About advocate

This author has not yet filled in any details.
So far advocate has created 4 blog entries.
3 08, 2016

Cyber Security 101: basic tips to keep you safe online and with the Internet of Things (IoT)

By | August 3rd, 2016|Current Health Topics, Data Security|0 Comments

CybercrimeI’ve written about cyber attacks, cyber extortion using ransomware in hospitals, medical identity theft, data mining risks with health/medical apps and fitness trackers, and more. I am not an IT professional so I’ve written this for the un-indoctrinated, which until a year ago, included myself.

It makes sense to review a few basics about how to stay safe if you use email, engage in social media (Facebook, Twitter, LinkedIn, etc.) shop online, browse the internet, use health or medical apps, bank online or have smart devices in your home. Even if all you do is search on the internet for answers to health questions, these strategies apply to you.

Knowledge is power. The more you know, the more easily you can make an informed choice.

Think of your computer, smart phone, iPad, and other electronic devices like you do your home. We all want to be safe at home and most of us implement strategies to support that safety. We lock our doors and windows, install alarms, have protective dogs, and more. Consider taking steps to protect yourself in much the same way while using your electronic devices that connect to the internet or Wi-Fi.

With the advancement of technology and the Internet of Things (IoT), we are all more interconnected. That means we need to be informed about the risks of interconnectedness and learn how to protect ourselves from hackers and other cyber criminals. Technology is growing too fast for us not to implement a few basics to prevent identity theft, financial theft, hacking, malware, phishing scams, and more.

The Basics

Public Open Wi-Fi

If while eating a muffin and drinking a latte at your local coffee bistro, you decide to do a little online shopping while you’re there, stop. Don’t do it. Public open Wi-Fi is not secure and most people don’t realize just how easy it is for a hacker to eavesdrop on your internet communication through the Wi-Fi and snag your personal information, including username and passwords. Your information can be exposed and retrieved by cyber criminals to commit identity theft.

Public open Wi-Fi is available to everyone in that location and no password is needed for use. It is not protected in any way. Coffee stores, hotels, gyms, universities, airports and other public places offer public Wi-Fi as a free service. It’s up to you to protect yourself.

  • Be sure to set your smart phone, laptop or other device to manually select Wi-Fi. This way you choose when you want to connect to Wi-Fi rather than your device automatically connecting.
  • Do not do online shopping, online banking or engage in social media if you use public open Wi-Fi. Your personal information will be at risk to hackers who can so easily eavesdrop on your activity.
  • Public open Wi-Fi users should only visit secure websites with https addresses. It looks like this–https.www.samplewebsite.com

 

Facebook, Twitter, LinkedIn & Other Social Media Sites

“Cyber criminals often create fake profiles to befriend you on Facebook,” according to Heimdal Security. “Their goal is to get you to leak confidential information to them. Be careful about friend requests on all social media sites.”

On LinkedIn, cyber criminals create fake profiles to help themselves to your personal data, such as your connections, your email address, and your phone number. Check every LinkedIn connection request before you accept.

Suspicious connection requests look like this:

  • Very few connections
  • Very little info in the person’s bio.
  • Generic information.

 

Strengthen Your Passwords

Admittedly, changing your passwords to beef them up is a big hassle. Who can remember their passwords? I know I can’t. I have them written down in a secure place. And yes, I’ve had to change my passwords more than once because I can’t remember my new passwords.

  • Create a unique password for each unique account. Don’t use the same password for multiple accounts. Although I have to admit I’ve been guilty of this.
  • Use a more complicated password that has the following: ! and #, numbers, upper and lower case letters.
  • Don’t reuse old passwords.
  • Don’t use your birthdate, telephone number or your street address. Cyber criminals can find that information on the internet. It’s common for people to use this information in passwords and hackers know it.
  • Use two-factor authentication, known as 2FA. It is a two-step verification, an extra layer of security that requires not just a password and username but something unique to you.
  • The rule of thumb has been to change passwords fairly often to outrun hackers. But a colleague pointed out that there is new research that unveils that changing passwords can actually decrease security. See for yourself here. Thanks to Meg Helgert for the information and this study.

 

Health/Medical Apps and Fitness Trackers

I don’t use these myself for security reasons. I purchased a FitBit some time ago and after reading the fine print, I returned it to the seller. FitBit, JawBone and other fitness trackers collect, share and sell consumers’ data to health insurers, employers, data brokers and others. Health/medical apps do it too.

More info in my article, How much health care data is mined without your knowledge.

Health related apps aren’t regulated by the FDA and aren’t covered by HIPAA, which means that the majority collect your sensitive data and do with it what they will. Most don’t have good privacy or security, according to PC World’s article, Why hackers love health apps.

 

Phishing Emails

Most of us use email in some form or another. What you might have received already and hopefully deleted, are phishing emails meant to fool you into thinking they are sent from a known business or bank. Cyber criminals make these phishing emails look real by using photos, images and logos from the original businesses. Many go undetected.

A phishing email might ask you to click on a legitimate-looking link or ask you to download an attachment.

Don’t do it.

The phony email might ask you to authenticate your username or password. You may be informed of a deposit or withdrawal and then asked to click on a link. Phishing emails lure you into giving them personal information such as social security numbers, credit card details, birth date, mother’s maiden name and more. This information can give a hacker all he needs to gain access to your accounts or to commit identity theft.

In 2013, Walmart customers were tricked into believing an email scam that requested that they update their account information urgently to keep them safe.

 

“Unsubscribe” Email Scam

According to the Identity Theft Resource Center, a new scam has arrived. “Savvy scammers have leveraged the power of annoying spam and dangerous phishing emails by combining them. The result is a barrage of identical looking spam emails that promise everything from weight loss to skin care products, all of which offer you multiple chances to click “unsubscribe” in order to stop receiving the emails.

Their tactic is to bombard you with these spam emails so you’ll do just about anything to make them stop. However, embedded in the “unsubscribe” link is a virus or malware that could infect your computer.

If you don’t recognize the sender, or you didn’t sign up for the emails, do not click on the “unsubscribe” link provided. Report the email as spam by clicking on the spam button on your email program.

Spam email can also include malware that allows a cyber criminal to control your computer remotely, freeze the contents and demand a ransom in exchange for the release of your personal photos and other data. More information on malware in my blog, Hospitals are sitting ducks for ransomware and other cyber attacks.

You can report phishing emails to the Federal Trade Commission at spam@UCE.gov or see their website here https://www.consumer.ftc.gov/articles/0038-spam

 

Keep Your Software Updates Current

Download your software updates on your computer, iPad, smart phone or other electronic device as soon as they become available. Or turn on the auto-download on your software updates. Software updates keep security on your device current. Updating the software on your apps can prevent 85 percent of targeted attacks. See Heimdal Security for more info on this.

 

Purchase Anti-Virus Software

Yes, you need it. I use Intego Mac Security. This is not an endorsement, just what my IT tech recommended. So far, my computer has been safe.

However, I did just hear from an IT person who read this blog and said that third party anti-virus software is unnecessary. You’ll have to do your own research on this as there seem to be two schools of thought.

 

Check Your Bank Statements Weekly

Even if you don’t bank online, you should be checking your accounts on a weekly basis. Review your statements for unfamiliar withdrawals and deposits. Alert your bank if you notice suspicious activity. Change your password immediately if you do.

 

Smart TVs, Smart Refrigerators, Smart Homes, Virtual Home Assistants, Smart Security Cameras, Smart Thermostats—The Internet of Things (IoT)

I don’t own any of these for a reason. I’m not against them as they make lives easier and I know people who love them. If you do purchase or already own a Smart TV or for example Amazon Echo (Alexa,) be sure to read the fine print. The voice command feature, if left on, can collect and send your voice data to a third party service that converts speech to text. Talk about a privacy issue, not to mention a creepy one. Read more about this here, Your Samsung SmartTV is Spying on You.

Please read the FBI’s warning about these Smart Devices.

I hope this helps.

1 08, 2016

Hospitals are sitting ducks for ransomware and other cyber attacks

By | August 1st, 2016|Current Health Topics, Data Security|0 Comments

cybersecurityImagine you are a patient in a hospital that gets attacked by ransomware. Your medical records and other data are seized, and all users including your physicians and nurses, are denied access to them. Let’s say you are about to receive chemo, radiation, or another vital treatment.

What would you do? What can you do?

Not a whole lot, unless of course you have your own personal back up of your hospital medical records on hand. And even then the hospital may not be operable.

Think this sounds implausible? Think again. And read on.

As many as 75 percent of U.S. hospitals have been hit with ransomware in the last year. Hospitals are considered the perfect targets because they need the information on patients immediately, don’t have the necessary tools to prevent such an attack, and many haven’t taken the necessary steps to educate and train their employees on how to avoid such an attack. Many simply pay up. But not without extensive delays and having to turn patients away or evacuate patients from the healthcare facility.

This kind of cyber extortion can put patients at risk and compromise patient safety.

If this is new to you, ransomware is malicious software that seizes all data in a computer or computer network. Cybercriminals hold it for ransom until payment is made in exchange for release of the information. In a hospital, it will lock up all electronic patients’ records and other data in its computers and computer networks. The information is left completely inaccessible to medical professionals who need it for patient care. Messages are installed by cybercriminals demanding payment, usually in the form of Bitcoin, in exchange for accessibility to the seized information. Sometimes the cyber extortionists release the data after receiving the ransom payment and sometimes they don’t.

According to the FBI, “Ransomware attacks are growing in number and are becoming more sophisticated.” The FBI also reports that hacking victims in the U.S. have paid more than 209 million in ransom payments in the first three months of this year.

Hospitals and other healthcare facilities are the targets of most ransomware attacks. According to U.S. News& World report, ransomware is the most profitable scam to date.

Malicious malware can be sent in an email to a specific person with an attachment that appears to be legitimate such as an invoice or electronic fax. Or the email can contain a legitimate looking URL which the victim clicks on and then is taken to a website that infects the computer with malicious software.

There are new cases of ransomware where cyber criminals don’t use emails at all. They seed legitimate websites with malicious code which then seizes the computer and possible other networks and back up drives.

In May of 2016 Kansas Heart Hospital was hit with ransomware and extorted twice.

In April of 2016, three Southern California hospitals, owned by Prime Healthcare Services, were attacked by ransomware. Prime Healthcare Services stated in a Los Angeles Times article that they did not pay the ransom. The FBI recommends not paying the ransom. One can understand why hospitals would pay up to get their systems and patient care running as soon as possible. There just aren’t enough tools in place for them to do much else. Some hospitals do refuse to pay the ransom and rely on back up copies of information. Still, it can take several days for them to get back to some degree of normalcy.

In March of 2016, cyber criminals attacked 10-hospital MedStar Health, located in the Maryland and District of Columbia region. The hackers encrypted the hospital chain’s computer networks so all information was frozen. The Baltimore Sun reported that the malware attacks left ten MedStar hospitals unable to access patient data and in some cases having to turn patients away.

Also in March of 2016, Methodist Hospital in Henderson, Kentucky, was crippled by ransomware and claimed to be operating in a state of internal emergency. The hospital was forced to shut down all of its computers because of the malicious malware. The message left on the affected systems via Locky malware demanded a ransom in bitcoin.

In February of 2016, the Hollywood Presbyterian Medical Center, located in Los Angeles, had their computer networks attacked by cyber criminals who demanded 17,000 in bitcoin to release patients’ records. Hollywood Presbyterian paid the ransom.

Not a cyber extortionist attack but noteworthy all the same, in July of 2015, UCLA Health was the victim of a major cyber attack. 4.5 million patients’ data was compromised which included social security numbers.

Among others, Anthem Blue Cross disclosed that 80 million customers’ data was compromised in 2015.

The list goes on.

Sen. Bob Hertzberg authored a bill in effort to make ransomware a felony. Let’s hope that passes. But I have to wonder how cyber criminals would be charged since most cyber attacks originate outside of the U.S. This is an update on a bill already passed that introduces new penalties specifically for ransomware attacks. If the update passes, cyber criminals would be fined up to $10,000 and sentenced to two, three, or four years in jail.

Seems like a paltry sum and a much-too-short jail sentence if you ask me. After all cyber extortion is basically data kidnapping that could put patients lives at risk. Under federal law extortion carries up to a 20-year sentence, depending on the circumstances. Perhaps Hertzberg’s new bill is a good start on a massive, growing problem.

Hospitals must focus on prevention of these ransomware attacks. Real time backing up of patient electronic medical records and other data is an important strategy, but it still only addresses the problems after the cyber attack has been committed. Many hospitals don’t even back up. Preparing for a ransomware attack is essential for every hospital or other healthcare facility. Many hospitals claim to have insufficient funding to pay for internal experts such as chief security officers or to enlist a solid cybersecurity company’s services.

“Educating and training all system users is crucial,” states Healthcare IT news in its article, Tips for protecting hospitals from ransomware as cyberattacks surge. “All it takes is one uneducated user.” It’s the employees in hospitals who click on phishing emails or visit corrupt websites.

It’s not just the hospitals or healthcare facilities that become victims to ransomware. Patients must be protected.

I welcome your comments.

11 04, 2012

The Human Factor in Doctor-Patient Relationships

By | April 11th, 2012|Current Health Topics|5 Comments

Relationships with physicians are a breed all their own. They are unlike any other relationship we have, unless of course you are married to one.

Most of the time, our relationships with our physicians are one-sided, and peppered with on-the-run diagnoses and treatment plans. Enhancing the relationship with your doctor, expanding it just a bit beyond the clinical interaction, can maximize your medical care in ways you might not expect. As I said in my last blog, doctors are human beings. They are pressed for time, dealing with patient overload, phone calls from you, from pharmacies and other physicians, visits to patients in the hospital, filling out insurance forms for you and other patients, and filing appeals to insurance companies so you get the medical treatment they feel is right for you. The list goes on.

With the seven to fifteen minutes you have with your doctor, create some familiarity with her. You want her to remember you beyond a set of symptoms. I can tell you from all the interviews I’ve done for The Take-Charge Patient and my last book, Critical Conditions, that physicians, nurses and other medical professionals remember the patients they really like and the ones they really don’t. It’s human nature to want to do more for someone you care for and like as a person. And you want your doctor to go the extra mile for you. It also helps if you show you are invested in your health and medical care. This increases your doctor’s investment in you as her patient. (more…)

11 04, 2012

Doctors: Human Beings or Machines?

By | April 11th, 2012|Current Health Topics|2 Comments

After reading The New York Times article, Doctors Have Feelings, Too,  I began to wonder why so many doctors out of 2000 surveyed withheld information from their patients. The writer of the op-ed piece admitted to withholding the severity of a patient’s prognosis. When the patient asked if the medication prescribed would make her heart better, this doctor did not reveal that not only would the medication not help her heart but that she was not going to get better.

Was this a fatal flaw in this physician’s professionalism or simply an error because the doctor is human?

In my new book, The Take-Charge Patient, I emphasize that physicians are human beings, that just like you and me they can make errors in judgment because of who they are as people. Their personalities or personal experiences can affect how they deal with conflict or upset such as the doctor who wrote about withholding disturbing news from her patient. There’s really no justification for not revealing the truth to patients but I wonder if I were a physician, would I tell a young patient that her prognosis was completely devoid of hope? (more…)