Ransomware Attacks Show That Healthcare Must Take Cybersecurity Seriously

While healthcare providers and healthcare industry vendors cannot afford to ignore HIPAA, a new threat has emerged and is poised to become much bigger: ransomware attacks on hospitals and healthcare providers that are not seeking to breach patient information but instead render it inaccessible until the organization pays a hefty ransom.

In just the past few weeks, the following major ransomware attacks on healthcare facilities have occurred:

In February 2016, hackers used a piece of ransomware called Locky to attack Hollywood Presbyterian Medical Center in Los Angeles, rendering the organization’s computers inoperable. After a week, the hospital gave in to the hackers’ demands and paid a $17,000.00 Bitcoin ransom for the key to unlock their computers.

In early March 2016, Methodist Hospital in Henderson, Kentucky, was also attacked using Locky ransomware. Instead of paying the ransom, the organization restored the data from backups. However, the hospital was forced to declare a “state of emergency” that lasted for approximately three days.

In late March, MedStar Health, which operates 10 hospitals and over 250 outpatient clinics in the Maryland/DC area, fell victim to a ransomware attack. The organization immediately shut down its network to prevent the attack from spreading and began to gradually restore data from backups. Although MedStar’s hospitals and clinics remained open, employees were unable to access email or electronic health records, and patients were unable to make appointments online; everything had to go back to paper.

Likely, this is only the beginning. A recent study by the Health Information Trust Alliance found that 52% of U.S. hospitals’ systems were infected by malicious software.

What is ransomware?

Ransomware is malware that renders a system inoperable (in essence, holding it hostage) until a ransom fee (usually demanded in Bitcoin) is paid to the hacker, who then provides a key to unlock the system. As opposed to many other forms of cyber attacks, which usually seek to access the data on a system (such as credit card information and Social Security numbers), ransomware simply locks the data down.

Hackers usually employ social engineering techniques – such as phishing emails and free software downloads – to get ransomware onto a system. Only one workstation needs to be infected for ransomware to work; once the ransomware has infected a single workstation, it traverses the targeted organization’s network, encrypting files on both mapped and unmapped network drives. Given enough time, it may even reach an organization’s backup files – making it impossible to restore the system using backups, as Methodist Hospital and MedStar did.

Once the files are encrypted, the ransomware displays a pop-up or a webpage explaining that the files have been locked and giving instructions on how to pay to unlock them (some MedStar employees reported having seen such a pop-up before the system was shut down). The ransom is nearly always demanded in the form of Bitcoin (abbreviated as BTC), an untraceable “cryptocurrency.” Once the ransom is paid, the hacker promises, a decryption key will be provided to unlock the files.

Unfortunately, because ransomware perpetrators are criminals – and thus, untrustworthy to begin with – paying the ransom is not guaranteed to work. An organization may pay hundreds, even thousands of dollars and receive no response, or receive a key that does not work, or that does not fully work. For these reasons, as well as to deter future attacks, the FBI recommends that ransomware victims not cave in and pay. However, some organizations may panic and be unable to exercise such restraint.

Because of this, ransomware attacks can be much more lucrative for hackers than actually stealing data. Once a set of data is stolen, the hacker must procure a buyer and negotiate a price, but in a ransomware attack, the hacker already has a “buyer”: the owner of the information, who is not in a position to negotiate on price.

Why is the healthcare industry being targeted in ransomware attacks?

There are several reasons why the healthcare industry has become a prime target for ransomware attacks. First is the sensitivity and importance of healthcare data. A company that sells, say, candy or pet supplies will take a financial hit if it cannot access its customer data for a few days or a week; orders may be left unfilled or delivered late. However, no customers will be harmed or die if a box of chocolates or a dog bed isn’t delivered on time. The same cannot be said for healthcare; physicians, nurses, and other medical professionals need immediate and continuous access to patient data to prevent injuries, even deaths.

U.S. News & World Report points to another culprit: the fact that healthcare, unlike many other industries, went digital practically overnight instead of gradually and over time. Additionally, many healthcare organizations see their IT departments as a cost to be minimized, and therefore do not allocate enough money or human resources to this function:

According to the statistics by Office of National Coordinator for Health Information Technology, while only 9.4 percent of hospitals used a basic electronic record system in 2008, 96.9 percent of them were using certified electronic record systems in 2014.

This explosive growth rate is alarming and indicates that health care entities could not have the organizational readiness for adopting information technologies over such short period of time. Many of the small- or medium-sized health care organizations do not view IT as an integral part of medical care but rather consider it as a mandate that was forced on them by larger hospitals or the federal government. Precisely due to this reason, health care organizations do not prioritize IT and security technologies in their investments and thus do not allocate required resources to ensure the security of their IT systems which makes them especially vulnerable to privacy breaches.

What can the healthcare industry do about ransomware?

First, the healthcare industry needs a major shift in mindset: Providers must stop seeing information systems and information security as overhead costs to be minimized, realize that IT is a critical part of 21st century healthcare, and allocate the appropriate monetary and human resources to running and securing their information systems.

The good news is, since ransomware almost always enters a system through simple social engineering techniques such as phishing emails, it is fully possible to prevent ransomware attacks by taking such measures as:

Instituting a comprehensive organizational cyber security policy
Implementing continuous employee training on security awareness
Regular penetration tests to identify vulnerabilities

How Strategic Alliances Can Grow Your Business Exponentially (Example: Cash Flow Consultant)

The smartest marketers nowadays form strategic alliances with other companies that sell “complementary” products or services, whose “image” fits well with their own product or service.

Cross-promotions and cross-advertising can save big on marketing support dollars, while creating more awareness and an even better image for each of the products or services through reciprocal endorsement. Think Pillsbury chocolate chip cookies made with Hershey’s chocolate.

Sometimes the products aren’t even that complementary and a connection between them is almost impossible to see. But why not have a gecko advertise insurance and diamonds in the same ad, if it means shared advertising and media cost?

It’s called “Relationship Marketing” and is indeed a very powerful tool and a very smart move, as long as both products or services

• target the same customer

• do not compete

• have a compatible, positive image

How could this work in the cash flow industry? Let’s say you provide access to factoring dollars. You might “team up” with someone who specializes in purchase order financing or equipment leasing.

You can easily market to the same businesses and customers without competing with each other, as the two of you provide different, yet possibly very complementary products.

Imagine if both of you did the same amount of marketing for your own product. By cross-promoting each other, you would immediately double your marketing reach without any extra costs to either of you.

Now think about having another person on your team who specializes in, say, business plan writing for example! Again, same target group and no competition. You have just tripled your marketing reach and efficiency.

You can probably think of other “good fits” with your business that could equally increase your marketing reach and efficiency in the very same way!

The point here is that through “team marketing” smaller players with more limited time and monetary budgets can achieve faster and greater success by combining their resources and efforts.

Now, where do you start when forming such alliances? First, you need to have the right people, of course. It helps a lot when they are compatible and share the same vision and values. They also need to commit to the same goals, and each of them needs to “pull their own weight”. Motivation and determination are paramount. No free-loading or piggybacking for anyone!

Of course, if you have assembled such a team, you can even take it one step further and go from a “strategic alliance” to a full-fledged company formation.

Imagine, under a single company umbrella you could even qualify for group healthcare insurance rates and enjoy many other cost-saving benefits (e.g. common business cards, brochure, website, and other marketing support materials, etc.).

In addition to the cost savings, just think how much more ground you could cover with a like-minded team compared to what you could achieve on your own with your own, limited resources (both, time and money)!

For example, instead of dividing your available hours between phone calls, networking events, direct mail preparation, trade show attendance, and social media participation, you could divvy those tasks up between different team members and run those activities simultaneously instead of consecutively.

Think of the afore-mentioned cost saving opportunities. Let’s say you had $5,000 to build and run your business. If you do it on your own, you pretty much have to spend the money on operational cost and marketing just to keep the business going.

Now imagine you had three like-minded “partners” who all had $5,000 working capital as well. All of the sudden the “company” has $20,000 working capital. Even if you would now have to spend $8,000 on operations and marketing, the company would still have $12,000 to invest.

Now, the “company” could take, say, $10,000 of its remaining “investment capital” and – instead of just brokering cash flows – actually acquire some paper as well!

Congratulations! You have just created a double-income stream. One from brokering and one from investing.

In other words, the share of the “company’s” working capital that is being “invested” is now actually producing a direct return, instead of just being “spent” on activities that are expected to generate a return in the future.

That is a huge difference when it comes to the bottom line.

If you put that scenario on a forward trajectory, any surplus money the “company” generates (i.e., income minus expenses and taxes) could now flow into the acquisition of more paper (invoices or notes or tax liens or whatever else best fits the team’s short- or long-term investment strategy and goals).

Of course, it is a quite a leap to go from the idea of being a one-person cash flow broker to a multi-person team or company that not only brokers cash flows but also shares the risks of investing in them.

However, just like being a rocket scientist or a brain surgeon is not for everyone, investing in cash flows may not be for you.

The good news though is that the market entry barriers for becoming a cash flow investor are much lower – unless you’re already on your way to becoming a rocket scientist or brain surgeon, that is, of course.

But if you’re intrigued about the opportunities and challenges of brokering and investing in cash flows, just play it out in a plan and run the numbers (or let me know if you need any help).

If you think this all sounds great on paper but that it is way too difficult to pull off in reality, you might be right.

However, perhaps not necessarily for the “technical” reasons you probably have in mind. The real hard part about the whole thing is finding the right people with the right attitude and the right commitment with whom to team up.

Evolving Healthcare Trends

The model trends in the healthcare system have been changing over the period of time. The old trend gave importance to the individual patients and the emphasis was on treating illness. The goal of the hospitals was to do inpatient admissions, fill up the beds and more emphasis was given to acute inpatient care. The role of managers in the old paradigm was to run the organization and coordinate services. In the old system, all providers were essentially the same. The hospitals, physicians and health plans were separate and not integrated.

The newer trends that evolved gave importance to the population as a whole. It not only treated illness, but emphasized on promoting the wellness of the people. The goals of the healthcare system after being transformed over the years is to provide care at all levels which is continued. The role of managers in the new paradigm is more broad. They see the market and help in quality and continued improvement. They not only run the organization, but also go beyond the organizational boundaries. In the evolving system, the providers are differentiated according to their ability. The hospitals, physicians and health plans have formed an integrated delivery system.

One of the current trend in the healthcare delivery model is that continued care is emphasized. The key professionals are not only treating patients for their illness, but they are promoting and managing quality of health. For example, a patient with high cholesterol visits a doctor. He is not only given one-on-one medical treatment, but he is also offered to attend a group session where information is provided on how lifestyle and behavioral change can help. The patients learn from the clinicians and also from each other. Another current trend is to take care of the health of the defined population and not only individual patients. All the health needs of the population as a whole are identified and served. It is emphasized that the community uses the health and social services provided. Healthcare has become more population-based. Another trend that has evolved is that the hospitals, physicians and health plans have got connected and have formed an integrated delivery system. More investments are being made with a goal of providing services to the customers and retaining them.

There is a beneficial impact in the transformation of healthcare towards emphasizing continued health. The way healthcare has been viewed in the past has been changing. The shifting of care from treating acute illnesses to providing continued care is resulting in enhancement of the health of the people. The only appropriate and feasible model is to provide a continuum of care with the emphasis firmly on the family and community. The health of the population and community is considered as a whole. This is advantageous as it creates value in the healthcare delivery system. The healthcare providers work with the community as a whole and consider to improve the health of the general population. Even though this requires new kinds of ways of organizing and managing healthcare services, it helps in understanding the health needs of the target population. By studying their needs, the right health and social services could be provided to them. Examples of promoting wellness of the whole community are organizing health campaigns and providing preventive education to the people in general. Another example is providing awareness about flu vaccines and encouraging people to get the vaccination.

Integrating the healthcare delivery system has led to certain advantages to the patients. For example, they can be offered alternative sites of care depending on their convenience. It helps in meeting the needs of the customers and their preferences which is taken into account. The number of providers are expanded and the patients get to have a choice. The relationship between providers and health plans are organized in the current trend and this ensures that the right care is provided in a convenient way to the customers.

There are defined budgets and expenditure targets for the populations which implies that there is a need to be efficient and productive. The formation of strategic alliances, networks, systems and physician groups can also add value. There are capitated payments and budgets allotted to the healthcare organizations. These are used to provide care to the defined population. The organization might like to improve on the payments and budgets as the expenditures of the companies increase. This results in the management to make decisions like forming strategic alliances with other organizations and increase the total resources. The growth of such networks will help in providing better care to the customers. Financial resources greatly influence the efficiency and productivity of the organization.

The aging population is influencing the healthcare delivery. There is increased demand for primary care of people over 65 years and for chronic care of people over 75. The ethnic and cultural diversity is also influencing the healthcare delivery. This provides a challenge in meeting patient expectations on one hand and diverse workforce on the other. Biological and clinical sciences have met with technological advances and have led to new treatment modalities. This has led to open new treatment sites and manage across the organization. External forces change the supply of certain areas of health professionals like physical therapy and some areas of nursing. The management needs to compensate for such shortages and they need to develop different teams of caregivers at different work sites. Changes in education of health professionals implies that the management be more creative in offering healthcare services. With an increase in diseases like AIDS and morbidity from drugs and violence, there is more and more need to work with community agencies, form social support systems and there is a need for more chronic care management. Advances in information technology is another area where there is a need to train the healthcare employees in new advances. They also need to manage issues of confidentiality and rapid information transfer. Increasing expansion of world economy has led to more competitive management of strategic alliances, care of patients across the nations and of different cultures.

Current environmental trends impact the healthcare delivery model. Organization’s success depends on its external and internal environment. The complex environments made up of uncertainties and heterogeneity of components leads to different organizational designs. The current environmental trends influence managerial and organizational decision making. The unique challenges facing the healthcare delivery organizations should be analyzed in order to develop and implement new and effective operational processes and strategies. As an impact of current environmental trends, the healthcare delivery system needs to improve individual, team, and organizational accountability and performance. The impact of advances in medical knowledge and information technology on the process of healthcare delivery should also be examined, and it should be leveraged to improve quality of care, process and cost controls, and revenue. New strategies would need to be identified and implemented for learning and performance improvement to create a culture that supports accountability, safety, and high-quality care. Innovative models in healthcare delivery would also be required in order to develop and implement strategies that promote organizational success and competitiveness.

Due to the current environmental trends, more emphasis is given to the customers and there is more of a patient-focused care. The healthcare delivery model has been shifting to the community based care. There has been an increased modification in care processes. The traditional ways are being challenged and more experiments are being performed to fulfill the demands to improve the quality of care. Due to the shift in the environmental trends in the healthcare delivery model, more emphasis is given to quality improvement. This will help improve the performance levels of key processes in the organization. The performance levels are being measured, the defects are eliminated and new features are being added to meet the customer’s need efficiently.

There is a new emerging contemporary trend in the U.S. healthcare system. Presently, the management research and assessment have been offered increased recognition. The emerging trend seen is that this is slowly forming an integral part of managerial and organizational effectiveness. With the emerging efforts in information management, it is leading towards clinical and financial networking. The trend seen among the physicians and nurses is that they are being increasingly involved in managerial activities. The managerial trends are also changing with respect to role performance and changing values. The managers role is getting more and more recognized in managing finance and human resources. Management training, lifelong and distance learning is being offered in preparing future managers.

The healthcare executives and managers will be faced with the major responsibility and challenge in the years ahead. They will be working with other healthcare providers and will be creating a competitive future for their organizations. They will not only be managing organizations but also a network of markets, services and joint ventures. Formation of more and more strategic alliances and partnerships will lead the management to manage across boundaries. The management will change from managing a department to managing the continuum of care. The management will be following a community-based approach. Trend in management is also shifting from just coordinating services to providing improvements in quality.

As the demands in healthcare are increasing, the management is responsible for forming performance standards. The management is also challenged to maximize the productivity and quality to serve the health needs of the community. The management is looking after the demands of the external environment as well as attending to the performance of the internal environment. The management is responsible for the performance of the organization.

Healthcare organization leadership will be responding to new trends and competitive forces. It will respond to continuum of care, overall health status of the population and more complex organizational structures. These emerging trends in the healthcare system will effect the organization’s leadership. The future managers would need leadership skills and vision to integrate the organizations and help in providing the best care. The managers will have to be committed to leadership and work on giving their organizations the best place and help their organizations adapt to the changing circumstances. More value will be given to leaders who will be able to lead the change process. As changes are inevitable for the betterment of the organization, the leaders should be able to identify how the change is to be received and how it is to be communicated at all levels of the organization without damaging the implementation process. The leaders might have to deal with increased pressures due to organizational complexity.

The leader in the organization provides strategic direction to the organization, manages diverse stakeholders, becomes mentors for management, is willing to take risks, helps the organization interact with the external environment and attends to the internal needs as well. Where required the leader will involve physicians in governance process and align physician and organizational interests. There will be a need for formation of learning organizations. Transformational leadership will create the required vision for the organization. Leaders will have a greater role complexity and they themselves will have to adjust rapidly to new situations. The healthcare organization leadership will have to live up to the values of the organization and will help in fulfilling the mission of the organization.

Individuals and groups within the healthcare organizations require more and more competencies. An enhanced lifelong learning is required due to the fast, changing environment. The individuals and groups within the healthcare organizations will be benefitted as there will be rapidly developing medical technologies which will result in increased services. More sophisticated health services will be provided to the consumers. The range and quality of services provided will be regulated for the benefit of people requiring home care, long term care and ambulatory care. The anticipated future development will also result in the increased competition among the health services organization. The individuals and groups will be involved more and more with the community for issues like drug abuse, teenage pregnancy and violence.

Individuals and groups will be faced with increased strategic planning and management in the healthcare organizations as there will be ever increasing involvement by the trustees and physicians. As the future environment in the organizations will be more complex, the individuals and groups in the healthcare organizations might feel more pressurized. They will need to serve the changing demands of the community as the population of elderly patients will increase. These individuals will require more professional training, increased levels of education and should be taking part in continuing education programs.

Due to the anticipated future development in the healthcare organizations, those individuals and groups will be valued, who are adaptable, committed, are able to add value and embrace change. These individuals will be required to experiment more and help in redefining the mission and goals of the healthcare organizations.

The Future of Healthcare: Physician Assistants and Nurse Practitioners In Demand

As the landscape of healthcare and medicine widens, there will be ongoing changes over the next several years. Workloads for medical professionals have been increasing as more people are being covered by insurance, and there will be more care provided by physicians assistants and nurse practitioners.

A 2004 Medical Group Management Association (MGMA) Cost Survey Report revealed that the number of full-time equivalents of Physician Assistants, Nurse Practitioners, and other people involved in a healthcare team increased in many specialty groups. Those numbers have increased even more in recent years due to the Affordable Care Act (aka “Obamacare”), and are projected to keep going up through 2020 because of aging and population growth.

This is great news for people who aspire to become healthcare professionals because they will be in high demand, but on the other side of that there has been concern for patient safety and the quality of care offered by non-physician providers. Stakeholders such as local and national government, patient care delivery organizations, health care provider education programs, the health insurance industry, and the general public face some level of anxiousness and uncertainty.

There are nurses who are looking to end laws that mandate doctor supervision, however, there are already nurse practitioners in many states who are working without primary care doctors.

To alleviate the increased risks of medical malpractice, there are many organizations that have stepped up in recent years, aggressively promoting the importance of patient safety and quality care. There’s the World Alliance for Patient Safety, which was launched in October 2004 by the World Health Organization. The National Patient Safety Foundation came about in 1997 with a vision “to create a world where patients and those who care for them are free from harm.” Each of these organizations have various programs and workshops to educate and enhance the culture of patient safety.

NPs and PAs are perceived now as being more than just health care providers. PAs are essentially trained based on the same model as doctors while NPs have a more comprehensive approach with the focus on health promotion.

Despite the education difference of NPs and PAs versus doctors, experience and patient rapport play a role in how patients feel about the level of care they receive. As long as everyone is doing their best, there is constant communication between everyone providing care, and the patient feels like their needs are being met, that’s all that matters when all is said and done.

Drug Development Pipelines – New Alliances and Partnerships Critical to Keeping Pipelines Productive

The pharmaceutical industry is in the midst of an unprecedented change in its business model. Large pharmaceutical companies, while retaining remnants of their research divisions and some of their local manufacturing facilities, will soon cut to their core business of drug development. Emerging companies will fill the void, providing innovation and potential therapies for the development pipeline. And manufacturing will be contracted to third parties or conducted overseas where it is less expensive.

The current variants of this model-generic drug companies, contract research organizations, drug delivery specialty companies, and virtual pharmaceutical companies-will eventually fall into line, but not until large pharmaceutical companies acknowledge the new model and build a strong interface among themselves, emerging companies that provide innovative new therapies, and the regulatory bodies, such as the Food and Drug Administration in the United States.

M&A Activity Hampers Innovation A debate held at the American Association of Pharmaceutical Scientists (AAPS) annual meeting last November probed whether the last decade of mergers and acquisitions within the pharmaceutical industry had hampered innovation. The most compelling arguments concluded that it has. In fact, reduction in innovation is blamed for the scarcity of new chemical entities in development pipelines. As a result, major pharmaceutical companies are looking to emerging biotechs to supply compounds or technology platforms to license, acquire, or shepherd via strategic partnerships in an effort to bolster pipelines and allay shareholder concerns.

Exclusivity losses in one or more major markets will claim a number of blockbusters in the coming year, eroding innovators’ profits as the generics industry undersells them. Risperdal, Topamax, Lamictal, Depakote, and Fosamax are among those on the chopping block for 2008. And although there are 25 to 30 new products awaiting approval in 2008, 80 percent are specialty pharmaceuticals, according to IMS Health. It is hard to imagine there will be new blockbusters to replace those lost to generics. And considering the current rate of FDA approvals, it is difficult to predict how many of the new medications will even make it to market this year.

Global Market Growth The global pharmaceutical market is expected to grow 5 to 6 percent in 2008, to $745 billion, according to IMS Health. For the first time, the U.S. will comprise only one-third of the global pharmaceutical market as patients in China, Brazil, Mexico, South Korea, India, Turkey and Russia gain access to better healthcare. These emerging markets are driving new growth and opportunities for pharmaceutical companies, but the widening demographic argues more for specialty pharmaceuticals than for blockbusters.

Industry analysts report rising R&D costs and reduced numbers of new drugs approved each year. The reduction in drug approvals is blamed in part on the chronically understaffed FDA, in part on the lack of innovative drugs in the pipelines of major pharmaceutical companies, and in part on the inexperience and lack of funding that hampers smaller companies’ efforts to meet all of the regulatory hurdles in a timely fashion. In fact, many licensing deals are turning out to be more expensive than anticipated as licensees are finding it necessary to re-optimize their lead candidates.

Consider Regulatory Needs Early Now is the time for both large and small pharmaceutical companies to include relevant regulatory bodies in their development plans very early on. In the U.S., the FDA has been asking companies to engage it with greater transparency regarding development plans and study results. Although this might seem risky, obtaining early agreement on the path forward is likely to save time and money and avoid the dreaded “Approvable” letter. It might even prevent the lawsuits and public scrutiny of a Vioxx debacle.

In fact, pharmaceutical companies have a perfect opportunity to establish a more open relationship with the FDA by working with the agency to develop more predictive toxicity assays that eliminate problem compounds early in the development process. In an interesting article appearing in the November issue of Pharmaceutical Executive titled “FDA’s Approvable Problem,” senior editor Walter Armstrong discusses the controversy between the industry, the FDA, and public opinion. He notes the lack of public understanding that even though a drug has been approved, toxicity issues still can arise later. People don’t seem to understand all that talk about risk/benefit that is certainly a part of the approval process.

Communicate Risks Better This is something that will probably never go away. We cannot know everything about a drug before it is approved, but the industry needs to do a better job of communicating this to the public. It must make continual, concerted efforts to establish better methods for evaluating drugs before they are approved. That’s a “win” for everybody. The effort can be communicated to the public to show the industry’s concern and can help restore FDA credibility. In addition, information shared with emerging companies will ensure that these studies are implemented early in the development process before licensing.

As evidence of the new pharmaceutical business model in the making, the Financial Times published several articles last December on GSK’s new head of R&D, Moncef Slaoui, who inherited the much-heralded Centres of Excellence for Drug Discovery that CEO J.P. Garnier and then-head of R&D Tachi Yamada created in 2001. The centers were designed to separate the research organization into specialty units simulating autonomous biotechs; the units would identify quality lead compounds which they then handed off to the international development machine. After six years of experimentation, Slaoui commented: “It’s one thing to create an organigram. It’s another to change values…We’ve done well on the structure but more is required on behavior.” His resolution for the short term is to retain about four of the centers and work to re-focus them on the science and innovation, but at the same time to look for licensing opportunities to fill as much as 50 percent of the pipeline.