hankimg

“As a business owner, you don’t have time to waste on technical and operational issues. That’s where we shine! Call us and put an end to your IT Service problems finally and forever!”

Hank Wagner, Owner
Computer Networks of Roanoke
IT Guru, Published Author, and Trusted Advisor to Medical Practice Administrators and Business Owners

Health IT Has $32K Per Doctor Price Tag

A study from the Medical Group Management Association (MGMA) found the cost of health IT can be broken down to one simple figure; $32,000 per year, per doctor.

The research team analyzed data from a 2016 MGMA survey of more than 3,100 physician practices across the country. According to Fierce Healthcare IT, the study found physician-owned multi-specialty practices spent more than $32,500 in 2015 for each full-time doctor on health IT equipment, staff, maintenance, and other related costs.

“While technology plays a crucial role in helping healthcare organizations evolve to provide higher-quality, value-based care, this transition is becoming increasingly expensive,” said Halee Fischer-Wright, MD, MMM, FAAP, CMPE, president and CEO of the Medical Group Management Association in an announcement.

Inside This Issue
1 $32,000 Per Doctor
1 Ransomware
3 Dell Technologies
3 Employees
4 Election Hacked

“We remain concerned that far too much of a practice’s IT investment is tied directly to complying with the ever-increasing number of federal requirements, rather than to providing better patient care. Unless we see significant changes in the final MIPS/APM rule, practice IT costs will continue to rise without a corresponding improvement in the care delivery process.”

Ransomware
Ransomware
Ransomware

What is it? A type of malicious software that gets installed on your computer network which encrypts all of your files and blocks your access. Encrypted files cannot opened without the decrypt key, which you have to buy from the criminal who installed the software.
How do I get it? Generally, one of your staff members does one of two things:

  1. They open an email attachment that contains the ransomware (known as phishing)
  2. They visit a website that contains the ransomware

What happens if I get infected? The ransomware begins working silently, in the background, encrypting the files on the machine where it was downloaded. If the machine has “mapped” server network drives, then most ransomware begins encrypting the files on the server as well.

How do I fix it? The people behind this are criminals. You can try paying the ransom and hope they will give you the unlock key. But, most IT industry folks, along with the FBI, do not recommend paying ransoms because it rewards bad behavior and encourages more of the same. The people that do not pay a ransom, restore their files from backups, the unlock key is not needed.

How do I prevent it? There are several things you can do to reduce the chance of being infected:

  1. Train staff not to open email attachments from people they do not know and are not expecting.
  2. Train staff to be suspicious of all website links in any email or document they receive.
  3. Do not store any important information or files on local PCs-save them all to the server(s).
  4. Install an image based backup solution that will perform server backups several times daily and then automatically move those backups offsite.
  5. Install a UTM (Unified Threat Management) firewall and turn on all of the Security subscriptions. A UTM device has lots of features that can help prevent this type of infection from reaching your network.
  6. Enable Content Filtering on your UTM so that your staff is restricted to business only websites.
  7. Install and maintain an Endpoint antivirus solution that updates definitions every hour.

Ransomware is the largest threat to a business network today. Spending a few dollars now to replace old, outdated equipment with current hardware and software that is capable of handling today’s threats will minimize your exposure.

We have just developed a phishing training program to help you educate your staff. This program will send phishing emails to your staff and notify us which staff members are fooled by the phishing emails. We will send you a report to follow up with the fooled “clickers”. We have the ability to require the “clickers” to attend further online training with us to better educate the “problem children”.

Call if you have an interest. For you healthcare folks, this can also be a critical part of your HIPAA staff training.

Hank Wagner, Owner
hank.wagner@computernetworksinc.com
https://www.computernetworksroanoke.com
757-333-3299 x232

Dell is now
Dell Technologies

dellimagDell has filed an SEC document touting the company's new name, Dell Technologies, ahead of its merger with EMC, expected to close in October. The intent of the change is "to convey a family of businesses and aligned capabilities," CEO Michael Dell said.

Two-thirds of IT security pros surveyed expect a breach to hit their company, report says

While most organizations believe providing workers with the best technology is imperative to business productivity, many struggle to optimize agility owing to traditional security mindsets, according to a new study by Okta.

In its first "Secure Business Agility" report, the global identity and device management provider with U.S. headquarters in San Francisco, found that failing to adapt and upgrade security tools is putting organizations at risk. In fact, more than two-thirds of the 300 IT and security professionals queried for the study believe that a data breach will occur within the next 12 months unless they upgrade legacy security solutions.

Organizations are split whether security is enabling or compromising productivity and agility, the study found.

Just over half responded that their current security solutions compromise productivity, while just below half believe their security measures enable the organization to adopt best-of-breed solutions that enable productivity and agility.

Do You Know Who Your Employees Are?

empimgInsider threat is becoming one of the largest threats to organizations and some cyberattacks may be insider-driven.  Although all insider threats are not malicious or intentional, the effect of these threats can be damaging to a Covered Entity or Business Associate and have a negative impact on the confidentiality, integrity, and availability of its ePHI.  According to a survey recently conducted by Accenture and HfS Research, 69% of organization representatives surveyed had experienced an insider attempt or success at data theft or corruption.  Further, it was reported by a Covered Entity that one of their employees had unauthorized access to 5,400 patient’s ePHI for almost 4 years.

US CERT defines a malicious insider threat as a current or former employee, contractor, or business partner who meets the following criteria:

  • has or had authorized access to an organization’s network, system, or data;

has intentionally exceeded or intentionally used that access in a manner that negatively, affected the confidentiality, integrity, or availability of the organization’s information; or information systems.

According to a survey conducted by U.S. Secret Service, CERT Insider Threat Center, CSO Magazine, and Deloitte, the most common e-crimes committed by insiders are:

  • unauthorized access to or use of organization information;
  • exposure of private or sensitive data;
  • installation of viruses, worms, or other malicious code;
  • theft of intellectual property.
  1. Consider threats from insiders and business associates in enterprise-wide risk assessments.
  2. Clearly document and consistently enforce policies and controls.
  3. Incorporate insider threat awareness into periodic security training for all employees.
  4. Beginning with the hiring process, monitor and respond to suspicious or disruptive behavior.
  5. Anticipate and manage negative issues in the work environment.
  6. Know your assets.
  7. Implement strict password and account management policies and practices.
  8. Enforce separation of duties and least privilege.
  9. Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities.
  10. Institute stringent access controls and monitoring policies on privileged users.
  11. Institutionalize system change controls.
  12. Use a log correlation engine or security information and event management (SIEM) system to log, monitor, and audit employee actions.
  13. Monitor and control remote access from all end points, including mobile devices.
  14. Develop a comprehensive employee termination procedure.
  15. Implement secure backup and recovery processes.
  16. Develop a formalized insider threat program.
  17. Establish a baseline of normal network device behavior.
  18. Be especially vigilant regarding social media.
  19. Close the doors to unauthorized data exfiltration.

If you are feeling this way about your computer network…

deskjobimg

… it is probably time to give us a call at 757-333-3299.

Attack on State Election Databases Prompts FBI Warning

(August 29, 2016)

Earlier this month, the FBI's Cyber Division issued a flash alert warning that election databases in two US states have suffered intrusions, likely by foreign attackers. The agency is investigating both incidents. In at least one of the intrusions, attackers were able to exfiltrate data. The alert lists eight IP addresses used in the attacks. The attacks occurred in Illinois and Arizona. Brian Kalkin, vice president of operations for the Center for Internet Security, which operates the multistate information sharing and analysis center (MS-ISAC) expressed concern that intruders could alter or delete data.