Free EHR, EHR and Healthcare IT Newsletter Want to receive the latest updates on EHR, EMR and Healthcare IT news sent straight to your email? Get all the latest EHR News for FREE!

Bayshore Networks(R) Closes Oversubscribed Venture Funding

Final Investment from Benhamou Global Ventures Completes Series A for Leader in Industrial Cyber Protection

BETHESDA, MD–(Marketwired – March 20, 2017) – Bayshore Networks, the leading provider of cyber protection for industrial infrastructure, today announced the closing of its Series A venture capital investment. With a final investment from Benhamou Global Ventures (BGV), the round was oversubscribed at more than $11M, bringing total investment in the company to $15M. Bayshore will use the investment to aggressively grow go-to-market channels, and further develop its industry leading industrial cyber protection platform.

“The market for Bayshore’s industrial cyber protection solutions is expanding quickly,” said Mike Dager, CEO of Bayshore Networks. “Industrial cyber protection is now a key strategic initiative for large enterprises, utilities, and governments alike. We’re experiencing rapid growth because unlike passive visualization and reporting packages, Bayshore’s comprehensive industrial cyber protection platform stops industrial cyber threats before they start.”

“We are impressed with Bayshore’s experienced management team and differentiated technology,” said Anik Bose, General Partner at BGV, who has joined Bayshore’s Board of Directors following the investment. “There is a compelling global need for industrial cyber protection solutions, and we believe Bayshore is well positioned in this burgeoning market.”

“Bayshore’s innovation in the emerging Industrial IoT cyber protection market is well recognized. We led Bayshore’s Series A in support of their pioneering technology in a critical market that is largely untapped to date,” said Alberto Yépez, managing director of Trident Capital Cybersecurity. “We are happy to have BGV join us in supporting the company’s growth.”

About Bayshore Networks, Inc.

Bayshore Networks® is the leading provider of industrial cyber protection. The Company’s award-winning technology unlocks the power of the Industrial Internet of Things (IIoT), providing enterprises with unprecedented visibility into their Operational Technology infrastructure while safely and securely protecting ICS systems, industrial applications, networks, machines, and workers from cyber threats. Bayshore’s strategic partners include among others Arista, AT&T, BAE, Cisco, Dell, SAP, VMware, and Yokogawa. Bayshore is a privately held company headquartered in Washington, DC and backed by Trident Capital Cybersecurity, Yokogawa, Samsung Next, and BGV Capital. For more information, visit www.BayshoreNetworks.com

About Benhamou Global Ventures

BGV, is an early-stage venture capital firm with deep Silicon Valley roots, with an exclusive focus on enterprise information technology opportunities in global markets. BGV currently has 17 active companies in its portfolio. The BGV team has successfully built and implemented a cross-border venture investing model with companies from Israel, Europe and Asia. The fund was founded by Eric Benhamou, former chairman and CEO of 3Com, Palm and co-founder of Bridge Communications. Comprised of an experienced partnership team of global operating executives and investors, BGV is often the first and most active institutional investor in a company and has a powerful network of technical advisors, executives and functional experts who actively engage with its portfolio companies. The company has offices in Palo Alto, California and Tel Aviv, Israel.

About Trident Capital Cybersecurity

Trident Capital Cybersecurity (TCC) is a $300 million fund that invests primarily in early stage and select growth equity companies. The firm is well positioned as the venture capital firm with the best connections in cybersecurity. Its 47-person Cybersecurity Industry Advisory Council, including industry CEOs, customers and former top-level government leaders is commended for its insights, connections and go-to-market support for TCC’s portfolio companies. TCC’s current portfolio companies include 4iQ, Appthority, Bayshore Networks, ID Experts and IronNet Cybersecurity. Managing Directors Alberto Yépez, Sean Cunningham and Don Dixon jointly lead the investment team and together have made 30 cybersecurity investments during a nearly 20 year period of investing at Trident and Intel Capital. For more information, visit www.tridentcybersecurity.com.

March 20, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

HHS awards funding to help protect health sector against cyber threats

The U.S. Department of Health and Human Services (HHS) has awarded cooperative agreements totaling $350,000 to strengthen the ability of health care and public health sector partners to respond to cybersecurity threats. The agreements will foster the development of a more vibrant cyber information sharing ecosystem within health care and public health sector.

HHS’ Office of the National Coordinator for Health Information Technology (ONC) awarded acooperative agreement to the National Health Information Sharing and Analysis Center (NH-ISAC) of Ormond Beach, Florida, to provide cybersecurity information and education on cyber threats to healthcare sector stakeholders. HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) awarded a cooperative agreement to NH-ISAC to help build the infrastructure necessary to disseminate cyber threat information securely to healthcare partners.

“These agreements mark a critical first step toward addressing the growing threat cybersecurity poses to the health care and public health sector,” said Dr. Nicole Lurie, HHS’ assistant secretary for preparedness and response. “Creating a more robust exchange about cybersecurity threats will help the industry prevent, detect and respond to these threats and better protect patients’ privacy and personally identifiable information.”

“The security of electronic health information is foundational to our increasingly digitized health system,” said Dr. Vindell Washington, national coordinator for health information technology. “This funding will help healthcare organizations of all sizes more easily and effectively share information about cyber threats and responses in order to protect their data and the health of their patients.”

Security breaches and ransomware attacks on the public healthcare system have been on the rise in recent years, as has the average cost associated with these attacks. Today, the cost of cybersecurity breaches averages $3.8 million per attack, according to a recent study. While some healthcare entities have adequate resources to contract with information sharing analysis organizations that could to inform them about cyber incidents, smaller healthcare entities often do not.

Through a streamlined cyber threat information sharing process, HHS will be able to send cyber threat information to a single entity, which then will share that information widely to support the full range of stakeholders. This approach helps ensure that smaller health care providers have the information they need to take appropriate action.

The agreements also will help build the capacity of NH-ISAC to receive cyber threat information from member healthcare entities. Information about any system breaches and ransomware attacks will be relayed through a more robust cyber information sharing environment, as will information about steps healthcare entities should take to protect their health information technology systems.

ASPR leads HHS in preparing the nation to respond to and recover from adverse health effects of emergencies, supporting communities’ ability to withstand adversity, strengthening health and response systems, and enhancing national health security.  To learn more about ASPR, visit the HHS public health and medical emergency website, phe.gov.

ONC is the principal federal entity charged with coordination of nationwide efforts to implement and use the most advanced health information technology and the electronic exchange of health information. To learn more about ONC, visit HealthIT.gov.

HHS is the principal federal agency for protecting the health of all Americans and providing essential human services, especially for those who are least able to help themselves.

October 4, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Logicalis US to CIOs: Don’t be Held Hostage by Ransomware

Solution Provider IDs Five Proactive Steps CIOs Can Take Now

NEW YORK, September 12, 2016 – Ransomware, which holds business data hostage until a fee is paid, has taken a sharp upturn this year. In fact, a recent industry study found that nearly half of all U.S. businesses have experienced at least one ransomware attack in the past year alone. While organizations wrestle with the ever-pressing issue of whether to pay or not to pay if they’re victimized, Logicalis US, an international IT solutions and managed services provider (www.us.logicalis.com), suggests CXOs focus first on how to protect, thwart and recover from a potential attack before developing a pay or don’t-pay policy.

“Ransomware has become one of the most sophisticated criminal enterprises the world has ever seen,” says Ron Temske, Vice President, Security Solutions, Logicalis US. “As anyone in the business of cybersecurity knows, we’ve long battled those who simply wanted to create chaos and disruption. We’ve seen nation states attack both military and civilian targets and ‘hacktivists’ who act for various social causes.  But ransomware is different in one key way: It’s all about the money.  Ransomware is a business, complete with sophisticated cybercrime-as-a-service offerings and world-class customer support to ensure its victims’ files are returned expeditiously once the ransom is paid. It’s a service business approaching $1 billion in annual revenue, something that would be heralded as an accomplishment if it weren’t based on such nefarious principles. The business of ransomware has even spawned a network of affiliates that provide redirection of an exploit kit for a cut of the profits.”

Five Ways to Respond to the Threat from Ransomware

To be ready for an attack before it happens, to detect and stop it while it’s happening, or to recover from it after it happens takes planning. To help, Logicalis’ security experts have compiled a list of the top five ways to respond to the threat ransomware poses today.

  1. Create a Modern Defense: Traditional signature-based anti-virus solutions are good to have, but they aren’t up to the job of thwarting a sophisticated ransomware attack.  Neither is your traditional stateful firewall. As a result, it is critically important to plan for the possibility of an attack by developing comprehensive visibility and access to extensive details on how the malware entered the organization’s environment in the first place. IT pros who are serious about heading ransomware off at the pass should focus intently on modern next-generation anti-malware and firewall solutions that can stop an attack before it starts.
  2. Take an Architectural Approach: In some limited situations, point solutions can be effective, but not with ransomware. The most effective way to address the threat posed by ransomware and other pervasive cyberattacks is to take a holistic architectural approach to security that encompasses the entire network including its systems and endpoints as well as the organization’s cloud and mobile strategies. Because so many of today’s threats are automated, solutions that rely on human intervention to detect and respond are neither affordable nor effective, making automation and orchestration key principals in a solid security architecture design.
  3. Prevent the Spread of Malware: If an attacker’s malware does enter the network, it has the ability to spread like a fast-moving cold among passengers on an airplane.  The key at this stage is to compartmentalize data using network micro-segmentation strategies that make it more difficult for malware to spread laterally within the environment.
  4. Plan Your Recovery: The unfortunate truth is, despite the security industry’s best efforts, no organization is entirely immune to attack.  Therefore, it’s critical to examine how the organization will recover if it is breached. First, be sure you’re backing up. Second, test, test and re-test the backup and restore process; a backup is only valuable if the data can actually be restored when it’s needed.  It’s also important to ensure that the restore can be done at the system level since file-based recovery may not be enough. Consider, too, how much redundancy is required; if the organization is hit, do you have an uncorrupted source from which you can immediately recover? And be sure to weigh the costs of various solutions against the cost of potential loss or downtime – not all data is equally valuable, which means not all data needs the same level of protection.
  5. Create a Pay or No-Pay Policy: Finally, the big question: To pay or not to pay? No vertical market is having a tougher time facing this question than healthcare is today; whether it’s critical patient-care data that hackers hold hostage or the threat of hefty regulatory fines imposed when protected patient health information (PHI) is breached, healthcare organizations have become prime targets for ransomware attacks. Before any organization – healthcare or otherwise – pays a ransom, however, Temske suggests examining how much damage will be done if you don’t pay. Do you have an uncompromised data backup from which you can restore? What is the cost to restore vs. pay – both monetarily and in terms of the business’ ability to function in the meantime? Ultimately, the decision comes down to how business-critical the compromised data is to the organization. If you do decide to pay, Temske has one word of advice: “Negotiate. In most cases, you can talk the price down, so it may make sense to consider not paying the first amount offered.”

About Logicalis
Logicalis is an international multi-skilled solution provider providing digital enablement services to help customers harness digital technology and innovative services to deliver powerful business outcomes.

Our customers cross industries and geographical regions; our focus is to engage in the dynamics of our customers’ vertical markets including financial services, TMT (telecommunications, media and technology), education, healthcare, retail, government, manufacturing and professional services, and to apply the skills of our 4,000 employees in modernizing key digital pillars, data center and cloud services, security and network infrastructure, workspace communications and collaboration, data and information strategies, and IT operation modernization.

We are the advocates for our customers for some of the world’s leading technology companies including Cisco, HPE, IBM, NetApp, Microsoft, VMware and ServiceNow.

The Logicalis Group has annualized revenues of over $1.5 billion from operations in Europe, North America, Latin America and Asia Pacific. It is a division of Datatec Limited, listed on the Johannesburg Stock Exchange and the AIM market of the LSE, with revenues of over $6.5 billion.

For more information, visit www.us.logicalis.com.

September 12, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Logicalis US Asks 10 Tough Security Questions Every CIO Must Be Able to Answer

NEW YORK, April 19, 2016 – The most important thing CIOs in any industry need to know about IT security, according to Logicalis US, an international IT solutions and managed services provider (www.us.logicalis.com), is that, despite the hype, the fear and the complexity of available solutions, securing digital assets is fundamentally about managing risk.

“It’s important for IT professionals to take their IT security risks seriously,” says Ron Temske, Vice President, Security Solutions, Logicalis US.  “The first thing that has to be established is what you are trying to protect, and whether or not all of your digital assets need the same level of protection.  Most organizations don’t think that way; they see security as a single, across-the-board, ubiquitous solution.  People often think if they have a firewall and anti-virus in place, they’re secure. Others believe no one is targeting them. In both cases, nothing could be farther from the truth. If all you have is traditional antivirus and a firewall, you might as well give your information away – and you might be doing just that. Once a threat moves beyond the firewall, you lose visibility and control of that threat, and that can happen as innocently as having an employee who unwittingly plugs a USB infected with malicious code into their desktop or laptop.  The biggest unpatched security vulnerability you have is your people.  And even if your organization isn’t high profile, your unsecured IT can become a back door for cybercriminals trying to break into your partners’ or clients’ systems. The solution is to develop and implement a comprehensive security program that spans the entire attack continuum – before, during and after an attack.”

This is why, Logicalis experts say, it is critical to know what you are trying to protect against.  A common acronym used among security professionals is CIA, which stands for Confidentiality, Integrity and Availability.

  • Confidentiality is primarily associated with protecting the assets that would cause the client harm if they were disclosed – think patient records in a hospital setting or credit card numbers on a major retail site.
  • Integrity is about ensuring data remains accurate and unaltered – patient prescription information is a good example.
  • Availability is about ensuring that business-critical assets are accessible when needed – consider the importance of medical personnel knowing a patient’s allergies.

To develop a plan that meets CIA objectives, Logicalis suggests organizations embrace two important truths: First, because cybercrime has proven to be a highly profitable venture, everyone has valuable information that criminals want.  And second, eventually, every business will experience some sort of breach.

Before designing and implementing security solutions to mitigate those risks, Logicalis suggests organizations partner with a solution provider experienced in security measures that can perform a vulnerability assessment to identify areas where the organization’s attack surface can be reduced.  Also helpful, the company says, is examining services like Logicalis’ Managed Security offering which can help IT pros focus on their business rather than being distracted by varying degrees of cyber threats and related security posture changes.

“Businesses often put off creating comprehensive security solutions because they fear the price tag, but there’s no need for that,” says Jason Malacko, IT security expert, Logicalis US.  “It’s true that there is no silver bullet.  Security is a process, not a product. People who want to find the ‘one thing’ that will protect their entire organization won’t find that because it doesn’t exist.  That’s because, with mobility and IoT, there is no single perimeter to protect anymore.  Security is more complex than that, and it’s our job as security experts to take that complexity out of the equation while helping our clients protect their digital assets as fully as possible.  But that doesn’t mean people have to deplete their budgets; the key is to match the solution to the client’s actual – rather than perceived – business needs. No one should buy a $1,000 safe to protect a $100 bill.”

10 Security Questions Every CIO Must Be Able to Answer

Cybercrime is an insidious business; it happens in plain sight, avoids detection and causes damage quickly.  There are even cybercrime-as-a-service offerings available to criminals who lack the technical know-how to reap the big jackpots capable of totaling tens of millions of dollars.  So, how do you prepare your organization to overcome an eventual attack? According to Logicalis, the solution begins by answering 10 important questions:

  1. If you knew that your company was going to be breached tomorrow, what would you do differently today?
  2. Has your company ever been breached? How do you know?
  3. What assets am I protecting, what am I protecting them from (i.e., theft, destruction, compromise), and who am I protecting them from (i.e. cybercriminals or even insiders)?
  4. What damage will we sustain if we are breached (i.e., financial loss, reputation, regulatory fines, loss of competitive advantage)?
  5. Have you moved beyond an “inside vs. outside” perimeter-based approach to information security?
  6. Does your IT security implementation match your business-centric security policies? Does it rely on written policies, technical controls or both?
  7. What is your security strategy for IoT (also known as “the Internet of threat”)?
  8. What is your security strategy for “anywhere, anytime, any device” mobility?
  9. Do you have an incident response plan in place?
  10. What is your remediation process? Can you recover lost data and prevent a similar attack from happening again?

Want to Learn More?

About Logicalis

Logicalis is an international IT solutions and managed services provider with a breadth of knowledge and expertise in communications and collaboration; data center and cloud services; and managed services.

Logicalis employs over 4,000 people worldwide, including highly trained service specialists who design, deploy and manage complex IT infrastructures to meet the needs of over 6,500 corporate and public sector customers. To achieve this, Logicalis maintains strong partnerships with technology leaders such as Cisco, HP, IBM, EMC, NetApp, Microsoft, VMware and ServiceNow on an international basis. It has specialized solutions for enterprise and medium-sized companies in vertical markets covering financial services, TMT (telecommunications, media and technology), education, healthcare, retail, government, manufacturing and professional services, helping customers benefit from cutting-edge technologies in a cost-effective way.

The Logicalis Group has annualized revenues of over $1.5 billion from operations in Europe, North America, Latin America and Asia Pacific and is one of the leading IT and communications solution integrators specializing in the areas of advanced technologies and services.

The Logicalis Group is a division of Datatec Limited, listed on the Johannesburg and London AIM Stock Exchanges, with revenues of over $6 billion.

For more information, visit www.us.logicalis.com.

April 19, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Exostar Launches Cybersecurity Risk Assessment Solution

Partner Information Manager Allows Organizations to Identify and Address Vulnerabilities throughout their Global, Multi-tier Supply Chains

HERNDON, VA, December 8, 2015Exostar, whose cloud-based solutions help companies in aerospace and defense, life sciences, and healthcare mitigate risk and solve their identity and access challenges, today announced the availability of Partner Information Manager (PIM), a new, modular solution that continuously measures risk across a business’s extended value chain.  With the launch of PIM and its cybersecurity module, organizations throughout the enterprise – from procurement, contracting, and IT to compliance, security, and the C-suite – have the information they need to build and manage their supply chains, assess potential vulnerabilities, and initiate steps to protect their intellectual property, reputations, and revenue streams.

Exostar developed PIM by working closely with many of the world’s largest Aerospace and Defense (A&D) industry firms, forming a Security Steering Committee that includes security and supply chain executives from BAE Systems, Boeing, Lockheed Martin, Northrop Grumman, Raytheon, and Rolls-Royce.  PIM’s Cybersecurity module reflects best practices input from these companies that is based on internationally recognized standards.

“Our objective was to bring A&D leaders together, understand their cybersecurity risk management initiatives and progress to date, and build consensus for the optimal approach to improving the industry’s cybersecurity posture going forward,” said Dr. Paul Kaminski, Exostar’s Chairman of the Board.  “With PIM, we have created a common platform that A&D supply chain ecosystem partners can jointly use to achieve this much-needed improvement.”

The heart of PIM’s Cybersecurity module is a comprehensive questionnaire and evaluation engine.  Suppliers complete the questionnaire and are assigned a Security Maturity Level that is a measure of their current capabilities.  Buyers get deep visibility into a supplier’s cybersecurity strengths and weaknesses, which lets them assess risk and make better business relationship decisions.  Suppliers have a clear roadmap for improvement recognized and accepted by multiple buyers, which allows them to justify the investments required to raise their Security Maturity Level and promote long-term engagements with buyers.

Exostar’s Managed Access Gateway (MAG) controls access to PIM, making it the most secure risk management solution on the market, while empowering individuals with a single sign-on user experience.  Because MAG brings together over 100,000 A&D organizations worldwide, PIM incorporates a “collect once, share multiple times” supplier engagement methodology.  Suppliers can complete or update the cybersecurity questionnaire one time and send it to any buying organization that is part of the Exostar A&D community – reducing the burden on suppliers by eliminating redundancy and enabling buyers to more rapidly obtain critical risk information.

“Understanding a supplier’s cybersecurity maturity level allows Lockheed Martin to make informed decisions on how best to manage their risk throughout our global, multi-tier supply chain,” said Jim Connelly, Vice President and Chief Information Security Officer at Lockheed Martin and Chairman of Exostar’s Security Steering Committee.  “Exostar’s PIM enables us to implement a consistent, efficient, cost-effective process to measure, assess, and mitigate risk in real-time and over time.”

About Exostar

Exostar’s cloud-based solutions help companies in highly-regulated industries mitigate risk and solve identity and access challenges. Nearly 125,000 organizations leverage Exostar to help them collaborate securely, efficiently, and compliantly with their partners and suppliers. By offering connect-once, single sign-on access, Exostar strengthens security, reduces expenditures, and raises productivity so customers can better meet contractual, regulatory, and time-to-market objectives.  www.exostar.com.

December 8, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Most Wired Hospitals Focus on Security and Patient Engagement

ANN ARBOR, MI and CHICAGO, July 9, 2015 – Health data security and patient engagement are top priorities for the nation’s hospitals, according to results of the 17th annual HealthCare’s Most Wired™ Survey, released today by the American Hospital Association’s Health Forum and the College of Healthcare Information Management Executives (CHIME).

The 2015 Most Wired™ survey and benchmarking study, in partnership with CHIME and sponsored by VMware, is a leading industry barometer measuring information technology (IT) use and adoption among hospitals nationwide. The survey of more than 741 participants, representing more than 2,213 hospitals, examined how organizations are leveraging IT to improve performance for value-based healthcare in the areas of infrastructure, business and administrative management, quality and safety, and clinical integration.

According to the survey, hospitals are taking more aggressive privacy and security measures to protect and safeguard patient data. Top growth areas in security among this year’s Most Wired organizations include privacy audit systems, provisioning systems, data loss prevention, single sign-on and identity management. The survey also found:

  • 96 percent of Most Wired organizations use intrusion detection systems compared to 85 percent of the all respondents. Privacy audit systems (94 percent) and security incident event management (93 percent) are also widely used.
  • 79 percent of Most Wired organizations conduct incident response exercises or tabletop tests annually, a high-level estimate of the current potential for success of a cybersecurity incident response plan, compared to 37 percent of all responding hospitals.
  • 83 percent of Most Wired organizations report that hospital board oversight of risk management and reduction includes cybersecurity risk.

“With the rising number of patient data breaches and cybersecurity attacks threatening the healthcare industry, protecting patient health information is a top priority for hospital customers,” said Frank Nydam, Senior Director of Healthcare at VMware. “Coupled with the incredible technology innovation taking place today, healthcare organizations need to have security as a foundational component of their mobility, cloud and networking strategy and incorporated into the very fabric of the organization”

As hospitals and health systems begin to transition away from volume-based care to more integrated, value-based care delivery, hospitals are utilizing IT to better facilitate information exchange across the care settings. This includes greater alignment between hospitals and physicians. According to the survey, the physician portal is a key factor in strengthening physician-hospital alignment:

  • In 84 percent of Most Wired organizations, physicians can view and exchange other facilities’ results in the portal compared with 63 percent of hospitals surveyed.
  • 76 percent use the portal and electronic health record (EHR) to exchange results with other EHRs and health information exchanges compared to 56 percent of those surveyed.
  • 81 percent can communicate with patients via email or alerts in contrast to 63 percent of all respondents.

Driven beyond the requirements of Meaningful Use Stage 2, this year’s Most Wired hospitals are utilizing the benefits of a patient portal to get patients actively involved in their health and healthcare. For instance, 89 percent of Most Wired organizations offer access to the patient portal through a mobile application. Other key findings include:

  • 67 percent of Most Wired hospitals offer the ability to incorporate patient-generated data.
  • 63 percent offerself-management tools for chronic conditions.
  • 60 percent offer patient-specific education in multiple languages.

“We commend and congratulate this year’s Most Wired hospitals and their CIOs for improving care delivery and outcomes in our nation’s hospitals through their creative and revolutionary uses of technology,” said CHIME CEO and President Russell P. Branzell, FCHIME CHCIO.”These Most Wired organizations represent excellence in IT leadership on the frontlines of healthcare transformation.”

“Congratulations to our nation’s Most Wired hospitals for harnessing the potential of information technology to improve quality care and patient safety and lower health care costs,” said Rich Umbdenstock, president and CEO of the AHA. “At the forefront of the field, these hospitals are setting the bar for protection of patient data through discerning security measures.”

HealthCare’s Most Wired™ Survey, conducted between Jan. 15 and March 15, 2015, is published annually by Health & Hospitals Network. Respondents completed 741 surveys, representing more than 39 percent of all U.S. hospitals.  Last October, the AHA/Health Forum and CHIME announced the formation of a Most Wired partnership to enhance collaboration between the two organizations in the development and sustainability of the survey, and to collectively help meet the growing demand for useful data on health IT integration.

Detailed results of the survey and study can be found in the July issue of H&HN. For a full list of winners visit www.hhnmag.com.

About the American Hospital Association
The American Hospital Association (AHA) is the national organization that represents and serves all types of hospitals, health care networks, and their patients and communities. Nearly 5,000 hospitals, health care systems, networks, other providers of care and 43,000 individual members come together to form the AHA. Founded in 1898, the AHA provides education for health care leaders and is a source of information on health care issues and trends. For more information, please visit www.aha.org.

About CHIME
The College of Healthcare Information Management Executives (CHIME) is an executive organization dedicated to serving chief information officers and other senior healthcare IT leaders. With more than 1,500 CIO members and over 150 healthcare IT vendors and professional services firms, CHIME provides a highly interactive, trusted environment enabling senior professional and industry leaders to collaborate; exchange best practices; address professional development needs; and advocate the effective use of information management to improve the health and healthcare in the communities they serve. For more information, please visit www.chimecentral.org.

About Health Forum

Health Forum is a strategic business enterprise of the American Hospital Association, creatively partnering to develop and deliver essential information and innovative services to help health care leaders achieve organizational performance excellence and sustainability. For more information, please visit www.healthforum.com.

About our Sponsor

VMware is a global leader in cloud infrastructure and business mobility. Built on VMware’s industry-leading virtualization technology, our solutions deliver a brave new model of IT that is fluid, instant and more secure. Customers can innovate faster by rapidly developing, automatically delivering and more safely consuming any application. With 2014 revenues of $6 billion, VMware has more than 500,000 customers and 75,000 partners. The company is headquartered in Silicon Valley with offices throughout the world and can be found online atwww.vmware.com.

July 9, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

HIMSS Survey Finds Two-Thirds of Healthcare Organizations Experienced a Significant Security Incident in Recent Past

Healthcare Organizations Implement New Technology and Personnel to Stay Ahead of Cyberattacks

CHICAGO (June 30, 2015– Cybersecurity was identified as an increased business priority over the past year according to 87 percent of respondents in the newly released 2015 HIMSS Cybersecurity Survey (http://www.himss.org/2015-cybersecurity-survey). Two-thirds of those surveyed also indicated that their organizations had experienced a significant security incident recently. Released at the Privacy and Security Forum, held in Chicago from June 30-July 1, this research reflects the continued cybersecurity concerns by healthcare providers regarding the protection of their organizations’ data assets.

“The recent breaches in the healthcare industry have been a wake-up call that patient and other data are valuable targets and healthcare organizations need a laser focus on cybersecurity threats,” said Lisa Gallagher, Vice President of Technology Solutions, HIMSS. “Healthcare organizations need to rapidly adjust their strategies to defend against cyber-attacks. This means implementing threat data,incorporating new tools and sophisticated analysis into their security process.”

The survey of 297 healthcare leaders and information security officers across the industry also found that at least half of respondents made improvements to network security, endpoint protection, data loss prevention, disaster recovery and IT continuity. Despite the protective technologies available, most respondents felt only an average level of confidence in their organizations’ ability to protect their IT infrastructure and data.

Key findings from the survey include the following:

  • Respondents use an average of 11 different technologies to secure their environment and more than half of healthcare organizations surveyed hired full time personnel to manage information security
  • 42 percent of respondents indicated that there are too many emerging and new threats to track
  • More than 50 percent of information security threats are identified by internal security teams
  • 59 percent of survey respondents feel the need for cross-sector cyber threat information sharing
  • 62 percent of security incidents have resulted in limited disruption of IT systems with limited impact on clinical care and IT operations
  • 64 percent of respondents believe a lack of appropriate cybersecurity personnel is a barrier to mitigating cybersecurity events
  • 69 percent of respondents indicated that phishing attacks are a motivator for improving the information security environment
  • 80 percent use network monitoring to detect and investigate information security incidents
  • 87 percent of respondents reported using antivirus/malware tools have been implemented to secure their healthcare organizations’ information security environment

In addition to the findings above, survey respondents found the following as the top ways security incidents were identified and the impact they had on their organizations:

To download the complete 2015 HIMSS Cybersecurity Survey, please visit: http://www.himss.org/2015-cybersecurity-survey

About HIMSS

HIMSS is a global, cause-based, not-for-profit organization focused on better health through information technology (IT). HIMSS leads efforts to optimize health engagements and care outcomes using information technology.

HIMSS is a cause-based, global enterprise producing health IT thought leadership, education, events, market research and media services around the world. Founded in 1961, HIMSS encompasses more than 58,000 individuals, of which more than two-thirds work in healthcare provider, governmental and not-for-profit organizations across the globe, plus over 640 corporations and 400 not-for-profit partner organizations, that share this cause.  HIMSS, headquartered in Chicago, serves the global health IT community with additional offices in the United States, Europe, and Asia.

June 30, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

HITRUST to Improve Patient Privacy with New Framework for De-Identification of Health Information

De-Id Framework to Simplify and Standardize Key Process of De-Identification of Healthcare Data

FRISCO, Texas–The Health Information Trust Alliance (HITRUST) announced today the new HITRUST De-Identification Framework, developed to improve patient privacy, enhance innovation and streamline the appropriate use of healthcare data. The framework meets the need of healthcare organizations for greater guidance and consistency in the de-identification and use of de-identified healthcare data, while simplifying and streamlining the process. De-identification is a key method for protecting privacy by preventing a patient’s identity from being connected with health information and is a core component of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.

“HITRUST believes clearer guidelines in the form of standards for the uses of de-identified data and managing associated risks are needed”

The HITRUST De-Identification Framework is fully aligned and mapped to the HITRUST Common Security Framework (CSF), the most comprehensive and widely adopted information security and privacy framework for the healthcare industry. The CSF is used by hospitals, health plans and other healthcare organizations as a certifiable, scalable and efficient approach to regulatory compliance and risk management. Now in its seventh major release, HITRUST continues to innovate and enhance the CSF ensuring it meets the ongoing needs of the healthcare industry.

Currently, many healthcare organizations remain uncertain about the de-identification process and the use of de-identified data. The new HITRUST De-Identification Framework offers standards and controls, consistent with HIPAA, to enhance the understanding of de-identification, clarify what qualifies as de-identified data, and to promote the use of de-identified data – leading to better healthcare for all.

HITRUST will hold a webinar on March 24th to brief the industry on this development and simultaneously release a draft of the new framework for an open comment period of 30 days.

“HITRUST believes clearer guidelines in the form of standards for the uses of de-identified data and managing associated risks are needed,” said Daniel Nutkis, CEO, HITRUST. He added, “Since the de-identification process needs to take into consideration the environmental safeguards in place housing the de-identified data, the HITRUST CSF was the logical vehicle to align it with.”

In addition to the new framework, HITRUST is providing resources, such as methodologies and white papers, for organizations to develop and assess their programs, as well as subject matter experts on topics such as the risks of re-identification.

The HITRUST De-Identification Framework includes the following key components:

  • Use Cases: Defines the multiple levels of anonymization and recommends specific use cases for each variant, such as end-to-end testing of automated clinical workflows and data mining for clinical research.
  • Criteria: Defines criteria for evaluating de-identification methodologies, estimating re-identification likelihood and criteria for certifying expertise in these methodologies.
  • Technical Controls Framework: Standards for mitigating the risks associated with the use, storage and maintenance of a data. The controls will create a baseline security framework for de-identified data and will include controls to mitigate re-identification risks.
  • HITRUST CSF Mappings: Mappings to the HITRUST CSF as it relates to de-identified data.

“These criteria create a clear framework for healthcare organizations that can be used to implement and evaluate a de-identification program. Organizations aligning to these guidelines are better able to protect patient privacy. At the same time, de-identification helps make the healthcare system work better for everyone by paving the way for innovation and increased public health benefits. We envision CSF Assessors will also assess against the framework,” said Kimberly Gray, Chief Privacy Officer – Global, IMS Health.

“With this comprehensive De-ID framework tied to the CSF, we can increase the adoption of best practices for de-identification, and allow more responsible protection and sharing of health information,” said Khaled El Emam, CEO, Privacy Analytics. “The framework is based on methods that are currently used in the field and have been shown to be robust and ensure high data quality.”

“De-identification is an increasingly important and challenging element in the evolution of health care, in the United States and globally. Because of the important societal benefits of appropriate de-identification, the HITRUST effort is an essential step forward in building an effective and consistent framework for these practices,” said Kirk Nahra, ESQ, Partner, Wiley Rein LLP.

To register for the HITRUST De-Identification Framework webinar visit: https://hitrustalliance.net/de-identification/

About HITRUST

Founded in 2007, the Health Information Trust Alliance (HITRUST) was born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST – in collaboration with public and private healthcare technology, privacy and information security leaders – has championed programs instrumental in safeguarding health information systems and exchanges while ensuring consumer confidence in their use.

HITRUST programs include the establishment of a common risk and compliance management framework (CSF); an assessment and assurance methodology; educational and career development; advocacy and awareness; and a federally recognized cyber Information Sharing and Analysis Organization (ISAO) and supporting initiatives. Over 84 percent of hospitals and health plans, as well as many other healthcare organizations and business associates, use the CSF, making it the most widely adopted security framework in the industry. For more information, visit www.HITRUSTalliance.net.

March 12, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Annual DataMotion Survey Reveals Shortfalls in Healthcare Security & Compliance Policy and Major Mobile Vulnerabilities

Email and File Transfer Poll Exposes Widespread Risks Still Taken By Employees;

Lack of Encryption for Email and Mobile Devices; Growth in Policy Development Undermined by Implementation Failure

FLORHAM PARK, N.J. – March 4, 2015 DataMotion™, an experienced email encryption and health information service provider (HISP), today announced results of its third annual survey on corporate email and file transfer habits, revealing significant security risks. While companies in all industries increasingly have put security and compliance policies in place – nearly 90 percent of all respondents affirming that in 2014 (compared to 81 percent in 2013) – the growth is largely from healthcare entities. More than 97 percent from the industry report their organizations as having policies in place, compared to 90.4 percent in 2013. However, challenges remain for healthcare when it comes to implementing these, ranging from low employee comprehension to policy violations. Additionally, a lack of encryption, risks in mobile device usage and low awareness of Direct Secure Messaging (Direct) pose serious issues for the highly regulated industry.

DataMotion polled more than 780 IT and business decision-makers across the U.S. and Canada. In particular, the survey focused on individuals who routinely work with sensitive data and compliance regulations in a variety of industries including healthcare, financial services, education and government.

More than 300 respondents were from healthcare. Key insights/comparisons on the industry include:

  • Security & Compliance Policy: Gains Undermined by Implementation Failure

o    36 percent of healthcare respondents said within their entity, security and compliance policies are at most only moderately enforced.

o    81 percent of all respondents said employees/co-workers either occasionally or routinely violate these policies. While healthcare fared better, nearly 73 percent admitted the same.

o    Key to making policies work is ensuring employee comprehension. When asked if they thought employees fully understood these types of policies, more than a third in healthcare said no, just a slight improvement over those from other industries.

o    When asked about common reasons why policies are violated, 52.7 percent from healthcare said it was because employees were not aware of the policy or that they were in violation. Another 29.1 percent said employees didn’t understand policies. Most troubling,18.2 percent said policies were intentionally violated by employees to get their job done.

o    These healthcare findings raise a “red flag” whereas key to passing an HHS/OCR HIPAA audit is demonstrating implementation of policies.

  • Lack of Email Encryption, Mobile Dangers and the Direct Problem

o    Nearly a third of respondents across other industries reported they don’t have the capability to encrypt email. Healthcare posted only a slightly lower response; nearly a quarter of respondents saying the same.

o    80.8 percent of healthcare respondents affirmed they’re permitted to use mobile devices for email. Yet, of those that permit email on a mobile device and have encryption at their organization, 31.3% cannot send and receive encrypted email from their mobile client.

o    Direct – the secure, email-like protocol developed for healthcare – garnered news coverage throughout 2014. Nearly 42 percent of healthcare respondents said they’re unaware of Direct. And of those who are aware of Direct, 42 percent say their organization is not using the alternative to email encryption.

o    The widespread use of mobile devices in healthcare, coupled with a lack of encryption, creates a “perfect storm” for exposing sensitive data.

  • Business Associates and the Long Tail of HIPAA/HITECH

o    Almost 70 percent of respondents whose organizations have a business relationship with a healthcare entity process their protected health information (PHI). Yet, 28 percent said they were either not a Business Associate (BA) or were unsure if they were.

o    Of those processing a healthcare entity’s PHI, 40.5 percent had either not been asked to sign a Business Associate Agreement or were unsure if they had.

o    HIPAA regulations redefined BAs to include downstream entities. Many not previously impacted by HIPAA/HITECH now fall under its long tail. The above numbers show a lack of awareness, placing BAs and the healthcare entities they represent at risk for non-compliance.

“Though the survey shows year-over-year growth in the number of companies putting security and compliance measures in place, the widespread security risks occurring are of great concern,” said Bob Janacek, chief technology officer at DataMotion. “Particularly at a time when organizations have experienced serious data breaches, it’s essential for companies to have strong policies and ensure employees fully understand and follow these. While healthcare has made gains in policy development, it’s all for naught if implementation fails, especially in such a highly regulated industry.”

“These measures should be across the board, as the data shows a gaping hole in security when it comes to mobile devices – with many companies permitting their use but not taking into account their lack of email encryption capabilities,” added Janacek. “Hopefully, this data will provide organizations with a better understanding of what steps need to be taken to ensure security and compliance.”

To view the healthcare survey report, click here or visit: http://www.datamotion.com/get-datamotion-2014-survey-report-healthcare-secure-email-file-transfer-practices/.

For survey results across all industries, click here or visit: http://www.datamotion.com/get-datamotion-2014-survey-report-secure-email-file-transfer-corporate-practices/.

About DataMotion

Since 1999, DataMotion™ SaaS technology has enabled organizations of all sizes to reduce the cost and complexity of delivering electronic information to employees, customers and partners in a secure and compliant way. Ideal for highly regulated industries, the DataMotion SecureMail portfolio offers easy-to-use encryption solutions for email, file transfer, forms processing and customer-initiated contact. In the healthcare sector, DataMotion is an accredited HISP (health information service provider) of Direct Secure Messaging. TheDataMotion Direct service enables efficient interoperability and sharing of patient data across the continuum of care. DataMotion is privately held and based in Florham Park, N.J. For the latest news and updates, visit www.datamotion.com, follow DataMotion on LinkedIn or Twitter® @datamotion.

March 4, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.