Industry Watch – September 2016

Aug. 26, 2016

Wireless Networking

Survey shows state of hospital Wi-Fi use

How does your hospital’s Wi-Fi use compare to other healthcare facilities? Results from a new survey conducted by Extreme Networks should give you a clue.

According to a poll of more than 100 hospital healthcare IT professionals from around the world, the top concern for Wi-Fi implementations is security/compliance (34 percent), followed by performance (28 percent), critical availability (19 percent), and coverage (14 percent). Sixty-four percent of respondents say their hospital is connecting medical devices via Wi-Fi, but only 42 percent say their hospital uses network access control (NAC) to isolate and monitor medical devices by manufacturer and type. When it comes to network upgrades, three in 10 (31 percent) respondents plan to upgrade their wireless network once every three years, while one-quarter (26 percent) aim for once every five years and 7 percent will take 10 years to institute improvements.

Security

What tools do hackers use once they’re inside your network?

A first-of-its-kind industry study on cyber attackers and the tools they use indicates that intruders often take a low-profile, slow, and measured approach once they’ve gained access to corporate networks. Rather than blasting through firewalls and grabbing whatever is handy, the results of the “Cyber Weapons Report 2016” from LightCyber suggest that slow and steady wins the race for hackers. LightCyber creates behavioral attack detection solutions.

The study found that 99 percent of post-intrusion cyber attack activities did not employ malware, but instead leveraged standard networking, IT administration, and other tools that could be used by attackers on a directed or improvisational basis. While malware was commonly used to initially compromise a host, once inside a network, malicious actors did not typically use malware.

Angry IP Scanner, an IP address and port scanner, was the most common tool associated with attack behavior, followed closely by Nmap, a network discovery and security auditing tool. Attackers use common networking tools to conduct “low and slow” attack activities while avoiding detection. Sophisticated attackers using these tools – rather than known or unknown malware – can typically work undetected for an average of five months.

Once inside a network, an attacker must learn about the network they’ve compromised and map its resources and vulnerabilities. The highest frequency attacker activity found in this study was reconnaissance, followed by lateral movement and then command-and-control communication.

SecureCRT, an integrated SSH and Telnet client, topped the list of admin tools employed in attacks, representing 28.5 percent of incidents from the 10 most prevalent admin tools. Admin tools triggered what are called “lateral movement anomalies,” such as new admin behavior, remote code execution, and reverse connection (reverse shell), among others.

TeamViewer, a remote desktop and web conferencing solution, accounted for 37.2 percent of security events from the top 10 remote desktop tools. TeamViewer was associated with command-and-control (tunneling) behavior, while other remote desktop tools, such as WinVNC, primarily triggered lateral movement violations.

Attackers leverage ordinary end-user programs such as web browsers, file transfer clients, and native system tools for command-and-control and data exfiltration activity, the report stated, going on to remind IT administrators that “the most mundane applications, in the wrong hands, can be used for malicious purposes.”

Results for the study were tabulated over six months, analyzing end-user networks totaling hundreds of thousands of endpoints worldwide. Organizations ranged in size from 1,000 to 50,000 endpoints, spanning industries such as finance, healthcare, transportation, government, telecommunications, and technology.

The study analyzed network activity gathered from the LightCyber Magna Behavioral Attack Detection platform, which automatically discovers the source software executables associated to the anomalous network behavior observed.

For a copy of the report, go to lightcyber.com.
Source: LightCyber

EHRs

Patient access to doctors’ notes is first for NYC

In a bid to be a forerunner in patient engagement, Mount Sinai Health System in New York City has launched OpenNotes, part of a national initiative to allow patients to have electronic access to their provider’s notes in their medical records. This move to provide greater transparency is believed to be a first for a New York City institution.

Four Mount Sinai physicians conducted the initial OpenNotes pilot beginning in December 2015, working at various clinical practices at the East 102nd Street and East 85th Street Primary Care Associates of the Mount Sinai Doctors Faculty Practice offices. The patients who participated reported satisfaction with their ability to access more in-depth medical records and reported feeling more connected and involved in their healthcare. Patients noted the information provided a better timeline of care, history of treatments, and thorough explanation of office visits.

The notes are available for the first time in the health system’s online EHR patient portal called MyMountSinaiChart. Users of the portal can now easily read details of their office visit from the convenience of their personal computer, tablet, or smartphone. MyMountSinaiChart, launched in 2012, also enables patients to communicate with their doctor, access test results, request prescription refills, and manage appointments.

Mount Sinai Health System’s Chief Medical Information Officer, Bruce Darrow, M.D., PhD, told HMT that the proper IT backbone and a commitment from clinicians and leadership to share clinical documentation with patients are keys to OpenNotes program success. A focus on educating doctors can go a long way too.

“Historically, many doctors have not been trained to write notes with the expectation that their patients are going to read them,” says Dr. Darrow. “They may have concerns that patients don’t understand or misinterpret technical terms, or call them with extra questions about the note. Some consulting doctors may use office notes as a way to communicate pessimistic news to referring providers, and use bleaker terms on paper than when speaking in person to a patient. Other doctors fear that they will become unwilling nursemaids to a medical chart with outdated or incomplete information from prior providers, and they will be on the hook to mend it. Fortunately, the experience of millions of patients and their clinicians has proven that sharing office notes with patients is a net positive both for patients and their care providers.”

Many ambulatory EMRs already have the ability to share notes with patients through their tethered patient portals. “There is some IT setup work, but it should not be outrageous,” says Dr. Darrow. “If you choose to customize extensively the participating physicians, departments, and note types, you’ll increase the work as you add complexity. But it should not be a major capital expense for most organizations or practices.”

Based at Beth Israel Deaconess Medical Center in Boston, OpenNotes is supported by the Robert Wood Johnson Foundation, the Gordon and Betty Moore Foundation, Cambia Health Foundation, and the Peterson Center on Healthcare. One of the initiative’s main goals is to expand access for 50 million patients within three years. Other OpenNotes participants include Duke University Health System in North Carolina, and prominent health systems and medical groups in Oregon and Southwest Washington.

Learn more about the OpenNotes initiative at opennotes.org.

Snapshot

Salesforce ‘2016 Connected Patient Report’

Salesforce surveyed more than 1,700 U.S. adults who have health insurance and a primary care physician to understand how they communicate with their providers, their opinions on telemedicine and wearables, and their experiences post-discharge from the hospital.

Key findings include:

  • Sixty-two percent of respondents rely on their doctor to manage their healthcare data. Twenty-nine percent of respondents keep their records in a physical storage location like a folder or shoebox.
  • Forty-eight percent of respondents report having the same doctor during the past 10 years, but 37 percent of millennials feel their doctor would not recognize them walking down the street.
  • Fifty-nine percent of respondents, including 70 percent of millennials, would choose a primary care doctor who offers a patient mobile app (allowing patients to make appointments, see bills, view health data, etc.) over one who does not.
  • Sixty-two percent of millennials say they would share their wearable health data with doctors in exchange for potentially better care, and 67 percent would be very or somewhat likely to use a wearable tracking device given to them by their insurance company in exchange for potentially better health insurance rates.
  • Sixty-one percent of patients who have been, or had a family member, hospitalized in the last two years say that post-discharge improvements can be made via better communication with their doctor and care team.

Download the full report at http://tinyurl.com/ha6ps5o.

Tech Tools

Instantly expand your iPhone and iPad storage

Apple phone and tablet users can now quickly and easily add to or free up space on their iPhone or iPad with up to 128 GB of additional capacity by using the SanDisk iXpand Flash Drive. This solution includes a flexible Lightning connector, a USB 3.0 connector, and a completely redesigned app to easily manage work files, photos, videos, and music between iPones, iPads, Mac, or PCs. The new drive also includes encryption software that password-protects files, allowing users to share content while keeping sensitive files secure across devices. Using the iXpand Drive app, users also have the option to save space instantly; the app has a camera function so users can shoot and save photos or videos directly to the drive instead of their iPhone or iPad.

Sponsored Recommendations

The Race to Replace POTS Lines: Keeping Your People and Facilities Safe

Don't wait until it's too late—join our webinar to learn how healthcare organizations are racing to replace obsolete POTS lines, ensuring compliance, reducing liability, and maintaining...

Transform Care Team Operations & Enhance Patient Care

Discover how to overcome key challenges and enhance patient care in our upcoming webinar on September 26. Learn how innovative technologies and strategies can transform care team...

Prior Authorization in Healthcare: Why Now?

Prepare your organization for the CMS 2027 mandate on prior authorization via API. Join our webinar to explore investment insights, real-time data exchange, and the benefits of...

Securing Remote Radiology with the Zero Trust Exchange

Discover how the Zero Trust Exchange is transforming remote radiology security. This video delves into innovative solutions that protect sensitive patient data, ensuring robust...