Keep Your Company Out of the Shocking Data Breach Headlines

Rising Statistics Show Internal Security is Not Enough to Protect Data

On Monday June 3, Quest Diagnostics, the largest blood-testing company in the world, reported that nearly 12 million patients’ personal information, including financial data, social security numbers, and medical records, was exposed through a data breach at a third-party billing collection agency. While lab results were not affected, the sheer number of patients affected makes this event the second largest healthcare data breach ever reported, following only health insurer Anthem’s 78.8 million record data breach in 2015.

The Overlooked Third-Party Risk

How could a global company like Quest’s patient data be so vulnerable? The risk did not come from within the enterprise healthcare company, but through a data breach by American Medical Collection Agency (AMCA), a third-party billing collection service vendor providing services to Quest’s healthcare revenue manager, Optum360 LLC.

External entities like AMCA are widely used across industries. A recent Deloitte poll found 70% of enterprise businesses report a moderate to high reliance on third-party services, but all the rewards come with equal risks. The same poll found that 47% of the organizations surveyed had experienced a risk incident involving the use of third-party services in the last three years.

Quest is Not Alone and That’s Not a Good Thing

Healthcare is an appealing target for hackers, and third-party services have provided the perfect backdoor access to data for several major breaches in 2019.

Just one day after Quest made their announcement, diagnostics company LabCorp reported nearly 7.7 million patients’ personal data was exposed as a result of a massive breach at the same third-party billing collection agency as Quest: AMCA. Additionally, Rush System for Health reported in March 2019 that the personal information for approximately 45,000 patients was compromised due to their third-party claims processing services vendor, and Emerson Hospital reported around the same time that 6,314 patients had portions of their protected health information exposed due to a security breach at a third-party services vendor.

Beyond healthcare, big-name companies across industries have made headlines due to compromised data, including Target, Home Depot, Applebee’s, and Saks Fifth Avenue. A 2018 study by Opus & Ponemon Institute found that 59% of companies experienced a third-party data breach that year, but a mere 16% claimed they effectively mitigated third-party risks. While it may seem obvious that outside entities can create security gaps, it appears dedicated evaluation and management of these additions can often be substandard, with only 37% of the study’s respondents indicated having enough resources to manage third-party relationships.

Cautionary tales featuring global healthcare companies, retail giants, and national restaurant chains might be enough to change those eye-opening statistics, but lawmakers are now asking impacted companies about “vendor selection and due diligence process, sub-supplier monitoring, [and] continuous vendor evaluation policies,” and pointedly asking about the recent breach headlines “how many times has Quest Diagnostics conducted a security test which evaluates both Quest Diagnostics’ systems as well as the systems of any companies it outsourced to?”

Don’t be in the News for a Breach and Don’t be a Statistic – Here’s How

First, following best practices and compliance mandates can set enterprise organizations up to better protect their data from any vulnerabilities third-party entities present, including:

  1. Regularly scheduled vulnerability assessments
  2. HIPAA-required risk assessments for healthcare organizations
  3. Dedicated security management and monitoring
  4. Disaster Recovery planning

BAAs are Necessary but Not Sufficient

Enterprise companies must always ensure that they have a solid and trustworthy partner that can deliver secure infrastructure with a comprehensive Business Associate Agreements (BAA). A BAA acts as a binding contract to create liability between the company and vendor that upholds both parties to stringent HIPAA regulations, but more can be done to truly ensure security for critical data. Ntirety provides peace of mind with industry-leading BAAs and more so with our HITRUST CSF Certified status, demonstrating that all the certified applications appropriately managing risk by meeting key regulations and industry-defined requirements. “HITRUST CSF is the gold standard,” says CEO Emil Sayegh. “In the face of mounting data breaches, companies handling sensitive data must remove all doubt by working with trusted cloud providers with deep experience in security protocols and regulatory compliance.”

Trust is Possible with the Right Third-Party Vendors

Whether starting for square one or proactively planning for a worst-case scenario, organizations can avoid a data breach disaster at the hands of a third-party vendor with diligent vetting, managing, and planning – all of which can be time-consuming and drain resources, falling back to the 37% statistic above.

Meeting HIPAA compliance and setting strong BAAs are a good start, but with the help of experienced HITRUST-certified experts, businesses can better trust their third-party associates. Like an extension of their own teams, Ntirety guides and supports with our detailed and compliance-focused assessments, steadfast monitoring, and rigorously tested recovery plans. Ntirety is ready to meet any organization’s needs, such as our client BlueSky Creative, Inc. who had “a lot of questions and need[ed] to be 100% confident in the provider”, but Vice President Stephanie Butler explains that with Ntirety “from day one, all my questions were answered, and I was given all the guidance I needed and more.”

As a tenured IT services company with over 20 years of experience, Ntirety solutions meet compliance for PCI, HITRUST, HIPAA, FERPA, and GDPR guidelines, and our BAAs strengthen the mutual commitments to safeguard customer data. Our design for data security thoroughly evaluates all third-party vendors and how they interact with all systems and platforms and continue with safeguard evaluations, so no customer ever has to worry about becoming a statistic.

Schedule a consultation with Ntirety to protect your data and keep your third-parties secure.

Can’t Miss Sessions at CloudEXPO

Ntirety is excited to attend and present at CloudEXPO at the Santa Clara Convention Center from June 24-26, 2019, joining thought leaders from around the country to explore the latest trends in cloud technology. Our team of IT experts looks forward to interactive discussions and sessions covering the growing varieties of cloud options, including the increasingly popular hybrid and multi-cloud solutions, as well as related topics like cybersecurity, artificial intelligence, compliance, IoT, and more.

In addition to Ntirety CEO Emil Sayegh and CISO Chris Riley’s two sessions covering the shifting trends of public cloud usage on Monday 6/24 1:55pm – 2:30pm and 11:40am – 12:15pm respectively, there are a plethora of thought-provoking presentations over the 3-day conference.

Here are 6 can’t-miss sessions to attend:

Risk Management When Migrating into a Public Cloud Provider | Monday, June 24 • 4:00pm – 4:35pm

When it’s critical for data and applications to exist within a compliant environment, cost becomes a major concern during cloud migration. In this session, gain a better understanding of how to evaluate and mitigate risk rather than compromising on compliance standards or losing control of costs.

Why you should attend:

  • Take a step-by-step approach for better risk management during migration, including information on:
  • Building a business case
  • Classifying the requirements
  • Setting expectations
  • Managing security, usability and cost
  • Considerations on compliance and audits

Not Your Mother’s Cloud: Best Practices for Enterprise Hybrid Cloud | Tuesday, June 25 • 8:30am – 9:05am

A recent survey found that large companies (1,000 employees or more) were more likely to experience a migration failure than smaller organizations, due in part to the more complex systems with multiple servers, databases, and applications. Learn from real-life experiences architecting hybrid cloud solutions in this Tuesday morning session.

Why you should attend:

Focusing on the key patterns gathered from hybrid cloud successes and struggles, attendees will find valuable takeaways to support, future-proof, and automate a smoother hybrid cloud experience in today’s ever-changing IT landscape.

The Era of Digital Transformation | Tuesday, June 25 • 8:30am – 9:05am

Looking towards the future with AI, machine learning, and IoT, digital transformation becomes much broader than just individual organizations moving to the cloud. This session will take a deeper look at the big picture issues with Border Gateway Protocol (BGP), the equally big ambitions to augment its practically untouched 30-year old architecture, and how this has the potential to help your business perform better.

Why you should attend:

Gain an important understanding of foundational components in common IT challenges such as performance, scaling, convergence, and networking – and the innovations at the forefront to resolve these issues. Be in the know on the grand scale digital transformation for BGP.

Why the Cloud is Perfect for Data Protection | Tuesday, June 25 • 3:40pm – 4:15pm

Studies find that 66% of IT professionals say security is their greatest concern for adopting an enterprise cloud platform. In this presentation, W. Curtis Preston, also known as Mr. Backup, calms any concerns with detailed benefits of cloud-based data protection and management along with how to decide if a cloud solution is right for your organization.

Why you should attend:

  • Get answers to these 3 major cloud questions:
  • What is the key advantage for cloud data protection?
  • What advantages beyond protection can the cloud provide for data storage?
  • How can the cloud improve disaster recovery strategies?

The Great Migration: Retreat From the Cloud Sacrificing Security? | Monday, June 24 • 11:40am – 12:15pm

As more and more enterprise businesses are opting out of public cloud for more flexible options like hybrid and multi-cloud, data protection during migration doesn’t always get the amount of planning it deserves. Don’t let cybersecurity issues surprise your organization during cloud migration! Led by Ntirety CISO Chris Riley, find out what areas are often overlooked in this informative session.

Why you should attend:

  • Identify and unravel key areas of concern enterprise organizations need to remember for any digital transformation, including:
  • Compliance
  • Blending service and deployment models
  • Management and governance
  • Complications in re-entry to cloud environments
  • Protocols and enforcement

The Great Correction: Why Are Some Enterprises Fleeing the Public Cloud? | Monday, June 24 • 1:55pm – 2:30pm

Presented by Ntirety CEO Emil Sayegh, this session covers one of today’s pivotal trends: enterprise organizations shifting away from the public cloud and moving instead to hybrid and multi-cloud solutions. Sayegh aptly predicted hybrid cloud becoming the new normal—a recent Forrester report found 74% of enterprises describe their strategy as hybrid or multi-cloud—but what is driving this mass exodus from one cloud solution to the other? Learn how the cons started outweighing the pros of public cloud in this insightful session.

Why you should attend:

Get an insider’s perspective on the challenges enterprise businesses face when operating in the public cloud. Ntirety CEO shares his firsthand experience supporting and strategizing new solutions with enterprise customers throughout his 20 years in the industry. The list of complaints may be more familiar than you expect for your own organization.

Stop by and say hello!

As the premier conference in the cloud technology space, Ntirety is honored to present alongside our industry peers and share our collective knowledge with the hundreds of CloudEXPO attendees. All of the thought-provoking topics and engaging interactions happening in sessions and on the exhibition floor make this a one-of-kind event not to be missed. Be sure to visit booth 618 to learn more about how Ntirety can help guide your organization’s cloud journey.

Come connect with Ntirety at CloudEXPO! Find our full conference schedule, exhibition floor giveaways, networking opportunities and more »

How SLAs Miss the Mark: Exploring the Importance of GLAs

 

If you’re an IT professional working with vendors and partners, chances are you’ve encountered your fair share of Service Level Agreements (SLAs). These contracts outline which routine services to expect from your vendors—and not much else. If you’re trying to optimize and evolve—something most IT teams strive to do—agreements with your IT vendors should go a step further and take a more forward-thinking approach. That’s why Ntirety is the first managed cloud service provider to offer Guidance Level Agreements (GLAs), giving customers better opportunities to reduce risk, optimize IT spend, and improve business agility.

But what exactly is a GLA, and how does it differ from a standard SLA? In a recent interview with our technology team, Ntirety Cloud Solutions Executive Mark Click broke down the details of GLAs, common feedback and questions, and real-world examples of customer success from the added support and insight a GLA brings.

What makes a GLA unique and special?

MC: SLAs typically focus on uptime of devices and other basic functions, but GLAs set desired business outcomes in four common areas of concern to customers:

  • Availability
  • Performance
  • Security
  • Cost

On a monthly and quarterly basis, customers receive actionable recommendations that deliver tangible improvements to their solutions and better ensure their success. As the only managed cloud services provider offering GLAs, Ntirety customers gain both a technical and business advantage over their competitors.

Without GLAs, the customer’s already overworked IT department is left to find improvements in availability, performance, security, and cost, but these areas are typically prioritized to the lowest levels until an event, such as on outage, poor performance, security breach, or out of control costs, impacts the customer’s solution. Our GLA ensures our customers that they have a true IT partner that will help them be faster and more secure.

What are common reactions from customers learning about GLAs? What are their common questions?

MC: The first reaction we receive is usually one of surprise. I hear a lot of “WOWs!” As we work closely with customers to identify and implement more actionable recommendations, customers feel the value of the partnership and the expansion of their IT teams’ capabilities.

The first GLA review with a customer typically results in the following questions:

  • How is the data collected and analyzed? Through our Monitoring Insights and Cloud Operations we gather extensive amounts of data regarding the utilization, health and security of each device in a customer’s solution. From there, we programmatically analyze the data and review with a joint team of experts to distill data into actionable recommendations.The amount of data we show the customers is impressive and can be somewhat overwhelming. This often leads customers to say, “My team could never get through all that,” which presents Ntirety the ability to support internal teams.
  • How do you know what the data is telling you/us? Over the past 20 years, we’ve developed an extensive knowledge base and set of best practices that allow us to quickly identify potential areas of concern and turn them into an actionable recommendations. Furthermore, our team is uniquely positioned to efficiently and effectively implement these recommendations for immediate impact to a customer’s solution.
  • Can you do this on systems outside of a Ntirety facility? Yes! Our systems are built to be deployed in any location on any cloud, HDC, AWS, Azure, customer on-prem, or even another cloud provider. This means that we can provide actionable recommendations for systems that are not in our facilities but are critical to a customer’s overall success.

What is a real-world example of a GLA in action?

MC: A Dallas-based roofing distribution company, was being pushed to go faster with less staff and investment. By leveraging the Monitoring Insights platform and our team of experts, they gained visibility to their solution. The Ntirety team identified potential capacity issues that could impact availability and performance. Additionally, this insight allowed us to map projects and future capacity needs so that we could accurately predict expansions of their solution. We were also able to identify underutilized devices and quickly right-size those systems, and reducing their monthly infrastructure fees.

Through GLA services, we continue to analyze security data that allows us to identify and remediate security challenges, from missing patches to misconfigured systems to potential holes in networking and applications. By routinely reviewing this data and providing actionable recommendations and remediation plans, SRS knows their solution is secure.

Unique, Industry-Leading Guidance for Your Business

Independently monitoring and improving availability, performance, security, and cost is possible, but IT teams are often unable to dedicate the time and resources to truly be this proactive. Finding the right support for your organization requires an in-depth understanding and strategic approach tailored for your business’ goals, solutions, and environments. By entering into a GLA, you can bring relief to internal IT departments and gain the insights necessary to achieve your company’s desired business outcomes.

Want to learn more about how a unique GLA would help improve and optimize your business? Hear more from Mark Click about Guidance Level Agreements in our on-demand webinar InnovationX2 – Doubling down to overcome cloud complexities, or contact us. 

Ntirety Proud to Be Recognized as a Top Employer in Canada

Ntirety is pleased to announce being officially selected as one of the winners in the Canada’s Top Small & Medium Employer category for 2019! Ntirety is proud to add the selection as one of Canada’s Top Small & Medium Employer to the other awards already achieved this year.

The Canada’s Top 100 Employers project is a national competition to determine which employers lead their industries in offering exceptional workplaces for their employees. It recognizes small and medium-sized employers across Canada that excel in various categories, such as benefits, culture, recognition, diversity, business milestones, and other aspects, that make a business outstanding to work for. Winning organizations are showcased in an annual magazine special, published this year in The Globe and Mail on April 12, 2019.

Applicants for the award were evaluated by editors of Canada’s Top Small & Medium Employers using the same eight criteria as Canada’s Top 100 Employers competition:

  1. Physical Workplace
  2. Work Atmosphere & Social
  3. Health, Financial & Family Benefits
  4. Vacation & Time Off
  5. Employee Communications
  6. Performance Management
  7. Training & Skills Development
  8. Community Involvement

Senior HR Generalist Yui Nonoyama says that Ntirety initiatives highlighted as part of the winning submission include Fun Fridays, where employees compete with themed costumes and workspace decorations; quarterly Hostie Awards and milestones recognitions; training and development, such as AWS certification training and bonus programs; and community service initiatives, like blood drives and annual toy drives. Team members can also find ways to reenergize with the onsite, multipurpose Zen room, an employee lounge with games, weekly team lunches, and access to a fully equipped, shared-use fitness facility.

Meeting the standards necessary to be recognized is familiar to the Ntirety team, both in offices today and from past competitions. Hostway (pre-merger) was recognized in the Small & Medium Employer category in 2017 and is proud to be honored for a second time. HOSTING has also previously been honored pre-merger as one of the Top 50 Best Medium-Sized Best Places to Work in the 6th Annual Glassdoor Employees’ Choice Awards.

With all the achievements made over the last few years, the Ntirety HR team felt amply prepared to apply to a Canada’s Top Small & Medium Employer award.

“We are constantly striving to improve our work culture and enable our people to be their best,” said Natasha Gordon, Senior Director of Human Resources for Ntirety. “We focus on creating a collaborative environment that fosters innovation and growth. This award is a reflection of the great people we have working for Ntirety across all locations that make up the industry’s best team.”

Ready to join an award-winning team? Ntirety offices in Canada and across the world are always looking to talented people just like you! Check out our current job listings, which are updated daily.

Doubling Down to Overcome Cloud Complexities – Webinar Recap

 

Overcoming cloud complexities is no easy feat, but successfully navigating enterprise IT is possible with the right partner to guide the way. The recent Ntirety merger brings organizations the combined experience, workforce, and global presence to be that trusted partner for managed cloud solutions.

To learn how your company can leverage our expanded services portfolio and tool set to tackle common challenges and complexities, watch our most recent webinar, InnovationX2: Doubling down to overcome cloud complexities, presented by Chief Operating Officer Don Barlow and Cloud Solutions Executive Mark Click. Watch the on demand webinar here.

Solutions to Fit Your IT Needs

From initial migrations to fully managed cloud operations, Ntirety is delivering more extensive offerings to reduced risk, optimize IT spend, and improve business agility, including:

  • Cloud Operations
  • Monitoring Insights
  • Recovery Services
  • Managed Security
  • Compliance
  • Database Services

To find out how these IT solutions can transform your business, contact us today for a free consultation.

Shifting to the Sky: Where Do Cloud Trends Leave Traditional Data Centers?

In a newly published article for Ping! Zine, an online industry magazine that covers news and thought-leadership on all things IT and cloud management, Hostway|HOSTING President and CEO Emil Sayegh shared perspectives on the current state and outlook for the data center industry. While Gartner recently made the bold claim that the data center is dead, Shifting to the Sky: Where Do Cloud Trends Leave Traditional Data Centers? dives deeper to see what is driving the decline of data center use and, more importantly, if enterprise companies should consider jumping ship as a result.

Reflecting on the current IT environment and its rapid expansion, Emil gives insight on topics affecting the viability of the data center, including:

  • Growing energy usage and costs
  • Mounting demands of modern technology
  • The resolutions—or lack thereof—provided by alternative options
  • Whether or not achieving balance is possible

To read more about the impact of cloud technology on the traditional data center and what these changes mean for your organization, read Emil’s article now »  

HIMSS19 Recap Overview

With thousands of attendees from around the world, it’s no surprise that HIMSS19 was a whirlwind in Orlando over February 11-14, 2019. Exploring the maze of interactive booths and sitting in on thought-provoking sessions, the Ntirety team gathered many insights and consistently heard the common themes of alignment and collaboration rise to the top of each conversation.

From integrating the latest technological tools to keeping up with security requirements for compliance, our overarching takeaway from HIMSS19 is that alignment and collaboration with stakeholders across the broad, including internal teams, departments, vendors, and partners, is crucial for any healthcare organization to function successfully.

Innovations Take the Stage, But Legacy Challenges Still Resonate Internally

On the exhibition floor, a myriad of new equipment and gadgets using the latest in artificial intelligence, virtual reality, and more were on display, but during the speaking sessions, the focus was more often directed on current issues rather than the newest innovations. For instance, solving the persistent security problems plaguing legacy systems proved to be a hot topic. Rod Piechowski, Senior Director of Health Information Systems at HIMSS, shared results of the HIMSS 2019 Cybersecurity Survey on this increasingly common issue:

“People are up against a lot of change in a short amount of time,” emphasized Piechowski. “Not just implementing technology, but now being asked to support and secure, and it just takes time.”

Learn more about strategies to overcome these challenges from HIMSS19 presenters and more survey responses in our Day One Recap »

Building Better Visibility for All to Better Security and Compliance

Visibility into the IT systems, processes, and practices currently in use at health organizations is vital for internal teams to gain insight and continuously improve, but also when external regulators call for inspections or audits. Meeting and maintaining the standards of HIPAA compliance requires internal healthcare teams to have a thorough understanding and alignment of their networks. To gain this alignment and work towards meeting compliance, Adam Greene, JD MPH of Davis Wright Tremaine, LLP encouraged health organizations to conduct risk assessments, gap analysis, and data mapping to find the weaker points in their security.

“More and more laws are calling for a level of data mapping,” shared Greene during his session, Turning Good Information Security into Good HIPAA Compliance. “And this is something more and more organizations need to focus on.”

Discover recommended tasks and practices to gain visibility so your organization can maintain strong security and compliance standards in our Day Two Recap »

Seem Unmanageable? Collaborate and Assess for Better Control

Efforts to gain better visibility often result in the uncovering of security gaps and inefficiencies in workflows. These systematic issues seem may seem unmanageable, even overwhelming, for health organization of all sizes, but solutions are possible when IT teams, executives, vendors, and other stakeholders come together to collaboratively conduct methodical assessments and follow defined processes. In the session Streamline PCI Compliance in a Diverse Hospital Environment, Philip Napier described the collaborative working environment between different departments at his organization Bon Secours Health System, Inc.

“I’m very fortunate in my organization to have a CIO, Chief Information Officer, and CFO [that have] a great working relationship,” Napier shared, explaining that even when responsibility is delegated departments still look to each other for help.

Why should collaboration and alignment be top-priority goals for every health organization? Find out in our Day Three Recap »

Beyond HIMSS19

While touring the latest in technology and getting sneak peaks at new tools under development was a highlight at HIMSS19, the numerous sessions and panels provided the greatest takeaways for the Ntirety team. Understanding the top challenges and goals for organizations across the healthcare industry allows our HITRUST-certified and HIPAA-compliant experts better tailor more innovative strategies to organizations like yours.

Want to learn more about implementing technologies and best practices from HIMSS19? Explore what our expanded, end-to-end suite of managed cloud solutions can do for your organization »

HIMSS Day Three Recap – Thursday 2/14

On the final day of HIMSS19, professionals across the healthcare industry shared their real-world experiences tackling specific security and compliance challenges. Putting a microscope to these IT issues, presenters on day three in Orlando shared that it can be overwhelming—even uncomfortable—for organizations to evaluate existing networks, implement the latest innovations, maintain compliance, and more. Yet the overall takeaway from their experiences is that by establishing and following defined processes, organizations can fill security gaps for more efficient, protected, and compliant outcomes.

1. Good Intentions Aren’t Enough to Meet PCI Compliance 

Healthcare organizations often have multiple credit card processing models and merchants throughout different departments, making them unique compared to retail organizations that often have only one, explained Jon Bonham of Coalfire and Philip Napier of Bon Secours Health System, Inc. This plethora of payment processors and transaction systems can be overwhelming to keep track of—let alone standardize—to meet PCI compliance (regulatory requirements that healthcare organizations must follow when taking patient and vendor credit card information). Beyond being unable to maintain PCI compliance, disorganization across point-of-sale systems and merchants can pose a threat to the security of credit card data, as well.

In addition to making sure your systems are properly protected with the right technology, it’s equally important to make sure that employees are aware of compliance regulations and follow them carefully. Even when they have the best intentions, those that aren’t properly educated also put credit card data at risk. The most common weaknesses are found when payment data is improperly stored, information is processed in flat networks, or payment information is sent by email.

“People are just trying to help,” Napier empathized. “They’re trying to help a patient pay their bill, they’re trying to help the hospital get the money, they’re trying to get the work done so they can do the rest of their work. They’re just trying to help.”

To help organizations lock down unsafe practices and bring diverse systems up to PCI compliance, Napier and Bonham stressed the importance of assigning responsibility and inventorying all existing processes to identify gaps. While unifying these systems may not be possible for large health institutions, setting similar processes between departments and assigning clear responsibilities can set a path to PCI compliance for healthcare organizations—with lots of testing and collaboration along the way.

2. One Use Case Does Not Fit All When It Comes to Big Data

Healthcare technology trends like big data appear to offer boundless opportunities for healthcare organizations to leverage information, but harnessing big data has proven to be a challenge for many, shared Sam Kalbag. During his session, Solving Emerging Big Data Challenges in Healthcare, he noted that healthcare organizations often set expectations too high, discover that their numbers aren’t actionable, or simply don’t see a decent ROI. For many IT teams working in and with healthcare institutions, finding the best use of innovations like big data, machine learning, and artificial intelligence can often get buried under existing management tasks built into workflows and processes.

Kalbag found that if healthcare organizations and healthcare technology companies turned their big data focus away from patient information and instead look at internal data, they could unlock ways to optimize their own inefficient workflows. To prove his point, he highlighted Cerner, an EHR company that shifted from a traditional database to a cloud-based platform. After the switch, their system was flooded by users all trying to access their tools at once. With the system strained to capacity, the IT team decided to take a step back and evaluate their users to improve their workflow and find a solution. By collecting data and analyzing how much time was spent in each application and program by doctors and clinicians, Cerner was able to determine usage, improve processes, and close gaps in their workflows for more efficiency. Ultimately, their experience shows that for organizations to make the most of big data, different perspectives can help make complex challenges more manageable.

3. For the Best Defense – Think Like a Hacker

Remote access is widely used by and highly useful for healthcare organizations across the world, allowing users to access information from other networks without being directly connected. Yet by its very design, remote access can be like a door for hackers with its ports, services, and protocols, explained Jen Stone from SecurityMetrics in her presentation Remote Access Security: An Ethical Hack Demo. To adequately eliminate doors or gaps in remote access, Stone urged healthcare organizations to conduct a risk assessment—and to think like a hacker. She noted that those in the healthcare industry often don’t like to take that perspective, but she emphasized that it is an effective way to find vulnerabilities that could otherwise be overlooked.

“Think of it more like a game, like escape rooms. You’re not actually locked up, but you can still go through the process,” Stone explained. “You can do the same thing with your risk assessments by thinking like a hacker.”

Following a diligent process like a risk assessment helps organizations protect and establish better security, which is an important component of meeting HIPAA compliance. Although the exercise might be uncomfortable or even strenuous for organizations, like Doron Kolton’s deception defense from his session on Day Two, these security strategies provide more proactive protection against hackers and other forms of cyberattacks.

Reflecting on HIMSS19

This week, our team had the pleasure of joining 45,000 healthcare IT professionals for innovation, education, and plenty of memorable moments. While the evolution of technology never slows—especially in the healthcare industry—Ntirety is excited to be a part of that ongoing conversation. We look forward to bringing the next great tech trend to life for organizations and partners around the world!

Ready to implement the latest healthcare innovations and need expert guidance? See how Ntirety’s newly expanded, end-to-end suite of managed cloud solutions reduce risk, optimize IT spend, and increase business agility.

 

HIMSS19 Day One Recap – Tuesday 2/12

Innovation and healthcare breakthroughs are around every corner at HIMSS19, but at the root of each achievement lies a challenge the healthcare IT industry had to overcome. The strategies and solutions used to combat these challenges took center stage today, and the Ntirety team met with healthcare leaders and professionals from around the world to gather takeaways on the latest new tools and ways to incorporate them into existing infrastructure.

1. Telemedicine Opens CommunicationDon’t Be Challenged by Downtime 

Communication is a hot topic in healthcare—so much so that a recent HCAHPS survey focused 60% of its questions on the subject. The growing popularity of telehealth and telemedicine further illustrate this trend; the tools have exceedingly become a go-to method to facilitate communication between providers and patients, as well as between multiple providers. But as speaker Jamey Edwards of Cloudbreak Health stressed in during his session at HIMSS19, for an organization to implement telemedicine, downtime is unacceptable.

Edwards pointed out to attendees that to adopt and adequately support telehealth tools and mitigate the risk of downtime from lagging or overloaded systems, health organizations need to consider the capabilities of their existing legacy infrastructure and hardware, as well as the cost and efficiency of post-implementation management.

While telehealth enables a new level of communication between patients and providers, our takeaway for this tech trend is that coordinating and implementing these new technologies requires the right expertise and experience to complete efficiently and maintain uptime.

2. From Classic to CompliantIT Management Should Cover It All

During the Monitoring Medical IT Lightning Session, Paessler AG’s Greg Ross and Johannes Liegert shed light on the often disjointed processes healthcare organizations carry on as they implement new software and tools within legacy environments.

Merging security standards between “classic” IT systems (hardware, infrastructure, etc.) and healthcare’s compliance-intensive IT tools (software, wearable IoT devices, etc.) can take monitoring and management to a whole new level for IT teams. While the two systems must work together, managing them can result in duplicated tasks and inefficient tactics. Rather than operating as two separate processes, Ross and Liegert suggest shifting to a comprehensive management plan that builds on “classic” IT monitoring strategies while integrating the monitoring practices of new healthcare IT tools. Gaining visibility and context on how these new layers of technology—especially with IoT devices—interact within the existing framework can give IT teams better processes to manage, monitor, and protect their health company’s IT entire ecosystem.

3. Survey Says: More Proactive, But Still Lagging with Legacy

HIMSS is world-renowned for presenting the latest and greatest for healthcare IT, as well as collecting objective data that helps guide tomorrow’s innovators. During his presentation of the HIMSS 2019 Cybersecurity Survey, Rod Piechowski, Senior Director of Health Information Systems at HIMSS explained that while there were several positive trends, new survey questions revealed challenges that may be all too familiar for some organizations:

  • Although 74% of respondents experienced a significant security threat within the last 12 months, the most significant incidents were discovered by internal staff, marking the spread of a more proactive approach to security.
  • Further, 59% of respondents feel empowered to drive change throughout their healthcare organization; many have even seen an increase in IT budget allocations for cybersecurity.
  • For the first time, the HIMSS Cybersecurity survey asked respondents about use of legacy systems and found that 69% have at least some legacy systems currently in their organization; further, the survey found that 33% of respondents had legacy systems embedded in medical devices and 20% of respondents were using legacy systems for their HVAC systems.

While results showed significant, positive strides for internal teams in regards to security, uncovering statistics on the amount of legacy systems still in use shines light on a persistent issue—the time and effort it takes to bring these systems up to security and compliance standards. With regulations constantly changing, it is a constant uphill battle to protect legacy systems and keep them compliant, which is a drain on company time and other resources—a challenge the Ntirety team has encountered with our customers before. Knowing this, our takeaway from these survey results is that more organizations will start actively addressing this issue by searching for more efficient solutions.

Looking Ahead at HIMSS19 

Overall, while the challenges of working with existing infrastructure and legacy systems may be daunting, organizations that are ready to jump on new technology can achieve success with the right support and expertise to guide the process and manage the environment post-implementation. When internal IT teams don’t have the time or skills to manage migrations or maintain hybrid environments, outsourcing is a viable option moving forward.

With Day One down, the Ntirety team looks forward to more lightning sessions and deep dives into the innovations and challenges facing the healthcare industry today.

Learn more about strategies and solutions to overcome health IT challenges from HIMSS19 presenters in our Day Two Recap » 

 

HIMSS Day Two Recap – Wednesday 2/13

The rainy Florida weather did not dampen the spirits of attendees on day two of HIMSS19. For the Ntirety team attending sessions and workshops, the midweek focus centralized on visibility in technology, including cybersecurity, compliance and emerging innovations. With this theme in mind, here are our takeaways for Wednesday, February 13:

1. Visibility Leads to More Aggressive Security

The continuous expansion of communicating networks within healthcare opens new channels for attacks, explains Doron Kolton, Chief Strategy Officer of Emerging Technologies at Fidelis Cybersecurity. The more visibility organizations have into their web of connected systems, the better they can find data and potential entry points that would be most appealing to attackers.

“Knowing what attackers desire creates an opportunity for an active defense,” emphasizes Kolton. “To lure, detect, and defend.”

Achieving this deception defense strategy starts with data mapping your organization’s networks and connected systems, identifying weak links and vulnerabilities, then using decoys or honeypots to ensnare would-be attackers, effectively employing more aggressive cybersecurity.

2. Always See Security Through to Compliance 

Security and compliance are often synonymous in conversations about healthcare technology; yet, bringing an IT security plan up to compliance requires organizations to take a hard look and truly assess the situation, noted Adam H. Greene, JD, MPH. In his session, Turning Good Information Security Into Good HIPAA ComplianceGreene pointed out that conducting risk assessments and routine gap analysis brings visibility for internal teams to evaluate security measurements and defend against data breaches or compromises. Documenting and preemptively studying audit protocols helps organizations ensure their risk management plans meet compliance standards; however, if a data breach does happen—Greene warns “not if, but when”—these tested and documented assessments can provide helpful visibility for regulators and auditors.

“Hindsight is always 20/20. After the breach has occurred, it is always very easy to go back and say you should have done this differently,” explains Greene. “Versus [saying] you guys aren’t looking prospectively.”

3. Shining Light on Cloud Solutions in Lightning Sessions

One of the most popular ways to quickly digest information at HIMSS is through the conference’s Lightning Sessions, where presenters have 20 minutes to share on a variety of topics and discussions. In a series of quick sessions all focused on emerging cloud solutions in healthcare, presenters from Google Cloud shared new tools that aim to bring healthcare teams together and protect data, granting better visibility to different systems and processes.

More consumers expect the healthcare experience to mirror other industries with one-click options and instantaneous results, yet with often-segmented systems of tools in use, health organizations struggle to meet patient expectations. Through Google’s cloud-based tool, Chrome Enterprise for Healthcare, providers hope to connect data between systems more efficiently, delivering the information and enabling visibility at the speed patients are now accustomed to.

Google is also tackling machine learning within healthcare. Machine learning can provide researchers with a gold mine of information, but collecting and combining data sets is a cumbersome—and sometimes muddled—process. Harmonization of data through cloud-based tools from Google provides researchers with the insights necessary to redact sensitive and non-relevant data points and filter them into usable, more protected data sets for machine learning and AI analyzations.

Looking Ahead at HIMSS19

Although day two started off cloudy in Orlando, inside the convention halls at HIMSS19, thought-leaders and innovators illuminated audiences about security, compliance, and cloud solutions. For Ntirety, the greatest takeaway was the common session theme of visibility in systems and processes and the importance it carried throughout health organizations, from patient care to research.

With the day three on the horizon, the Ntirety team looks forward to our final round of sessions and another busy networking day with our fellow attendees.

Need help implementing more aggressive security, compliance plans, or database tools? Contact us today for an assessment from our team of experts!