Patients — and Yourself

Managed Service Providers (MSPs) are often used by the medical industry to help avoid such situations. One way we do this is by helping these customers when it comes time to update ICD codes, (International Classification of Diseases). This can be tricky since HIPPA approved systems aren’t always the easiest to upgrade. Not only is the computer update important, but the people updates are as well.

Also, there is plenty for your MSP to do in helping you avoid HIPPA violations. For instance, any device used that contains or has access to patient information needs to be encrypted. In 2016, one iPhone that was lost at a single facility ended up created a $650,000 fine. Remember: it’s not your fault if the device is lost or stolen, but it is your fault if you failed to encrypt the information beforehand.

In a similar vein, when you dispose of older devices, you can’t just toss them in a dumpster and go about your day. These devices must be wiped clean, often in a way more substantial than just deleting records. While that might be acceptable if you want to dispose of your personal devices, those who understand computers can quickly get access to files that weren’t properly deleted. A good MSP can make that happen as part of their standard service.

Who Watches the Watchers?

Where you store your data is also a major part of data security. As we previously mentioned, some medical practices have used standard cloud storage and paid a heavy price when data was easily breached. While it’s true that cloud storage is easy and often a more inexpensive option, you have far less control over the information and the security of that data if it is out of your hands. Unless you use a top-of-the-line service, your data will be vulnerable as weaker services make prime targets for hackers. After all, why go after an individual when you can get data from thousands of companies at once through a cloud service?

Even if you decide to go with local storage, who has access to your data? With the genuine value of these records along with the absolute risk of liability, if things go sour, you need to be very careful with whom you allow access to the database. MSPs make sure that not only will your information be safe, but that the people who oversee your databased have all the proper education and certifications to avoid any problems down the line.

Bottom Line

Let’s get real for a second here. Medicine and medical technology are advancing at breakneck speeds. Would most people feel comfortable with a physician who hasn’t been to a class or conference since graduating from medical school? Of course not!

Data security is exactly the same. As hackers become more and more advanced, MSPs must stay one step ahead of them to protect our clients. That’s why we make it a point to continually train our team on new security options and protocols.

If you don’t have a robust security plan in place for your office or business, don’t wait to give us a call. Every moment you’re not protected is a moment of opportunity for a pirate to rob you over your clients’ trust and confidence.

If your organization is starting to fall behind over a lack of attention to your IT, contact us today. Our expert team will be more than happy to evaluate your needs and help you implement and maintain the most reasonable and secure solution. The only thing you have to lose is sleepless nights.

Who Makes Your IT Purchases?

This month we’ve been discussing the value of updating your current technology. We are using Medical Offices as our example, but in reality, this information is important to all small businesses. In this week’s blog, we will discuss the pitfalls of sticking your head in the sand by being resistant to change.

Let’s assume that everything we’ve said about upgrading your technology resonated with you, and you agree 100% — now what? Well, decisions have to be made. What kind of hardware will you be using? What about the software? When do you plan to make changes, and what’s your budget? Do you plan to hire new people for this undertaking or do you plan to use a vendor? But perhaps the most crucial question of all is, who will make the final decision?

While this might seem like an odd question, the truth is that many offices don’t have a go-to person for these types of decisions. Or maybe the person who is currently in charge of this may be too busy, too distracted, or not the best person to do so.

Who is your Decision Maker?

One of the biggest problems with a lot of medical practices is that they often don’t work like your typical business. While most traditional companies might have an owner, a president, or simply a manager, this isn’t always the case when it comes to doctors.

Medical practices, like attorney firms, typically use a partnership model where they may have more than five or six doctors who own the business and are in charge of making most of the larger decisions. While it’s true they often use office managers, these position holders usually handle the day-to-day operations and aren’t given the authority to make decisions for large purchases or contracts. But even if there’s only one person at the top, the decision may still not be an easy one to make.

A Question of Qualification

There is no doubt that doctors are qualified to do their jobs. Few professions require as much education and experience before they can start their career path. Even so, that expertise does not extend to understanding technology in their offices. Why is it that someone with the skills to cut you apart then put you back together can look like a deer in headlights when confronted about server clients, cloud systems automation, and WANs? Probably because this was never a taught to them in their years of medical school.

But in defense of these physicians, there is a lot more to IT than simply understanding computers. For instance, understanding budgeting is an essential part of any IT desision. Even if you have the money, just buying everything there is does not a good IT system make. Having a thorough understanding of the specific needs — including future needs — of the office is crucial before spending a single penny.

In addition, healthcare systems are some of the most difficult to set up and manage because of strict government regulations regarding patient privacy. While there are plenty of great software programs that can help the office run smoothly, HIPPA compliance should be at the front of your mind before implementing anything. Sadly, it seems that many software programs (and even operating systems) don’t go out of their way to answer whether or not they are HIPPA compliant, so you need people who can find out that information to help you make the correct decision.

Here Today, Gone Tomorrow

It’s no secret that technology is moving at breakneck speeds these days, so if you’re not making efforts to keep up, you can fall behind in a blink of an eye. New solutions for storage, operating systems, and security are being developed almost daily. Also, there may be a need to upgrade systems for other reasons, such as when it’s becoming clear that your needs are growing or evolving.

Again, this process is difficult for any business but much more so in a medical environment, mostly because of HIPPA compliance. This may either lead a practice to fall out of compliance or choose to forgo upgrading in general to avoid a situation like that, even at the expense of efficiency. A major reason for this is a lack of guidance, with people having a very specific specialty being unaware or unsure of what needs to be done to upgrade.

This can cause major problems down the line as the most common solution to this problem tends to be a piecemeal replacement process. A computer here or a printer there may seem like a reasonable way to get things done, but the fact is that it ends up costing a lot more than making regular replacement of all outdated equipment at once. Additionally, it can make migrating files and systems much more complicated in the future since all these different pieces of equipment will be running various operating systems or in other ways be non-uniform.

If you find yourself in this situation, it could lead to security breaches, lowered employee morale, and downtime that will lead to a loss of efficiency. If the problem started because there wasn’t a single person taking charge, it would be a lot more difficult to resolve these issues.

A Streamlined Solution

The best way to get your office on track is to make a formal decision as to who handles IT across the board. While you may want input from the various departments, a single, qualified person should be pulling the lever on these decisions.

Since medical facilities tend to be such busy places, many have chosen to go with an outside vendor to provide these IT services, such as us. From our experience, when having a single person or group meet with us to address the needs and current status of the office, we’re able to quickly work out a solution. Not only are we able to make sure that the needs of everyone in the office are met without all the hassle usually needed to maintain such a system, but that system ends up being well within their budget.

If you find yourself being the person responsible for making these decisions, contact us to see how we can be of service. You’ll be amazed by the positive atmosphere you can create with just a few changes to your IT. But don’t worry — we’ll let you take all the credit!

Telemedicine, TeleMed, & TeleHealth

The current state of business is morphing into something we haven’t seen before. New ideas and procedures are being created every day to keep businesses running and to address these new challenges.

A recent modern convenience is telemedicine. While it’s been around in a limited form for a while, current circumstances have given it a major boost in both interest and development. In this blog, we’ll take a look at how telemedicine works as well as the challenges it can bring to medical practices hoping to take advantage of this new frontier in medicine.

As a Managed Service Provider, we have seen that the current pandemic and quarantine have not only forced a lot of employees to work remotely, it has caused many businesses to meet with people remotely. We have been assisting all types of businesses turn this emergency situation into a better way of doing business.

A House Call Anywhere in the World

While it’s almost always best to see a physician in person, there are a large number of common conditions that generally can be diagnosed remotely. No, we’re not talking about an online symptom checker, but an actual living, breathing doctor who will see the patient via a video call.

These sorts of services would allow the physician to talk directly to the patient, and would then explain how they feel. If the symptoms don’t appear to be anything needing additional testing, the doctor could then make a diagnosis and begin a treatment plan, which might include sending prescriptions to a local pharmacy to be picked up by the patient. If the patient requires additional testing, a referral can be made.

Examples of conditions that are easily diagnosed via telemedicine include:

  • Headaches/Migraines
  • Earaches
  • Heartburn/GERD
  • Back Pain
  • Anxiety and some other mental conditions
  • Minor infections such as urinary tract infections (UTIs) and sinus infections
  • Cold/Flu
  • Low-risk urgent care
  • Screening for needed tests

Benefits of Telemedicine

One of the biggest benefits of remote doctor visits is that the patient can get better without getting worse. Hospitals and doctors’ offices are, by their very nature, full of sick people. The more often we go to these places, the more likely we are to catch something, compared to staying at home, that is. Telemedicine is the definition of social distancing.

This particular benefit has become huge this year since many people hope to stay far away from groups of sick people due to fears of COVID-19 — and for a good reason! Not only is this true for patients, but for the people who work the offices, including the physicians. A recent article in The Guardian stated that around 20% of all COVID-19 patients got infected while in a hospital. With many people considering it unsafe to go into the office, it makes sense that they would much rather telecommute to talk to a doctor for the sniffles.

Additionally, everyone involved saves money. For the patient, they don’t have to worry about transportation or taking time off work. The physician doesn’t have to worry about having a large medical space with a large staff, which may result in them charging less for their services to the patient or insurance company. If the insurance company is charged less, they can (hopefully) keep their premiums at reasonable levels. It works out best in everyone’s favor.

Challenges of Telemedicine

Even though telemedicine tends to work out so well for everyone involved, it doesn’t mean the technology and processes needed to set up and maintain this service are automatic. For instance, not everyone owns a computer, especially for older or lower-income patients. Even for those who do have access to a computer, internet access can still be a challenge since telemedicine requires a highspeed internet connection in order to have stable communication.

Beyond the patient’s end, physician’s needs quite a bit of technology to make sure everything runs smoothly. Some might think this would just involve a doctor hopping on Skype or Zoom and having a chat with their patients. However, there are many factors to take into consideration. For example, will this be taking place in a medical office or home office? Will multiple physicians be working together at the same time or just one?

Will this be something done for a few hours every week or will you be routinely communicating with your patients remotely? Do you need to share your screen to show test results or x-rays? How are you ensuring that HIPPA standards are being met?

Depending on how you answer these and other important questions, your hardware and software needs will be drastically different.

The Way to Success

Thankfully, if you’re planning on starting or improving a telemedicine operation, you won’t be the first. What most physicians have found is that it’s best to leave the technical aspect to the experts so they can focus on what’s most important: their patients.

One of the best ways to do this is to contact us right from the beginning. By doing this, there’s no guesswork as to what hardware and software are needed, plus any maintenance and upgrades are routinely cared for. Even the scary parts, like HIPPA compliance, are taken care of so your patients’ privacy is secure and you can sleep well at night.

If you currently have a telemedicine operation or are considering starting one, be sure to contact us sooner rather than later. We will go over your needs as well as give you multiple options to make sure the solution you choose is best for you. By bringing us in to do our job, we’ll give you lots of time for you to focus on your job. And right now, the world really needs you.