Health Technology, Digital Healthcare
Article | July 14, 2023
The healthcare industry has become a prime target for cybercriminals in recent times.
According to The State of Ransomware in Healthcare 2023 report from Sophos, six in 10 healthcare organizations have been hit by ransomware in the last 12 months, up from 34% in 2021.
Among this uptick have been several headline-grabbing attacks. For example, Shields Health Care Group became the subject of the single-largest breach affecting any organization globally in April 2023, when 2.3 million patients of the Massachusetts-based medical services provider had their personal data stolen after a cybercriminal gained unauthorized access to the organization’s systems.
Meanwhile, in the UK, a ransomware attack on the University of Manchester occurred in June, affecting an NHS patient data set holding information on 1.1 million patients across 200 hospitals.
Critically, the wealth of data housed in healthcare networks, and the potential impact of data unavailability in healthcare, make the industry both attractive and lucrative to threat actors.
It’s no coincidence that the Sophos report shows the rate of encryption in the healthcare sector is at its highest level in recent years. Of those healthcare organizations which suffered a ransomware attack in 2023, 73% had their data encrypted – up from 61% in 2022. When cybercriminals can successfully take down hospital systems and/or encrypt patient data so it can’t be used, they can blackmail health service providers, demanding significant sums before reinstating systems and/or data availability.
Considering healthcare's critical role as the highest-stake industry in our society, where people's lives depend on its success, the likelihood of attackers achieving their goals is greater than in other sectors, as confirmed by the Sophos report. Indeed, of the 73% of healthcare organizations that had their data encrypted, 42% reported that they paid the requested ransom to recover data.
DSPT and the compliance burden
Without question, the security-related challenges in healthcare are mounting. Right now, industry organizations are operating against a backdrop of unprecedented operational and workforce pressures, spiralling demand for care and industrial action.
Moreover, there is a growing regulatory burden, with organizations continually asked to comply with evolving cybersecurity rules, battling with multiple compliance mandates at any given time.
Take the NHS as an example. According to the 2023 NHS Providers’ Regulation Survey, just over half (52%) of respondents said the regulatory burden on their trust had increased. And this is expected to ramp up further in the future, with the UK government setting out a new 2030 strategy aimed at bolstering cyber resilience in healthcare.
Among the compliance burdens that the NHS faces is the challenge of meeting the requirements of the newly updated Data Security and Protection Toolkit (DSPT).
Mandated to minimize cyber risks and enable healthcare providers to maintain a robust information security posture, the DSPT is not a simple checklist of security controls, but a comprehensive toolkit to evaluate current security maturity and establish a risk management programme.
Indeed, in more recent times, DSPT has moved away from being a guide for achieving certain levels of assurance, and toward a mandatory evidence-based system which demands NHS organizations align with 10 precise National Data Guardian (NDG) standards: 1. The organization assures good management and maintenance of identity and access control for its networks and information systems. 2. The organization closely manages privileged user access to networks and information systems supporting essential services. 3. The organization ensures passwords are suitable for the information being protected. 4. Process reviews are held at least once a year where data security is put at risk and following security incidents. 5. Action is taken to address problems as a result of feedback at meetings. 6. All user devices are subject to anti-virus protections, while email services benefit from spam filtering and protection deployed at the corporate gateway. 7. Action is taken on known vulnerabilities based on advice from NHS Digital, and lessons are learned from previous incidents and near misses. 8. The organization has a defined, planned and communicated response to data security incidents impacting sensitive information or key operational services. 9. The organization has demonstrable confidence in the effectiveness of the security of technology, people, and processes relevant to essential services. 10. The organization securely configures the network and information systems that support the delivery of essential services.
Reducing Compliance Challenges with the Right Solutions
Taken individually, these standards may not seem too strenuous to adhere to. However, to be compliant with DSPT, all 10 items need to be completed and deemed ‘satisfactory’.
To tick all 10 key boxes in the most effective and efficient manner simultaneously, organizations should consider their strategy carefully. This could involve embracing supportive tools to accelerate and enhance their compliance journey.
Boiled down, DSPT demands several key things, including unincumbered visibility of the entire ecosystem, as well as the ability to demonstrate secure access, logs and storage, and essential auditing processes to maintain data security.
Achieving these things might appear complicated, even daunting. However, there are solutions known as Security Information and Event Management (SIEM) systems on the market that can make achieving these capabilities, and in turn DSPT compliance, easy.
Here, we outline some of the key features to look out for to meet compliance: • Log retention: A modern SIEM should be able to provide a centralized log storage and big data platform that scales to any organization’s size. Platforms should be able to provide role-based access to log data, including ‘data privacy’ functionality that can mask sensitive data until approved. Log data should not be modified or removed by users once ingested into the platform, while all data held should also be indexed and fully searchable. • Identifying and disabling unnecessary accounts: A good SIEM will also provide account auditing facilities for Active Directory that allow administrators to quickly identify dormant accounts. They should also be able to remove privileged user access when no longer required or appropriate. More sophisticated platforms will be able to do this in an automated manner. • Easy identification of issues: Clear and easily readable dashboards, alerts and reports for user logging activity should be provided, including failed login, apparent brute-force attempts, and bad password management practices. Further, those using machine learning will be able to identify unusual behavior patterns based on a baseline of activities of users and their peer group. • Integrate with third-party threat feeds: It will also be able to integrate with a wide variety of third-party threat feeds that provide information about specific known threat payloads/hashes and destination domains/addresses.
Meeting the mandate
Of course, having the right features in place is only part of the puzzle. For organizations to be truly successful in embracing tools that enable them to meet DSPT compliance more effectively, they should work to ensure that solutions providers offer them ongoing support – both in terms of ease of deployment and to ensure that they are using key systems in an optimal manner.
Scalability is another important aspect to consider.
Systems should be able to scale and continue to support the organization as data volumes increase and become more complex over time.
In respect of scalability, organizations should take time to think about pricing models, ensuring that these are based on the number of devices (nodes). In doing so, it will become easier to accurately budget future costs, as well as provide greater budgeting certainty over the short, medium and longer term.
A converged SIEM allows organizations to prioritize the big picture over individual tools, enabling them to develop a seamless and easy to use security operations setup. Not only does this approach boost cost transparency and eliminate potential complexities with managing a variety of siloed products – equally, it reduces the burdens on security teams, eliminating complexities over system integration and enhancing performance.
A converged SIEM combines key technologies easily to offer improved security outcomes. In doing so, organizations can easily home in on specific standards and adopt security best practices while reducing the burden on security teams tasked with meeting DSPT compliance.
Read More
Health Technology, Digital Healthcare
Article | August 21, 2023
Everybody deals with stress and anxiety, however the key is to know what to do when you’re stressed out. It is not always easy to keep your feelings from getting the best of you.
With this in mind, here are seven tips that a person can use to help manage their daily stresses and anxieties before they get out of control.
1. Get all of the facts of the situation: Gathering the facts of a certain event can prevent us from relying on exaggerated and fearful assumptions. By focusing on the facts, a person can rely on what is reality and what is not. Most importantly, do not focus on your fearful thoughts when you’re stressed out.
2. Take a break: Sometimes, we get stressed out when everything happens all at once. When this happens, a person should take a deep breath and try to find something to do for a few minutes to get their mind off of the problem. A person could take a walk, listen to some music, read the newspaper, or do an activity that will give them a fresh perspective on things.
3. Carry a small notebook of positive statements with you: Another technique that is very helpful in managing fear is to have a small notebook of positive statements that makes you feel good. Whenever you come across an affirmation that relaxes you, write it down in a small notebook that you can carry around with you in your pocket. Whenever you feel depressed, open up your small notebook and read those statements.
4. You can’t predict the future: While the consequences of a particular fear may seem real, there are usually other factors that cannot be anticipated and can affect the results of any situation. We may be ninety-nine percent correct in predicting the future, but all it takes is for that one percent to make a world of difference.
5. Challenge your negative thinking with positive statements and realistic thinking: When encountering thoughts that make you fearful or depressed, challenge those thoughts by asking yourself questions that will maintain objectivity and common sense. Focus on the reality of your situation and not on your thoughts. Your fearful thoughts can make things worse so try to focus on something positive when you get anxious.
6. Divide your activities into separate steps: When facing a current or upcoming task that overwhelms you with a lot of anxiety, divide the task into a series of smaller steps and then complete each of the smaller tasks one step at a time. Completing these smaller activities will make the stress more manageable and increases your chances of success.
7. Take advantage of the help that is available around you: There are many individuals who have been expertly trained in the field of psychology to help you find ways to manage fear and anxiety. Seek out someone whom you trust to provide sound advice and guidance. This same professional can also help you create an action plan for dealing with your fears and anxieties in the future.
Read More
Health Technology, Digital Healthcare
Article | September 7, 2023
Workers in the healthcare industry are among the most burned out demographics following the COVID-19 pandemic. In fact, a report by Medscape on physician burnout and depression in 2022 calculated a five-percentage point increase in burnout overall, from 42% in 2020 to 47% in 2021. Critical care physician burnout was also found to increase from 44% to 51% last year, placing them at the top of Maryville University’s list of physician specialties with the highest cases of burnout. This is closely followed by rheumatology physician burnout, which was 50% in 2021. At the bottom of the list, emergency medicine physician burnout still came in close at a rate of 44%.
Burnout can result in, among other things, exhaustion and a loss of concentration, which can be dangerous in healthcare. With that, advancements in technology have been made to help mitigate stress and reduce the chances of burnout in healthcare.
Maximum Tasks, Minimum Efficiency
Reports show that many technological advancements in the healthcare industry actually aren’t appropriate for managing physician workloads. This is due to the range of tasks physicians need to perform, from creating treatment plans to managing EHRs. Our previous discussion on EHR-Generated Messages highlighted how the misapplication of this algorithm had actually led to these inboxes getting clogged. This has primary care physicians spending more than half their workday interacting with EHRs that only remind physicians to order certain tests, instead of dealing with critical messages from patients or colleagues. This has been counterproductive in terms of efficiency, leading to more burnout symptoms and the tendency to reduce clinical work hours. It is therefore important that technology integrations consistently consider the broader picture of the tasks of physicians.
Tech Developments for Reducing Burnout
Shifts in the industry have thus begun to focus on the quality of efficiency and physician assistance, rather than the quantity of technology available. Here are some notable examples of technology that has become finely integrated within the healthcare industry.
Ambient Technology in Clinical Documentation
Ambient computing streamlines the clinical documentation process by using artificial intelligence to respond to human behavior and needs. This provides front-end speech and computer-assisted documentation, reducing the time needed for physicians to work on admin tasks, and thereby minimizing burnout. Smart hospitals have started leveraging this through sensor-based solutions, and experts from Michigan University believe usage must be made easier and simpler to use for the provider if the healthcare industry is to further leverage ambient computing for CDI. As of 2021, adoption has only started to take off, especially in the revenue cycle.
Computer Modeling in Vaccine Development
The traditional process of designing novel vaccines usually lasts 10 to 15 years and can cost between $200 million and $500 million. However, a feature by News Medical highlights the recent development of COVID-19 vaccines, which uncovered the capabilities of computational modeling systems. This showed an ability to predict which parts of a pathogen may be recognized by the immune system’s B cells and T cells. This allows rapid identification of vaccine targets from a genetic sequence, which reduces the years required for preclinical research. Physicians are thus able to respond faster to vaccine developments, and reduce the overload of health systems during any future pandemics or epidemics in the long term.
Patient Placement Technology
The shortage of physicians is a common setback in the industry, one that staff at the Rice County District Hospital in Lyons, Kansas mitigated using patient placement technology. Patient placement technology coordinated care for patients inside the 25-bed, level 4 hospital, as well as those needing to be transferred to another facility. By integrating local EMS and other transport services with health systems, manual telephone calls were no longer necessary. Hence, physicians were able to quickly and effectively get patients the care they needed while managing time-critical diagnoses. This maximizes the limited resources available without stretching out the workforce. Physicians are able to focus solely on their patients, knowing that the time-consuming logistics are being efficiently handled by technology. The industry needs to continue to look into the practices of reducing burnout among physicians, more so as we continue to recover from the effects of the COVID-19 pandemic. By emphasizing physician wellness and efficient technology, we can continue to assure the health and productivity of healthcare workers into the future.
Read More
Healthtech Security, Healthcare Analytics
Article | April 3, 2023
It’s no secret that the working world has changed these past few years, but employees have also undergone a lot of personal transformation due to these shifts. Struggles with health, home life, or personal issues can make it hard for them to work. Burnout is increasing worldwide, with 40% of desk-job workers feeling mentally distanced from work, depleted of energy, and increased negativity. Younger workers are already becoming drained by work life, which could spell trouble for future generations of employees.
Despite these challenges, the workplace is the best place to help staff improve their wellness, especially since they spend most of their time working or in the office. Wellness programs can be implemented to help employees feel rejuvenated and respected, which will boost their performance at work. Here are some examples of programs your workers might enjoy
Weight Management Programs
The idea of a weight management program at work may seem like something employees could be offended by, but it can help workers build healthy habits and assess their lifestyle to help them achieve better health. Employees can learn to manage their diet better, leading to weight loss and a lowered risk of certain health conditions.
These programs can also identify the need for medical weight loss strategies. For employees struggling with pre-obesity—a complex disease influenced by several factors often out of an individual’s control—personalized lifestyle changes and FDA-approved medications can be recommended. With chronic weight issues, doctors can prescribe medications that can help produce an average of 15% weight loss, especially when individual biology makes doing so harder. Employees can look for the help they need for wellness and weight loss, which can help them feel cared for by the company. When workers are at their peak physically, they can enjoy a healthier lifestyle and will be more efficient at work.
Quit Smoking Programs
Smoking is usually a means for employees to reduce stress, but it can greatly impact their personal and professional lives. Smokers tend to be more absent or disengaged at work than non-smokers. Presenteeism at work is also associated with heavy smoking. Employees coming to work despite health issues can lead to subpar performances. This can cost workplaces a lot of money in lost productivity, and workers will also suffer from health consequences.
Smoking cessation programs can help employees reduce their tobacco consumption and quit smoking for better health and productivity. These programs can include counseling, suggesting smoking cessation products or nicotine replacement therapy, or other initiatives tailored to individuals. Your staff may need more motivation when trying to quit, so having more support and a community to confide in can help.
Mental Health Programs
Mental health in the workplace was largely ignored for many years, as many saw it as a personal issue. However, work can contribute significantly to employees’ mental health problems or exacerbate mental illnesses like anxiety and depression. Improving these conditions is vital to improving many aspects of life for employees. Workers will better enjoy work and perform well when they know they’re being supported. Mental health is also paramount to sustainable development and plays a significant role in transforming the world as a whole. Treating and monitoring mental wellness should be prioritized at work and beyond.
Though companies may not have the means to properly diagnose or treat workers’ mental illnesses, mental health programs can help give employees and managers the education and resources to help improve mental wellness. Education and training on mental health can aid people in spotting issues and having them addressed or equip people with the ability to provide proper support or encouragement. These programs can also help the business take the initiative and offer other resources to improve mental health. That can be through mental health sick leaves, adding napping or gaming areas to the office, or offering mental health apps or counseling in benefits packages. When your staff is appreciated and taken care of, it’ll improve their overall well-being and life at work and home.
Read More