Several months ago I heard the exciting news that a doctor invented an iPad app to replicate an electrocardiogram at a fraction of the cost of its being done in a doctor's office. I'm trying to understand why the use of this hasn't accelerated. Doctors' offices are often busy. Insurance companies are always trying to control costs. And, of course, this could help prevent heart attacks and strokes. So what gives?
I can't answer that part, but I can remind health care providers and insurance companies of one thing: security on mobile devices must not be overlooked. This app is an awesome idea. Someone holds the iPhone in his hands and it can replicate the measurements of an ECG and send it to the doctor. But that also means tracing the patient's name, address, date of birth and electronic medical records, which often have the Social Security number as well. No pun intended, but you don't want a patient to have a heart attack because he found out that his identity was stolen while doing an anywhere ECG via an app!
I am completely apolitical, so I have not done much hand wringing about the government shutdown. However, I just read that the furloughs at the Veterans Affairs Department means stopping software development.
That sounds sort of harmless, but what is under the radar here is that the processing of veterans' claims will be affected. And then what? The VA Office of Information and Technology sent 2,754 employees home. That's the size of an impressive corporation.
During the many years I've been working, I've experienced several layoffs. Once it was because the financial meltdown five years ago caused a company I worked for to lay off 20 percent of its personnel six months later. At other times, the contracts I had expired and the end client wanted someone cheaper. At many companies, the thinking is flawed. You need all hands on deck in certain departments. You need toll collectors, even though many drivers have transponders. It's like the Emergency Department of a hospital. You need doctors and nurses, a phlebotomist to draw blood, a technician to perform CT scans and MRIs, and a radiologist to read the results -- 24/7. Just because the CEO may not be prone to getting kidney stones doesn't mean that others may not suffer attacks and need medical care urgently.
Trying to save money by cutting personnel, either with furloughs or permanently, is a temporary stop gap measure. It's like taking out an uninfected appendix in order to lose a few ounces. The decision makers at the top need to see in the future and realize that there may be consequences down the road. You don't need a crystal ball for that. You can be sure that the VA is going to have a huge backlog because a few politicians can't decide on the budget.
Hey, you, on Photoshop! Yes, you. I know you bought Photoshop Elements to enhance photos of your kids. Or maybe you bought Adobe InDesign in order to create your own marketing materials. Or you want the full-blown version of Adobe Acrobat because the free reader isn't enough for your needs.
Better check your credit card statements. Brad Arkin, Adobe's chief security officer, admitted in a blog post that hackers removed company data. Adobe has been shifting to the business model of pay as you go. Instead of buying the software in disk form, customers will be forced into leasing it and constantly updating it.
My wife and I don't upgrade with every version of any software we use for personal use because the changes are usually minor and the cost is unnecessary. So when Adobe started this shift, my security antenna went up. We use one-time credit card numbers for our online purchases. If we had an open number on file, the hackers who tapped into Adobe would have our credit cards numbers, even though the data was encrypted. Adobe claims that they don't believe that any decrypted numbers were taken, but I wouldn't count on that. By the way, 2.9 million Adobe customers are at risk. The hackers have their credit or debit card numbers, expiration dates and even information pertaining to their orders.
And I hate to break it to you, but all your fancy artwork isn't nearly as creative as some hackers.
A report from Frost and Sullivan called U.S. Patient Portal Market for Hospitals and Physicians: Overview and Outlook, 2012-2017 predicts that patient portal use will increase by 221.1 percent. (For those who like dollar signs, that's an expected growth to $898.4 million in 2017.)
I tend to request my medical records on CD, but my wife uses patient portals extensively. They're terrific. She prints out the vaccination records for the kids to give to the school nurses. She can verify the dosage of medication the kids may have if they get sick. She can check appointments.
So what's the problem? There isn't any as long as the system she uses is secure. Her physician's practice requires every patient to pay for their patient portal. (Mine doesn't, so it is not a requirement for patients to pay a fee for it.) He told her that the practice has to pay extra insurance costs to prevent hacking.
That's the concern I always have. The patient portal she uses does not have our home address or Social Security numbers, but just the name and date of birth are two critical pieces of information need for identity theft. The rest is not hard to find. My wife found her late father's Social Security number on a government website. Is it any wonder that identity theft is an ongoing concern?
www.healthcareIT.frost.com
EMC Voice just posted a report that experienced IT security people like me know: antivirus software is not enough to prevent advanced persistent threats.
“The attackers today are creating malware faster than the anti-malware software vendors can produce anti-malware definitions,” said Leonard Jacobs, president/CEO of security company Netsecuris Inc."
But, wait, there's more. Most of this pertains to antivirus software that every personal computer should have running consistently. This is just Mickey Mouse stuff compared to what can happen to corporate networks, especially when people aren't tethered to their desks. Give them a company mobile device such as a smartphone or tablet and the potential for hacking into accounts is exponentially larger. Not marginally. Exponentially.
Throughout my career, I have had several methods of preventing security breeches that go beyond installing sniffers for viruses, worms, Trojan horses and other malware. I've installed firewalls, IPS, IDS and SEIM products to guard against attacks.. I've done penetration testing on a regular basis for vulnerabilities and confirm that systems are up to date with the latest patches. I've put together plans for remediation procedures to resolve vulnerabilities. I've designed disaster recovery plans. Corporations cannot afford to be asleep at the wheel. Hackers need no sleep. They're built for destruction.
Read more at http://www.forbes.com/sites/emc/2013/09/23/why-antivirus-software-isnt-enough-to-fend-off-attacks/?utm_campaign=techtwittersf&utm_source=twitter&utm_medium=social
One of my earliest blog posts was called "Cloudy Skies." In it, I expressed my concern about security on the cloud. The cloud does, indeed, have its advantages. My wife and I back up our iPhones on the iCloud and we're happy that we will never have to enter our contacts into new phones. Small companies can save money by storing data on the cloud.
But there could be problems with large companies and governments when it comes to using the cloud. One of them is the fact that there is a limited number of massive scale cloud service providers including Microsoft, Amazon and Google. CFO.com reported that, "The barriers to entry are formidable; only the best-capitalized vendors need apply."
At the risk of sounding paranoid, hack one of these companies, and the implications are huge. All those credit card numbers on file at Amazon come to mind. Someone brought up the unlikely possibility that several could be breached at the same time. How much insurance for errors and omissions should these companies and their consultants be carrying?
It is virtually impossible to extrapolate the amount of damage that can occur. But here's another thing to think about when it comes to risk: problems in and tensions between India and Pakistan. India's promise as a super center isn't as bright. And if Pakistan were to strike India and data centers were casualties, it would be a catastrophe.
The bottom line is that IT security is more important than ever before. There is no room for gaps. Consultants are not as reliable as loyal employees.
Patients in 48 states are vulnerable, not to disease, but to their information getting into the wrong hands. An article in The Tennessean newspaper reported that a medical transcription contractor left a firewall down between May 5 and June 24.
That's a long time for to discover this. M2ComSys of India was hired by Cogent Healthcare to transcribe the notes dictated by physicians. As part of the contract, it was supposed to store the patient information, which was supposedly protected, on a secure website, but the firewall was down. Who is responsible? It's not just the contractor, in my opinion, but Cogent is also at fault. This HIPAA breach is the second one for Cogent, and it's not something to be pooh-poohed. The data includes patients' names, birth dates, medical record numbers, medical history, diagnosis and treatment. Usually, medical records at practices include patients' addresses and Social Security numbers, as well, completing the information that hackers need to steal people's identity.
There was a case study done by HealthCareInfoSecurity, which outline efforts of CaroMont Health of North Carolina to track down all its contracts. That could be a few or it could be a lot of people. But here's the scary thing: experts in the security field say that there is an increase in the number of health data breaches and that are not accidental. Moreover, hospitals and practices don't take action until after a breach occurs.
Many contractors are required to take out Errors and Omissions insurance in case something happens on their tour of duty at a company that hires them as contract workers. But when it comes to identity theft, the error can't be remedied by an insurance payment. Identity theft is the only crime in which the victim has to prove that he or she did not commit the crime, e.g., buying thousands of dollars worth of jewelry or electronics on a credit card.
A poll by the Ponemon Institute reported that 94 percent of 80 participating health care organizations had at least one security breach in the past two years. Those breaches cost them a total of $6.78 billion annually. Collectively, those organizations could have paid for new firewalls, new penetration testing, oh, and enough staff, and still have a lot of money left over -- and no egg on their faces.
I have to admit that I didn't watch the Superbowl last night. Hey, I've got two young kids, and I'd rather spend time with them. But I heard about the power outage that came about during Beyonce's number.
Apparently, Twitter is all aflutter with comments about how her hair dryer blew out the power during the Superbowl. (Actually, this happened when I was on my honeymoon and my wife blow dried her hair!)
But I digress. Several years ago I applied for a job with the National Basketball Association. It would have been a bear of a commute had I gotten a job offer. Nevertheless, I was very much interested in the job because it involved an aspect of redundancy I never thought of before: broadcasting. It's bad enough to have a lack of continuity during a game, but it could be an unmitigated disaster if it happens while trading.
So, redundancy is good. Super redundancy is even better.
There is an article in The New York Times about five people who are past 50 and surviving the recession. I am one of those five people.
Here is the link:
http://www.nytimes.com/2013/01/13/business/how-5-older-workers-saw-a-chance-to-remake-their-careers.html?ref=business
This is not the first time I've been interviewed about employment. Several years ago a reporter from the Connecticut Jewish Ledger interviewed me when I was laid off from Gartner. Always networking, I mentioned my plight to my rabbi, who then sent out an email blast to the congregation to try to get some job leads.
I am still believe in networking. I have joined several networking groups and try to stay in touch with people when I can't go to those meetings for months at a time. Some people think that networking meetings are just pity parties or support groups. Sure, you go to them and realize that you are not alone and that there is nothing wrong with you. You did not lose your job because of a performance issue. You lost it because of budget cuts or takeovers or, often, bad management.
Here are some of the things I learned from networking:
1) You meet people who worked at a company where you wish to work. You can find out more about the corporate culture and maybe even get the contact manager of someone who is in a position to hire you.
2) Many networking groups have a session on elevator pitches. Most people feel uncomfortable doing them, but it's one of the skills you need to have.
3) When the facilitator left the group because he or she got a paying job, it's a good idea to volunteer to run a meeting or two. Most people shy away from this. It was one of the best things I ever did because it helped me improve my public speaking, presentation and leadership skills. Sure enough, the next time I had a group interview, I didn't feel intimidated.
4) Your network can't be too large. Invite everyone you meet to join your professional network on LinkedIn. I once heard that someone who applied for a job that required community outreach got the job over her competitors because she had a 180 people in her LinkedIn network. That number is low actually. It should definitely be 500 plus. But it's not just about collecting people. You can easily share job leads in your updates. When you get an interview with someone, you can often find his profile on LinkedIn. When you go into the interview, you don't go in "cold" because you have an idea about his background. If he went to an Ivy League college and you didn't, you know the chances are not in your favor. If he went to the same college your cousin did, you have an icebreaker.
5) You can find someone who can help you upgrade your skills, from Microsoft Office to using social media.
I
used to go to a networking meeting where I would meet a man who was
unemployed and convinced that no one would want to date him until he got
a job. My advice to him was not to put his life on hold. Good things can
happen. Not long after I was laid off from Gartner, I got married. The Times article has a picture of me with my younger son. Good things and bad things can happen. I just go with the flow.
How did I get to be interviewed for the article in The New York Times? Networking. Caitlin Kelly, who is in wife's LinkedIn network, sent out a request for leads on people who are over 50 and surviving the recession. My wife responded and told the reporter about me.
Want more ideas about networking? Read Harvey Mackay's book, Dig Your Well Before You're Thirsty.
