Posted by Julia Foster on January 13, 2017 in Blog
2016 Cyber Security Summary
2016 kept everyone in the healthcare industry on their toes having a record high number of data breaches! Luckily, the number of compromised records dropped drastically in comparison to 2015. However, one trend that was widely recognized was the rise of ransomware attacks. Although not a new method, ransomware is quickly gaining popularity and becoming a huge issue in the cybersecurity world. Read below to see a recap of 2016’s most impactful data breaches!
Top 5 Most Notable Breaches in 2016:
The Dark Net Sale
The largest and probably most notable data breach was released in June. The hacker, who goes by the name of TheDarkLord, listed 4 different databases for sale on TheRealDeal market (a dark net source). The databases were being sold for $100,000, $200,000 $400,000, and $485,000 and included names, birthdates, social security numbers, addresses, cell phone numbers, and medical history. Ransomware attacks can put providers in a tricky situation because even if the ransom is paid, they are not guaranteed to get their information back.
Held at Ransom
The first ransomware attack of the year occurred in February at a hospital in California. The hackers were able to lock the system cutting off access to hospital employees. During this time they had to resort to handwritten documentation and prescriptions instead of any electronic communication. The hospital was forced to pay the hackers 40 bitcoins (a type of digital currency operating independently of a central bank) or $17,000 to regain access. There is no evidence that any records were actually accessed during the lockout, but the hospital still took proper precautions.
The Food Court
Another large breach in 2016 consisted of 3.7 million records stolen from an Arizona health system in August. The hackers were able to gain access to a payment processing system in some food and beverage areas throughout their facilities. The stolen information included names, birthdates, social security numbers, credit card information, and health insurance information.
One of the most unique data breaches of 2016 was linked to a radical right-wing Ukrainian political group. In July, the group posted a screenshot of information that they compromised from a urology group based out of Ohio to Twitter and uploaded half a million records to a Google cloud-based storage area. The information posted included names, addresses, phone numbers, birthdates, insurance ID’s and diagnoses. When asked the group stated that the motive was political, however, this specific urology group did not have anything to do with the issues.
In August, a company based out of New York that provides ID cards for health plans for big names such as Blue Cross Blue Shield and Health Now was involved in a data breach that consisted of almost 3.5 million records compromised. Information accessed consisted of names, dates of birth, ID numbers, dependents’ names and provider names. The hacker was able to gain unauthorized access to a server which held all of the private information.
In December, almost half a million records were subject to exposure not because of a security attack, but rather a semi-truck. In Fort Myers, FL a truck driver, transporting a load of old paper medical records failed to securely lock the door on his truck, causing the medical records to fall from the vehicle and blow around. It took 3 days for officials to find all of the medical records that they could, however, not all were accounted for. There was no evidence that any information had been improperly used so far, but the information exposed consisted of everything from addresses and medical history to social security and financial information.
Posted by Amanda Harner on January 6, 2017 in Blog, News
Regarding cybersecurity, December had some good news and some bad news. The good news: December had the lowest amount of data breaches throughout 2016. The bad news: December had the 3rd highest number of records compromised, with a total of almost 1 million. Some of the most notable breaches include phishing emails being sent out, a ransomware attack, and a mobile app that was hacked into.
Since the beginning of December:
In December 2016, there were 16 health breaches and 925,863 records compromised. 61% of healthcare data breaches were due to hacking/IT incident.
Since the beginning of the year:
In 2016 there were over 900 total data breaches and 350 healthcare breaches, consisting of over 35,000,000 records compromised throughout the entire year!
December’s most notable healthcare breaches:
LA Health Department
The Los Angeles Health Department suffered the largest data breach in December. It is estimated a phishing email sent to employees compromised over 700,000 personal records. Phishing emails contain viruses which allow access to protected information. These emails usually have an open rate around 30%, but in this case, the open rate was only about 10%. However, even with the relatively small number of opens, a significant amount of damage was still caused to the server. The data compromised consisted of names, dates of birth, social security numbers, payment/bank account information, social security numbers, and medical diagnoses.
A health center also based in California was the victim of a ransomware attack. Troldesh, which is the ransomware that was used in this attack works by conducting scans and encrypting files making them inaccessible to authorized users. Toldesh was installed by an unauthorized user who logged into the server. Names, medical diagnoses, medical record numbers, and insurance numbers were among the information stolen. Luckily, no financial information or social security numbers were compromised.
Earlier this month, a medical laboratory company based out of New Jersey disclosed a data breach that affected more than 34,000 people. Information stolen included personal information such as names, phone numbers, dates of birth and lab results. The information was stolen through MyQuest, which is a mobile app that allows patients to share medical records. The app was improperly secured allowing the hackers to gain access to personal records.
Posted by Julia Foster on December 29, 2016 in Blog, News
Let the countdown begin. 2017 will be here before we know it! Here are some ICD-10 codes you might be using to bring in the New Year!
W25.XXA- Contact with sharp glass, sequela
Be careful when you are clinking glasses, or you will be in need of this code.
F10.920- Alcohol use with intoxication, uncomplicated
The best way to bring in the New Year is with a champagne toast.
S93.401A- Sprain of unspecified ligament of ankle
NYE is an opportunity to dress your best, but it is also an opportunity for a high heel injury.
Z38.00- Single live born infant, born outside hospital
NYE is all about welcoming Baby New Year.
E86.0 – Dehydration, R51 – Headache & R11.2 0 Nausea and vomiting
W39- Discharge of firework
Fireworks at midnight are always a fun way to celebrate!
Y93.A- Activities involving other cardiorespiratory exercise
Do you know what the most common New Year’s resolution is? Getting in better shape.
Posted by Julia Foster on December 20, 2016 in Blog
8 ICD-10 Codes for the Holidays
It’s the most wonderful time of the year! The holiday season is all about friends, family, celebration and ICD-10 Codes. Okay, maybe not ICD-10 codes, but here are some codes in the holiday spirit.
W00.9XXA – Unspecified fall due to ice and snow, initial encounter
A white Christmas could also be a slippery Christmas
X08.8XXA – Exposure to other specified smoke, fire and flames
When the eight days of Hanukkah are through, there’s a good chance you burnt a finger or two.
W26.2XXA – Contact with edge of stiff paper
The gifts won’t wrap themselves.
Y93.21 – Activity, ice skating & V00.221 – Fall from Sled
Who doesn’t enjoy these traditional holiday activities?
X10.0XXA – Contact with hot drinks
There’s nothing quite like a nice cup of hot cocoa after ice skating and sledding.
Z72.820 – Sleep Deprivation
Who can sleep when you are trying to get a glimpse of Santa!
Y92.01 – Single-family non-institutional (private) house as the place of occurrence of the external cause
Because there is no place like home for the holidays.
BONUS CODES: ICD-10 Codes National Lampoon Style
W86.00XA – Exposure to domestic wiring
This code would have come in handy when the cat chews the electrical cord to the tree.
W53.29XA – Other contact with a squirrel
Remember the scene when the squirrel gets in?
Posted by Julia Foster on December 5, 2016 in Blog
Most companies have a particular dress code policy outlining exactly what you can and cannot wear in the office. In some cases, especially when going in for an interview, you might not be aware of the exact dress codes rules. For those times you do not have a detail dress code, use the guide below when choosing what to wear.
Casual dress codes have become more popular in recent years. While casual is the least dressy level of dress, there are still some guidelines you need to follow.
What is okay to wear:
- Nice-looking tops
- Casual pants and skirts
- Dark colored jeans
- Any shoes, as long as they have a back
- Casual accessories such as scarves, and statement jewelry
- Casual pants
- Dark colored jeans
- Polos, sweaters, pullovers, and casual button downs
- Sneakers and loafers
What to Avoid:
- Anything too revealing
- Skirts that are not an appropriate length
- Anything that looks messy
- Backless shoes
- Unnatural hair color and facial piercings
- Light colored and/or distressed jeans
- Any clothing with stains or holes
Business casual typically the most popular dress code in offices. It allows you to have personality in your outfit, but remain professional looking.
What is okay to wear:
- Dress pants, skirts or khakis.
- Tops such as blouses, collared shirts, nice sweaters, or cardigans. Colors and patterns are acceptable.
- Statement jewelry and accessories.
- Flats or heels
- Everything you would avoid when dressing casual
- Button-down and collared shirts. Colors and patterns are acceptable.
- Sweaters, sweater vests, and sport
- Conservative colored dress pants or khakis.
- Dress shoes are acceptable.
What to avoid:
- Sleeveless shirts
- Open-toe shoes
Business Professional is a step above business casual. It is a more conservative type of dress, while still allowing colors.
- Pant or Skirt Suit
- Skirts no shorter than two inches above the knee.
- If not wearing a suit, a blazer is recommended
- A button up shirt in any color.
- Dark or nude colored tights.
- Closed toed heels
- A conservative colored suit, although it may have a light pattern.
- Dress pants can be worn with a sport
- Tie, colors and patterns are acceptable.
- Collared button up shirts. Colors are acceptable.
- Neutral colored oxfords or loafers.
Things to avoid:
- Skirts shorter than 2 inches above the knee
- Distracting jewelry
- Open-toe shoes
- Anything that could be considered
- Everything you would avoid while dressing casual and business casual
Also known as Boardroom Attire, this is the highest and most conservative level of professional dress.
- A pantsuit or skirt suit in a neutral color (black, navy, gray or brown)
- White collared button up.
- Closed toed heels
- Dark colored tights if wearing a skirt
- Conservative jewelry –Studded earrings are best, or a simple chain necklace.
- A suit in a solid neutral color (black, gray, or navy).
- A white collared shirt
- Neutral ties
- Closed toe oxford shoes
What to avoid:
- Non-neutral colored clothing
- Heels taller than 2 inches
- Flashy/Gaudy jewelry and accessories
- Messy hair and facial hair
- Open-toe shoes
- Novelty Ties
- Everything you would avoid when dressing casual, business casual and business professional.
Posted by Julia Foster on December 1, 2016 in Blog
November 2016 Cyber Security Summary
As we near the end of the fall season, data shows a continued decline in healthcare records compromised compared to the crazy amount of healthcare records compromised this summer. Data breaches in November 2016 included a facility with a stolen hard drive, hackers from overseas, and packets mailed with labels that showed personal health information. Here is a breakdown of all healthcare related hacks:
Since the beginning of the year:
So far there has been a total of 932 total data breaches in the United States. 337 of those were healthcare breaches. Overall 42% of the 34 million records compromised this year were in the healthcare field.
Notable Data Breaches in November:
Stolen Hard Drive
There were 3,000 patients notified by a spine center in Texas earlier this month about a data breach due to a stolen hard drive. The external hard drive contained patients’ information such as social security numbers, addresses, birthdays and diagnosis. So far, there is no evidence of inappropriate use of information. However, victims are still encouraged to look at their finances to make sure that there are no stolen identities.
A vascular health center in Georgia recently notified their patients of a data breach that occurred due to an outside source gaining access to one of their servers. The hackers which are suspected to be from outside the U.S. were able to access the server with a compromised password. They had access to the server from March until September before the facility officials realized. Luckily, the server did not contain any social security numbers or financial info. However, it did have medical records and demographic information.
A healthcare provider mailed all of their patients informational packets containing details on with their Medicare Prescription Drug coverage. While preparing these packets for mailing something went wrong, and patients’ HIC Numbers (a Medicare ID number which consists of a person’s social security number and a letter) were printing on each mailing label. While this was a mistake and not an intentional breach of information, it compromised many healthcare records.
Posted by Julia Foster on November 23, 2016 in Blog
9 ICD-10 Codes for Thanksgiving
Thanksgiving is the official kickoff to the holiday season and the holiday season is the “busiest time of the year.” This is especially true in the HIM industry. Here are some codes you might be seeing after this Thanksgiving.
Y93.G3 – Activity, Cooking and Baking
Lots of food gets made on Thanksgiving, more cooking and baking equals more chances for injuries
W27.4XXA- Contact with kitchen utensil
You can’t cook (or eat) without utensils
Z74.2- Need for assistance at home and no other household member able to render care
It can get a little overwhelming if you are the only one preparing the Thanksgiving meal.
X10.2XXA contact with hot fats and cooking oils
Be careful deep frying the turkey.
W61.42XA- Struck by Turkey
Turkey, it’s what’s for dinner.
T28.0XXA- Burn of mouth and pharynx
However, don’t eat it before it’s cool.
Z72.4- Inappropriate diet and eating habits
Who doesn’t overeat a little on Thanksgiving?
R46.4 – Slowness and poor responsiveness
Can you say food coma!
Y92.011 – Dining room of single-family (private) house as the place of occurrence of the external cause
Because the most important part of Thanksgiving is spending quality time with friends and family and there’s no better way to do that than gathered around the dining room table.
Posted by Julia Foster on November 3, 2016 in Blog, News
October 2016 Cyber Security Summary
While there were still almost 150,000 people affected by data breaches in October, there were less compromised records last month than in the months previous. Data breaches last month included a facility with permanently lost information, phishing emails, and private info being made available for 5 months!
Since the Beginning of the year:
Since the beginning of 2016 there have been a total of 845 data breaches consisting of almost 30 million records compromised! Healthcare data breaches make up for around 35% of the total data breaches, but almost half of the total records compromised!
A children’s hospital was the source of a ransomware attack effecting over 30,000 patients. Once the hospital detected that hackers were encrypting data, they immediately shut down their computer system to prevent losing any records. Even with these measures taken, some data was unable to be recovered. The unrecoverable data included information like demographics, medical history, and billing information. Since then, the hospital has taken steps to strengthen its security and notify patients of the breach.
The Phishing Email
A phishing email was sent out to the employees of a health center, based out of Massachusetts, in an attempt to gain access to important files. Phishing emails, which often come in the form of an official looking email, are scams that attempt to trick users into downloading software or into visiting an infected website, so that the hacker can gain access to the system. This particular incident caused the hacker to gain access to over 13,000 patient’s medical records. Although there has been no evidence that any of the information is being used illegally, patients have all been notified and given a support number to call if needed.
A physical therapy and fitness center was the victim of a data breach that exposed their client’s information including social security numbers and Medicare numbers. It came to their attention that their client’s information had been accessible to unauthorized users through Amazon Web Services for almost 5 months. So far, they have no evidence of misuse of any of the information.
Posted by Julia Foster on October 10, 2016 in Blog
5 Ways to Stand Out On LinkedIn
In most cases, the first thing a recruiter or potential employer will do after seeing a qualified resume is look up the candidate on LinkedIn. With the job market being so competitive it is important that you shine on every level of candidate screening. A strong LinkedIn profile is a great way to start!
Studies show your profile is 14 times more likely to be viewed if you have a profile picture. Profile pictures help recruiters/potential employers put a face to a name and see candidates as real people opposed to just resumes. However, having the wrong picture can hurt you, so make sure that you picture is professional. It is best to have a headshot taken in professional clothing against a plain background.
Create a Catchy Headline
This is the first thing that recruiters and potential employers will see when they view your profile. This is your opportunity to list a catchy, yet professional, description of yourself that will make recruiter/potential employers want to keep reading.
Include Key Words in Your Profile
This is important. When potential employers, especially recruiters, are looking for candidates they will use LinkedIn, as they would use any other search engine, to perform mass searches for candidates. If you do not have the correct key words in your profile you will not show up in their search results.
Make sure to carefully think of words that will be searched in your industry and make a point to add them into your profile. Tip: Always make sure you have your credentials listed at least once in your profile.
This is your place to shine. Think about who will bel reading your LinkedIn profile most often and what they will want to see. In your summary you can include things such as accomplishments, areas you excel, and important facts or stats. Note: This is a great place to add some of those key words to your profile!
There is a group for everything on LinkedIn. Joining groups is a great way to strengthen connections with other like-minded people. Groups make it easy to connect by sharing relevant topics with and directly messaging other members. Tip: Don’t know where to star? Search by your industry and educational background.
Posted by Julia Foster on October 6, 2016 in Blog
September 2016 Cyber Security Summary
September, yet again, turned out to be an eventful month when it comes to Cyber Security. There were many notable breaches including a ransomware attack, a twitter leak, and a facility that was forced to shut down their computers for 3 weeks.
Cyber Security since the Beginning of 2016:
Since the beginning of 2016, 725 data breaches have occurred, 223 of which were healthcare related. There has also been almost 14,000,000 healthcare records compromised during this time!
Healthcare Data Breach Highlights from September 2106:
A Ukrainian hacker going by the name of Pravyy Sector hacked into the systems of one of the largest urology groups in Ohio. They are thought to be part of a radical right-wing Ukrainian group. The group posted a screenshot containing patient information on their twitter account, along with access to a Google Drive account containing the information from over 300,000 patients. When speaking with different sources, Pravyy Sector states that this attack was politically motivated and they have plans for more attacks in the future.
A spine center in New Jersey fell victim to a ransomware attack effecting almost 28,000 patients. CryptoWall, the ransomware used the in the attack, locked providers out of patient’s records, and disabled the facility’s phone system. The ransomware had access to patient demographics, medical history, and even credit card information. Although there is no evidence suggesting that the information was being used in a harmful way, the facility saw no other option and agreed to pay the ransom.
A large health system based in West Virginia suffered from a virus attacking their computer system. In order to stop the spread of the virus throughout the system, they shut down their computer system for three weeks. During this time, facilities remained open however, they were required to do everything manually, and had limited access to patient medical history. So far, there is no evidence of misuse of any patient information, and the system is back up and running.