Cloud-based office solutions under increasing attack – Beazley Breach Insights

Beazley breach insights – April 2018 Cloud based office solutions under increasing attack

Specialist insurer Beazley has reported that the number of business email compromises is accelerating, particularly for those organizations using Office 365, the popular cloud-based solution for Office applications and other Microsoft productivity services. These hack and malware breaches accounted for 13% of incidents reported to its Beazley Breach Response (BBR) Services team during the first quarter 2018. The three sectors most affected were financial services, healthcare and professional services.

In BBR Services’ experience, these incidents are usually caused by an employee clicking on a link in a phishing email, HelpDesk message, or Microsoft survey. After clicking on the link, the employee is redirected to a legitimate-looking website and asked for email credentials. The hacker then harvests those credentials and logs into the mailbox undetected.

In general, email compromises are on the rise because they are relatively easy to carry out and threat actors are able to use the email accounts for a variety of purposes. Once in the mailbox, the attacker may run searches to steal personally identifiable information. The attacker may also steal bank information to send emails requesting fraudulent wire transfers. Additionally, attackers frequently search the inbox to determine what HR and benefits self-service portal the employer uses, and then requests a password reset for the user in that system. Once in the self-service portal, the attacker redirects the employee’s paycheck to one of their accounts. Finally, the attacker often sends spam emails to all of the user’s contacts in an attempt to get others to give up their credentials as well.

Katherine Keefe, global head of Beazley Breach Response Services, said: “The number of compromised email accounts is accelerating but simple steps such as frequently changing passwords, having dual-factor authentication and removing auto-forwarding or auto-delete rules can help reduce vulnerabilities. With privacy regulations becoming more stringent and the public demanding greater accountability for their personal data, it is more important than ever for organizations to secure their lines of defense.”

A large majority of breaches that the BBR Services team has worked on have involved Office 365. The default settings on Office 365 do not typically include the logging necessary to rule out a compromise of all emails in an inbox. Fortunately, BBR Services has identified several forensic partners that have created a tool to gain access to additional logs through Microsoft. With this additional insight, the number of affected individuals often drops, along with forensic and notification costs. Organizations can protect themselves against these attacks by doing the following:

  • Require two-factor authentication for access to Office 365.
  • Microsoft provides a tool called Secure Score that can be used by anyone who has administrative privileges for an Office 365 subscription. It assists not just in analyzing, but also with implementing best practices regarding their Office 365 security.
  • Enforce strong password policies. Educate employees about the risks of recycling passwords for different applications.
  • Alert employees who have access to accounts payable systems or wire transfer payments about these types of scams.
  • Train all employees to beware of phishing attempts.
  • If you use cloud-based platforms, investigate what logging is available and make sure it is enabled. For instance, if you’ve migrated from on-premises Exchange to Office 365, audit your security settings, which are reset to default settings during migration. In Office 365, you must turn on audit logging in the Security & Compliance Center.
  • Work with your cloud provider’s technical team to determine what activities are logged and ensure you have the visibility you need, for the monitoring period you need.
Higher Education Incidents, Q4 2017

The top two causes of data breaches reported to BBR Services in Q1 2018 were hack or malware (42%) and accidental disclosure (20%), consistent with incidents reported in Q4 2017. Social engineering and disclosure by insiders were the next highest cause of incident, each at 9%.

Higher Education Incidents, Q1 2018

Hacking and malware incidents were up from Q4 2017 to 47% of the total number of incidents for higher education establishments. Also compared to Q4 2017, accidental disclosure recorded a 5 percentage point drop to 20% while social engineering plateaued at 9%.

Financial Services Incidents, Q1 2018

Over half (55%) of all data breach incidents reported to BBR Services in Q1 2018 were caused by hacking or malware, similar to the 53% recorded in Q4 2017. The number of social engineering incidents, which accounted for one in five breaches (20%) in Q4 2017, almost halved to 12% of the total in the quarter.

Healthcare Incidents, Q1 2018

Accidental disclosure (29%) and hacking or malware (29%) endured as the most frequent causes of data breach in the healthcare sector in Q1 2018, at a combined 58% of the total. A slight reduction in the number of breaches caused by insiders from 19% in Q4 2017 to 15% in Q1 2018 is to be welcomed.

Professional Services Incidents, Q1 2018

There were two striking features of data breaches reported by professional services firms to BBR Services between Q4 2017 and Q1 2018: the number of breaches due to the loss of portable devices and due to accidental disclosure both doubled, while the number of social engineering incidents almost halved.

 

Source: Beazley breach insights – April 2018

Advertisements

Core Transformation: Reinventing the Back Office – CIO Journal – WSJ

Digitizing core systems and processes may not get the same attention—or levels of investment—as customer-focused transformation. However, smart CIOs are leading the charge to re-engineer how back-office work gets done, harnessing emerging technologies and building the foundation for a more dynamic enterprise ecosystem

It’s no surprise that the first wave of digital transformation focused on the most visible customer-facing functions, but IT leaders are now turning their attention to reinventing heart-of-the-business operations.

For many in the business and tech worlds, the word digital conjures thoughts of the marketing, sales, and customer experience initiatives that have dominated business mindshare—and investments—to date. It only makes sense given the imperative for organizations to improve engagement with their key constituents, be they customers, patients, citizens, or business partners.

However, savvy CIOs quickly realized that any effort to transform their customer-facing systems and processes would be limited without equally effective and integrated back-office operations. That digital interconnectedness is required to make key data and intelligence residing in the core—related to pricing, product availability, logistics, quality, financials, and more—available to customercentric operations.

Tying together enterprise functions and the core is a start, but it only scratches the surface of the digital transformation opportunity. Over the next 18 to 24 months, CIOs, CFOs, and supply chain leaders will begin developing new digital capabilities in their core systems—and not simply new point solutions or shiny digital add-ons. They will begin constructing a new core in which automation, analytics, real-time analysis and reporting, and interconnections are baked into systems and processes, fundamentally changing how work gets done.

More Meaningful Change

Efforts to digitize core business processes are hardly new. Over the last two decades, companies have invested in ERP implementations, large-scale custom systems, and business process outsourcing to transform their core operations. Some of these investments delivered tangible benefits, such as standardized workflows and automated tasks. Others created unintended side effects, such as subpar user experiences, rigid operating procedures, or even stagnation because needed changes were too costly or difficult to implement.¹

This time, it’s different. In the coming months, CXOs will target core business areas such as finance and supply networks for meaningful change. Rather than focusing on discrete tasks or individual tools, they will broadly explore digital technologies capable of supporting global ecosystems, platform economies, complex operational networks, and new modern workplaces.

Individual emerging technologies will still have a role to play as essential enablers. Blockchain’s distributed ledger, for example, has promising implications for trade finance, supply chain validation processes, and other areas. Yet blockchain alone is only one component in a more dynamic, interconnected core stack. As companies begin their core transformations, it will be critical to understand how individual innovations can work in concert with existing capabilities to drive business value.

The Future of Digital Finance

New core principles can be applied to all heart-of-the-business functions and processes. However, focusing on a couple of areas with long histories of technology-enabled transformation, such as the finance function, can help to illustrate the changes ahead.

For finance organizations, the digital revolution presents both significant opportunities and nagging challenges. Exploding volumes of structured and unstructured data contain insights that could transform business and operating models. By harnessing digital technologies and enhancing existing analytics capabilities, finance could become the enterprise’s go-to source for strategic advice. At present, however, many finance organizations struggle with the data they have, lacking the technologies and skill sets to capitalize on this opportunity.²

Nonetheless, forward-thinking CFOs and CIOs are charting a course toward a digital future built on interconnected and automated systems, unified data sets, and real-time analysis and reporting. Though the specifics of the digital finance organizations will vary by company, they will share the following characteristics³:

Agile and efficient. New product integration and upgrades are faster and more effective thanks to the utilization of public, private, or hybrid clouds.

Increasingly automated and intelligent. Robotic process automation (RPA) enables increased efficiencies and lowers operating costs. Cognitive computing capabilities simulate human intelligence, grinding through mountains of data to automate insights and reporting in real time.

More detailed and accessible insight. Predictive algorithms and visualization technologies enable more seamless oversight, planning, and decision-making by planners and analysts. Advanced analytics illuminates connections and trends buried within data for more detailed, accurate, and efficient reporting.

Built for big data. Next-generation technical architectures can handle massive data sets without sacrificing availability, timeliness, or the quality of books and records.

Dynamic Digital Supply Networks

The digital revolution is driving profound change in every core function, but perhaps none more so than the supply chain. The traditional supply chain was built to support a linear progression of planning, sourcing, manufacturing, and delivering goods. Supply chain systems enabled large numbers of transactions for each of these functions and their dependencies.

With the rapid digitization of the enterprise, this model is giving way to a more fluid system in which data flows through and around the nodes of the supply chain—dynamically and in real time. This interconnected ecosystem economy calls for more efficient and predictive digital supply networks (DSNs) with the following characteristics:4

Always-on agility and transparency. Integrating traditional data sets with data from sensors and location technologies provides visibility into all aspects of the network. DSNs can dynamically track material flows, synchronize schedules, balance supply with demand, drive efficiencies, and rapidly respond to changing conditions or disruptions.

Connected community. Multiple stakeholders—suppliers, partners, customers—can communicate and share data directly.

Intelligent optimization. By connecting humans, machines, and analytics, DSNs create a closed loop of learning, which supports on-the-spot human-machine decision-making and solving challenges such as commodity volatility, demand forecasting, and supplier-specific issues.

Holistic decision-making. More transparent supply chain processes result in improved visibility, performance optimization, goal setting, and fact-based decision-making.

Where to Begin

Creating a new core is neither a marathon nor a sprint—rather, it’s a series of sprints toward a long-term goal. As you begin exploring digital possibilities, the following steps can help you get off to a good start.

Study the masters. If you haven’t already, create a small cross-functional team to help you understand digital transformation possibilities. Chances are, peers in other parts of the company are already leading digital initiatives. Talk to your colleagues and learn from their successes—and their failures.

Map the journey. Make a transformation plan for your function, focusing first on applications that have proven clear winners in other organizations. This can serve as a master blueprint, but remember to execute it one step at a time. Things are changing fast in the digital world.

Be realistic. Before committing to bold visions of digital grandeur, consider the hardest part of the equation: Where do your people, organizational structure, processes, and technology fit in this brave new world? Many established assets can serve as building blocks for the new core, but make sure any modernization needs are well understood before provisioning budget and locking down milestones.

Start cleaning data. Data is the lifeblood of the digital core—and a potential source of trouble in any new core initiative. The data needed for use cases may be siloed and rife with misspellings, duplicate records, and inaccuracies. Consider creating a cognitive data steward to automate the tedious process of resolving data issues.

*****

Many boardrooms may lack the appetite to fund expansive—and expensive—transformations, particularly when the focus is back-office operations. Nonetheless, as digital’s disruptive march across the enterprise continues, digitizing the core presents a host of potentially valuable opportunities to redefine heart-of-the-business work and establish a better foundation for customer-facing innovation and growth.

—by Bill Briggs, chief technology officer, Deloitte Consulting LLP; Steven Ehrenhalt, principal, Deloitte & Touche LLP; Doug Gish, leader, Deloitte Consulting LLP; Adam Mussomeli, principal, Deloitte Consulting LLP; Anton Sher, principal, Deloitte Consulting LLP; Vivek Katyal, principal, Deloitte Advisory; and Arun Perinkolam, principal, Deloitte & Touche LLP

Source: Core Transformation: Reinventing the Back Office – CIO Journal – WSJ

The rise of the exponential professional – Deloitte

This post is the first in a three-part series on the exponential professional, focused on ways exponential technological growth might impact professionals in the workplace of the future. Posted by …

The rise of the exponential professional

This post is the first in a three-part series on the exponential professional, focused on ways exponential technological growth might impact professionals in the workplace of the future.

Posted by Darryl Wagner and Caroline Bennet on March 1, 2018.

AI. Automation. Machine Learning. Natural Language Processing & Generation. New technology is rapidly disrupting and transforming the nature of work and the identity of professions by enabling humans and machines to work together, side by side. A new breed of professional is rising to navigate this shifting landscape by embracing technology, leaving behind traditional tasks, and applying a uniquely human skill set to focus on higher-value, strategic roles. Enter the exponential professional.


The professional of today might assume that automation only affects nonprofessional workforce segments. Certified professionals such as lawyers, doctors, actuaries, and accountants may feel especially immune to these effects. However, exponential technologies are ushering in sweeping changes for professionals across all levels and industries.

For example:

  • Cognitive computing – Machines will analyze data sets, identify and apply new algorithms to process data, make decisions, and flag exceptions.
  • Process automation – Push a button and maintaining process will become a thing of the past
  • Image processing – Assessing hazards and risks such as determining if properties are made of stone or glass
  • Natural Language Generation – machines writing intelligent memos and communicating findings
  • Virtual reality can give professionals a better understanding of their colleague’s jobs. A call center representative could virtually follow people or processes, transforming their scripts into experience

Getting beyond fear
Professionals’ first reaction to realizing that technology can replace human tasks in their workplace may be fear—the fear of job insecurity coupled with anxiety over their place in the workforce. A look back at a major revolution of the past, the computer revolution, may help alleviate such concerns. During the computer revolution, bank usage of ATM’s exploded. However, instead of reducing the headcount of employed bank tellers, banks used the new technology to open more branches, which led to more jobs. From 1970 to 2010, the number of bank tellers in the United States increased from just under 300,000 to around 600,000.1 This widespread rollout also enabled tellers to take on more complex customer requests, such as new product inquiries.

While technology reduces the need for certain roles, it is often a catalyst for growth in other areas. Upon reviewing UK census data, Deloitte UK discovered that technological advances between 1992 and 2014 caused decreased agriculture and manufacturing employment that were offset by rapid growth in the health care, creative, technology, and business services sectors. The net change was a 23 percent increase in jobs.2 Additionally, there are countless other examples of jobs created in the last decade that are a direct product of technology revolution: mobile app developer, rideshare driver, social/digital media marketer, social media manager, data scientist, chief sustainability officer, drone operator, blogger. While each of these is new and different, each has roots in “old world” jobs with transferable skills: software developer, taxi driver, print marketer, publicist, actuary, environmental activist, pilot, freelance writer. Research suggests this pace of change is set to accelerate with nearly 65 percent of children entering primary school today predicted to end up working in completely new job types that do not yet exist.3 As such, the professional of today should recognize that just like the introduction of computers, the introduction of exponential technologies expands the frontier of opportunities for the business professional.

Just as robots changed the look and feel of a factory, new technologies and the digital revolution will impact the future of the workplace for many professions. For example, augmented and virtual reality will upend learning in the workplace by enabling learners to experience near real-world scenarios in the safety and methodical manner of a simulation.4 This is already being applied in the training of mining personnel where virtual environments can be used to build experience without the need to navigate hazardous environments.5

Similarly, finance professionals can harness cognitive data analytics technologies to automatically prepare and cleanse data, evaluate or identify drivers of results, and document findings. This will enable these professionals to focus their attention on higher cognitive activities.6 By replacing manual processes with machines, talented business professionals can focus on processing exceptions, interpreting and communicating results, and driving forward-looking strategic actions. Integrating machines with people and process can improve the quality of basic data processing, but can also significantly shift the strategic output capacity of any process by focusing talent on more strategic objectives.

A changing workforce
Technological advances are combining with generational changes that will disrupt how companies source talent—and even the very definition of an employee. Traditionally, companies have employed legions of full time, “on balance sheet” staff with set benefits and salaries. However, many companies have turned to alternative talent sources, such as crowdsourcing, to solve problems and create new ideas. A recent study by Harvard and Princeton economists showed that 94 percent of net job growth from 2005 to 2015 was in “alternative work,” or independent contractors and freelancers.7 As technology advances, more and more professionals are expected to join the gig economy, where they may negotiate short-term contracts, work for multiple employers, and diversify their project portfolio. The move to the gig economy is only partially driven by technology. The cofactor to technology is a Millennial mind-set shift toward the workplace. Millennials value work-life balance, flexible hours, ability to work from home, sense of meaning, and a variety of experiences.8 These values are often likely to be satisfied in an alternative work arrangement.

Anticipated implications
So, what are the anticipated implications for the professional of today? First, many tasks traditionally performed by humans will be performed automatically. This means that professionals can adjust their focus toward augmenting process with tasks that require uniquely human skill. Second, alternative work arrangements will bring about changes to companies’ organizational structures, operating model, and how professionals interact with their employers. Third, industry views on professionalism will need to evolve.9 Standards for how professionals leverage, trust, rely on, and interact with automated processes will need to be defined. This includes adapting employee training, which traditionally focused on creating technically sound individuals, and rethinking professional standards.

Let’s look at an exponential professional in action: an exponential actuary…

  • Uses Natural Language Processing to autogenerate reports before breakfast
  • Helps save hundreds of hours a year by relying on bots to automatically generate and QA data and perform analysis
  • Focuses efforts on high-value activities such as designing analysis and interpreting results

 

Exponential technologies are beginning to transform the workplace by efficiently and economically automating many human tasks and facilitating alternative work arrangements. These changes enable the rise of a new adaptive, innovative, and strategic professional—the exponential professional—assisted by and working with technology to create unprecedented value.

Next up: In the second post in this three-part series, we’ll discuss the expectations and responsibilities of the exponential professional.

Darryl Wagner is a principal in Deloitte Consulting LLP and the Global Actuarial, Rewards & Analytics Leader and US ARA Insurance Services Leader.

Caroline Bennet is the National Leader of Deloitte Actuaries & Consultants, the Insurance Leader for Deloitte Australia, and Leader of FSI Consulting, and is a member of the Global Deloitte Actuarial, Rewards and Analytics Executive Team.

Contributors: James Dunseth, Trent Segers, Wes Budrose, Nate Pohle, Ajay Parshotam, Mehul Dave, and Corey Carriker


1 http://www.aei.org/publication/what-atms-bank-tellers-rise-robots-and-jobs/

2https://www2.deloitte.com/content/dam/Deloitte/uk/Documents/about-deloitte/deloitte-uk-technology-and-people.pdf

3 http://reports.weforum.org/future-of-jobs-2016/chapter-1-the-future-of-jobs-and-skills/#hide/fn-1

4https://www2.deloitte.com/content/dam/Deloitte/us/Documents/human-capital/us-cons-hc-welcome-to-virtual-reality.pdf

5 http://www.miningmagazine.com/future-of-mining/future-of-mining-investment/immersive-virtuality-enters-mining/

6 http://reports.weforum.org/future-of-jobs-2016/skills-stability/

7 From Deloitte Review, Issue 21. Navigating the Future of Work [Page 36]

8https://www2.deloitte.com/content/dam/Deloitte/global/Documents/About-Deloitte/gx-millenial-survey-2016-exec-summary.pdf

9 https://analytics-blog.deloitte.com/2017/05/19/who-determines-ethics-in-a-machine-run-world/

 

Source: The rise of the exponential professional – HR Times – The HR Blog

AAFP Urges Improvements to Fledgling Patient Data Initiative

The AAFP made detailed suggestions to improve CMS’ recently announced initiative to improve patients’ access to and control of their electronic health data.

March 22, 2018 04:11 pm News Staff – The AAFP is working to propel a new CMS initiative meant to give patients better access to — and control of — their health care data into action that improves patient care and reduces physicians’ administrative burden.

CMS Administrator Seema Verma, M.P.H., publicly unveiled the MyHealthEData Initiative(www.cms.gov) on March 6 during a speech(www.cms.gov) at the Healthcare Information and Management Systems Society annual conference in Las Vegas.

She told her audience the United States will never achieve the long-sought goal of value-based care “until we put the patient of the center of our health care system.”

Verma said the Trump administration is determined to ensure that patients “have the information they need to be engaged and active decision-makers in their care.”

A CMS press release(www.cms.gov) noted the initiative is headed up by the White House Office of American Innovation with active participation from HHS, CMS, the Office of the National Coordinator for Health IT, NIH and the Department of Veterans Affairs.

STORY HIGHLIGHTS

  • The AAFP recently responded to CMS’ announcement about its MyHealthEData Initiative with a letter outlining suggested improvements.
    In a letter to CMS Administrator Seema Verma, M.P.H., the AAFP urged CMS to require vendors to provide any new government-required updates to electronic health records systems without additional cost to medical practices.
  • The letter also urged the agency to utilize the AAFP’s Principles for Administrative Simplification to reduce physician documentation requirements.
  • Midway through her speech, Verma related a personal story about a recent out-of-town health emergency in her family that led to her husband’s hospitalization. After his discharge, Verma asked for a copy of the complete medical record amassed during the inpatient stay to ensure that doctors back home had all the information they would need for follow up care.

“After the federal government has spent more than $30 billion on EHRs (electronic health records), I left with paper (five sheets) and a CD-ROM” that was both difficult to utilize and incomplete, said Verma.

“I couldn’t help but contemplate the disconnect between the genius of the medical system that used the latest technology and science to save my husband’s life but didn’t have the tools available to just give me his medical records, which I thought would have been the simplest task out of all they had performed,” she said.

Verma also announced an update to the agency’s Blue Button initiative, calling the new Blue Button 2.0(bluebutton.cms.gov) a developer-friendly, standards-based application programming interface “that enables Medicare beneficiaries to connect their claims data to secure applications, services and research programs that they trust.”

AAFP Weighs In
The AAFP has advocated long and hard for interoperability of EHRs and supports certain portions of the new initiative; however, other key points raised eyebrows among Academy leaders.

In a March 14 letter(4 page PDF) to Verma signed by AAFP Board Chair John Meigs, M.D., of Centreville, Ala., the AAFP weighed in on important portions of the initiative during its formative stages to ensure the final program doesn’t create more obstacles to already overburdened family physicians.

The AAFP noted its approval of agency efforts that “encourage patients to have meaningful control of their data” and to improve interoperability and administrative simplification.

“We would, however, object to placing responsibility for the adoption of interoperable systems on physician practices,” the Academy stated. “The creation of standardized interoperable systems should instead be the responsibility of vendors.”

The AAFP pointed out that physicians were promised EHR interoperability and secure patient access when they purchased certified EHR technology or upgraded their existing systems; however, many systems do not meet this standard.

Lack of this promised interoperability leaves physicians beholden to EHR vendors — a situation that has allowed vendors to engage in price gouging when peddling software upgrades and maintenance.

“We strongly urge CMS to require EHR vendors to provide any new government-required updates to such systems without additional cost to the medical practice,” said the AAFP.

Multiple studies have shown that physicians spend far too much time — up to 50 percent of their workday and even after clinic hours — using their EHRs, said the AAFP, referencing a Feb. 7 letter(6 page PDF) to Verma.

“CMS must take the time and financial costs physicians endure into account while addressing improved patient access to health care data,” said the Academy in its most recent comments.

Stop Information Blocking
In her speech, Verma zeroed in on CMS’ intent to prevent providers and hospitals from blocking patients — and their physicians — from seeing personal health data. “We will not tolerate this practice anymore,” she said.

In response, the AAFP noted that too often physicians receive summaries of care that are too long and “filled with clinically irrelevant information.” Indeed, said the letter, unnecessary information often is inserted into summaries by automated processes “designed to ensure compliance with CMS regulations and requirements for the MU (meaningful use) and ACI (advancing care information) programs.”

The AAFP told CMS to improve its regulatory requirements and focus on “how and when data is exchanged rather than focusing on the data in the exchange.”

Furthermore, the AAFP called on CMS to use the authority it was granted in the 21st Century Cures Act(www.fda.gov) to penalize health care organizations that are not sharing information.

“Policies should be focused on penalizing bad actors blocking information,” the Academy said in its letter.

Streamline Documentation, Billing Requirements
The AAFP pointed out that the level of documentation required of physicians has escalated in recent years despite the widespread adoption of EHRs. In particular, the Academy took issue with CMS’ documentation requirement guidelines for evaluation and management (E/M) services.

The letter argued that the guidelines, written for use 20 years ago in a paper-records era, “do not reflect the current use and further potential use of EHRs or team-based care.”

CMS should recognize and adhere to the AAFP’s Principles for Administrative Simplification to reduce documentation requirements. In these principles, the AAFP calls for

eliminating documentation guidelines for E/M codes 99211-99215 and 99201-99205 for primary care physicians;
applying a new standard to all public and private payers to allow medical information to be entered into a patient record by any care team member related to a patient’s visit;
discarding data templates and box-checking requirements that do not enhance patient care; and
redesigning and optimizing EHR systems through the collaborative efforts of physicians, vendors and workflow engineers.
Improve Related Programs
The AAFP addressed additional points in its letter to CMS, including suggestions related to

streamlining requirements associated with meaningful use and the Quality Payment Program’s advancing care information component;
interoperability of quality measures, including elimination of all health IT utilization measures and implementation by all payers of the Core Quality Measures Collaborative’s core measures sets championed by the AAFP;
widescale interoperability of patient admission, discharge and transfer data in as close to real time as possible; and
reducing hospital admissions and readmissions, and duplicative testing.
“With the modifications we have suggested and attention to other overarching health care IT issues as outlined above, we believe these programs will lead to great success for our patients by catalyzing better, more efficient quality care,” concluded the AAFP.

Related AAFP News Coverage
Fresh Perspectives: Doctor or Patient? Who Owns Medical Records?
(1/18/2016)

 

Source: AAFP Urges Improvements to Fledgling Patient Data Initiative

Half of ransomware victims who pay the ransom don’t get their data back: 5 things to know

Only about half of the organizations that suffered a ransomware attack in 2017 recovered their data after paying the ransom, according to a CyberEdge Group survey

The research and marketing firm spoke with nearly 1,200 IT security pros in 17 countries about their experiences with cyberattacks last year.

Here are five survey insights.

1. Seventy-seven percent of the organizations surveyed suffered a form of a cyberattack in 2017, which is down from 79 percent in 2016. This marks the first time in five years the percentage of organizations who were hit by a cyberattack declined.

2. Just over half (55 percent) of respondents fell victim to a ransomware infection in 2017, compared to 61 percent in 2016.

3. Of the organizations that suffered a ransomware attack, 38.7 percent of victims decided to pay the ransom demand. However, only 49.4 percent of those organizations actually recovered their data, as opposed to 86.9 percent of organizations that refused to pay the ransom and were able to recover their data.

4. Organizations ranked malware as their top concern, followed ransomware, phishing and credential abuse attack.

5. Cybersecurity-related budgets are expected to account for 12 percent of an organization’s overall IT spend in 2018, which represents a 4.7 percent growth year-over-year.

Click here to download the complete report.

Source: Half of ransomware victims who pay the ransom don’t get their data back: 5 things to know

CrowdCrypto Newsletter – Issue #12

Another great summary of Crypto news from Robin Sosnow (@RobinSosnowEsq). 

🇺🇸 USA Regulatory Spotlight: 

Cryptocurrency Spotlight:

Global Spotlight:

Events Spotlight: 

EQUITY CROWDFUNDING NEWS
Equity Crowdfunding Spotlight:

Source: CrowdCrypto Newsletter – Issue #12

4 things I have held dear in life the simple principles:

6a0133ec87bd6d970b01b8d10edeb9970c-800wi

Over the years in work or at home you gain mentors or people you listen to or look up to for advice. During these years the most impressive point was given to me by a friend and respected individual that I have held dear to this very day and are simple guiding principles at work and home.

4 things I have held dear in life the simple principles:

Humility – Someone else obligation, Before the opportunity

  • Humility or humbleness is a quality of being courteously respectful of others. It is the opposite of aggressiveness, arrogance, boastfulness, and vanity. Rather than, “Me first,” humility allows us to say, “No, you first, my friend.” Humility is the quality that lets us go more than halfway to meet the needs and demands of others.
  • The quality or condition of being humble; modest opinion or estimate off one’s own importance, rank, etc. 

Integrity – Do the right thing always

  • Firm adherence to a code of especially moral or artistic values
  • The quality of being honest and having strong moral principles; moral uprightness.
  • The condition of being unified, unimpaired, or sound in construction.

Respect – Hierarchy is not a proxy

  • A feeling of deep admiration for someone or something elicited by their abilities, qualities, or achievements.
  • Due regard for the feelings, wishes, or rights of others
  • Hierarchy is not a proxy for the interactions between one another Hierarchy is just a method of getting what needs to be done, done. Everyone is equal everyone has some in Hierarchy above them, next to them and below them, we should never ever forget this at home or at work.

Conviction – Honorable Intentions and Belief

  • fixed or firm belief the act of convincing a person by argument or evidence.

If you keep these things dear to your heart and wear them on your sleeve, the results can be surprising, when you compromise on any you compromise on all of them and you tumble down the slippery slope.

A lot of people say they have principles, and they might be able to rattle off some thoughts and points, but it’s more what they action and actually what they do which is more important. Not just the talk but the action speak larger than the words its what can bind you together or show how far apart you might be.

Teams, individuals, and your family need to be able to do amazing things each and everything minute of the day. Having these 4 principles, it has given me a baseline to reference against.

Cerner to showcase Apple collaboration at HIMSS18, president Zane Burke says 

The EHR maker will also be featuring innovations in longitudinal health records, cloud services, machine learning and more to help customers manage value-based contracting.

“We’ll showcase our collaboration with Apple to make health records available at your fingertips in the Apple Health app,” said Cerner President Zane Burke.

HIMSS18 will be a pivotal one for Cerner in many ways. It’s the first with new CEO Brent Shafer, who has big shoes to fill as the first outside hire to lead the company since founder and longtime CEO Neal Patterson passed away last summer.

And it comes as the company has arguably more big projects on its to-do list than ever, including the massive ongoing MHS Genesis project for the U.S. Department of Defense and the upcoming contract with the Department of Veterans Affairs – to its continuing innovation on any number of fronts, from consumerism to the cloud, interoperability to artificial intelligence.

“Recently, Cerner and Apple worked together to make personal health information accessible on a consumer platform, and we’re working with a range of partners and clients to turn up the heat on the conversation about interoperability,” Cerner President Zane Burke said. “We’ll showcase our collaboration with Apple to make health records available at your fingertips in the Apple Health app.”

Burke added that Cerner will also be offering a look at virtual health solutions that empower individuals to manage their health via telemedicine and remote monitoring technologies as well as intelligent solutions for hospitals as they adjust to rising costs and value-based care.

“We’re at a pivot point with the digitization of health information, and we are redefining the idea of ‘care.’” Burke said. “We’re moving from managing patient encounters to providing for the well-being of populations.”

Cerner is particularly focused on the growing clout of the healthcare consumer and is committed to activating and engaging patients to be more proactive in their own health. Central to this work is the agility and speed offered by cloud technology, and Burke said Cerner continues to work with leading companies in industries other than healthcare to build on its own cloud-based offerings.

Cerner’s founding membership in the CommonWell Health Alliance – which was first announced five years ago at HIMSS13 – is one way to help innovate on the interoperability front, he said, and the company is committed to the co-creation of an open platform for innovation by leveraging FHIR standards through its work with the Argonaut Project.

More fluid data exchange, particularly with the DoD, was a major driver for the contract Cerner was awarded for the VA’s new EHR this past June, of course. Although the contract is currently on pause while MITRE does an independent assessment of its specifications, Burke said the VA project ultimately will “not only create seamless care for our nation’s veterans, it will also fundamentally change interoperability in the commercial healthcare space — something we are very excited about.”

Population health management is another imperative in the era of value-based reimbursement, and it’s another area “where Cerner continues to grow,” he said. “Providers need data that is actionable at an individual and community level to improve care. Cerner is uniquely positioned, through our cloud-based platform HealtheIntent, to pull all those data points together, aggregate and normalize the data and feed it back into the workflow for clinicians to act on.”

And analytics to help mine that data for the most useful insights are fast-evolving too – largely driven by lightning-fast advances in artificial intelligence and machine learning, which “remain a key focus for Cerner,” said Burke.

He pointed to early efforts such as the Cerner HealtheDataLab technology, which offers a secure environment where researchers and data scientists can “query de-identified data, extract and transform data sets in research-ready formats, build complex models and algorithms and validate findings in a single elastic environment.”

Cerner is in Booth 1832.

Source: Cerner to showcase Apple collaboration at HIMSS18, president Zane Burke says | Healthcare IT News

Mastering Data Sovereignty – CIO Journal

Amid ongoing concerns over data privacy, ownership, and governance, technology leaders are playing a critical role in making data broadly available throughout the enterprise, while also ensuring compliance with an array of differing data regulations around the globe.

CIOs can take advantage of a holistic data management approach and new cognitive capabilities to increase data accessibility and control.

As data grows in complexity and importance, IT leaders are entering a new era of data management. There is increasing demand to make data freely accessible, understandable, and actionable across business units, departments, and geographies to enable digital transformation efforts. At the same time, many global companies are under pressure to comply with varying country-specific rules about what data may be shared within or beyond geographic borders.

The good news is that CIOs can take advantage of new data management techniques and tools to strike the right balance between accessibility and control. Now is an opportune time for IT leaders, working in partnership with their business peers, to develop an “enterprise data sovereignty” road map to facilitate understanding of data relationships, guide data storage, and manage data rights. And by employing new cognitive capabilities, they can automate aspects of data management, redesign data architecture, and elevate data stewardship.

A holistic approach to data architecture and management can help improve the performance of this business-critical asset, helping to foster innovation and growth. It can also serve as a platform for helping organizations comply with existing and expected national data sovereignty rules around the world.

Data Wants to Be Free

There is no question that the ability to strategically manage ever-growing stores of data will be a competitive advantage in the digital age. In many companies, data collection, access, and management remain siloed by department, business unit, or geography. However, as companies seek to digitally transform, data must be more freely accessible throughout organizations for companies to realize their full potential.

Historically, few companies have been able to master data management—even when much of that data was structured and stored in tables or basic systems. As data has grown in volume and variety, those challenges have multiplied. With many organizations doubling their data every two years, short-term strategies for data computing and storage can quickly become obsolete. New data management architectures and strategies are likely needed to accommodate the big data explosion.

That’s where enterprise data sovereignty comes in: It’s a way for IT and business leaders to develop a holistic data management strategy for the organization, with the goal of making data available, consistent, and controlled throughout the company. CIOs who take this approach know where data is stored; who has access to it; and how or whether it moves beyond business unit, geographic, or company boundaries.

Over the next 18 to 24 months, more companies will likely begin modernizing their data management in this way, working to increase data discipline and availability. Viewing data through the lens of enterprise data sovereignty can help companies solve challenges related to architecture, global regulatory compliance, and data ownership.

Whose Data Is It Anyway?

One of the first issues IT and business leaders confront in developing an enterprise data sovereignty plan is data ownership. In the past, IT owned the systems and, therefore, the data. That’s not necessarily the case anymore.

Going forward, the question of data ownership will be answered differently in different companies. There will be no one-size-fits-all approach. Many organizations will employ a data steward focused primarily on data quality and uniformity. Some organizations are hiring chief data officers, but their focus is less on managing data than on illuminating and curating the insights the data yields. In many companies, there may be no de facto owner at all. In any case, the most important decisions may concern not who owns the data, but rather what principles govern data management and access and how those rules are operationalized.

Organizations that are beginning to master enterprise data sovereignty share some common success factors. First, they bring together key stakeholders to determine goals for data quality, uniformity, collection, storage, and aggregation. They also have a data management function, owned and led by the business, that enforces decisions about management, governance, and consumption. This hybrid approach—having some level of centralization to enforce decisions made by a cross-functional stakeholder group—is typically the most effective way to operationalize enterprise data sovereignty.

Data Architectures for the Future

Creating a modern data architecture is challenging for most organizations. Even for those with a track record of success, traditional master data management, data quality, and data governance processes may fail to keep pace with data flowing in from new places in different formats.

IT leaders who want to build a platform for enterprise data sovereignty consider not only how and where data is stored, but also the sourcing and provisioning of authoritative data, metadata management, master data management, information access and delivery, data security, and data-archiving capabilities.

Thankfully, today’s IT leaders can take advantage of advanced components to build their data management architectures. The following new cognitive capabilities can help organizations better manage data across its life cycle—from consumption to analysis:

  • Ingestion and signal-processing hubs can make sense of structured and unstructured data from public, social, private, and device sources.
  • Cognitive data stewards can help users understand new compliance requirements and augment human data stewards.
  • Data integrity and compliance engines work to enhance data quality and fill data gaps to help ensure data quality and integrity.
  • Dynamic data fabrics understand the interconnectivity of data and can maintain metadata and linkages as data moves through different systems.
  • Enterprise intelligent layers employ machine learning to illuminate deep data insights and help increase confidence in real-time analytics.

Maintaining Global Compliance

National data sovereignty rules, such as the much-anticipated General Data Protection Regulation in the European Union, are also an issue. While the cost of compliance with various regulatory requirements will be substantial, the price of noncompliance is likely to be even higher.

Taking an enterprise data sovereignty approach can help companies deal with the thorny issue of maintaining compliance with regulatory and privacy requirements that differ dramatically by nation. CIOs can also deploy technology solutions for global regulatory compliance. A sophisticated rules engine deployed directly into cloud servers can apply myriad rules to data dynamically to determine which stakeholders in specific jurisdictions are allowed access to what data. IT leaders can also segregate data into logical cloud instances by legal jurisdiction and deploy controls to limit cloud access to those data stores to users in each locale.

At a business level, it can also be valuable to shift the focus from managing and sharing data to managing and sharing insights. Insights, after all, can be transferred freely throughout a global organization even when data cannot.

Where to Begin

The Holy Grail for IT leaders is an enterprise data sovereignty strategy that can handle growing volumes of data in an agile, efficient, and controlled manner. The distance between today’s data management reality and that end state can seem daunting, but there are some actions IT leaders can take to move in the right direction:

  • Pay down data debt. Smart IT leaders can confront the extent of their existing data sprawl in order to understand the magnitude of the issues to be addressed.
  • Begin at the beginning. Many of a company’s data problems can be traced upstream to the information supply chain, where CIOs can focus their efforts to link, merge, route, and cleanse data.
  • Use metadata—and lots of it. Adding metadata to raw data at the point of ingestion is among the best ways to enhance data context.
  • Employ a cognitive data steward. Leveraging advanced AI technologies to assist human data stewards can free data professionals to focus on the bigger data sovereignty picture.

*****

The enterprise data landscape is only becoming more complex, with new and increasingly unstructured data coming online every day and a dynamic global regulatory environment. That’s why forward-looking IT leaders are beginning their data modernizations efforts today.

—by Bill Briggs, principal and chief technology officer; Juan Tello, principal; and Ashish Verma, managing director, Deloitte Consulting LLP

 

Source: Mastering Data Sovereignty – CIO Journal – WSJ