How to Defend Against the Rise of Ransomware

Tag Archives: Public Health

How to Defend Against the Rise of Ransomware

defend against ransomware

Cybersecurity has been a major concern with the rise of ransomware incidents over the past few years. This form of cyber attack is an ever-growing problem that affects many industries but often targets healthcare organizations. By knowing what vulnerabilities to watch out for, using a secure Electronic Health Record (EHR), and educating your staff on security best practices you can protect your healthcare agency and defend against the rise of ransomware threats.

Ransomware is a form of malware that refuses access to the target’s data. Targeted organizations are asked to pay a ransom in order to recover their files and often paying that ransom is the most cost-effective way to get their data back. As such, ransomware has become a very lucrative criminal activity and continues to self-fund itself as the next generation of ransomware evolves to be even more sophisticated. With this, the cost of each ransom continues to rise as well. Healthcare providers are one of the most susceptible and impacted industries because of the wealth of sensitive, personal health information (PHI) files they contain. These records can be traded for hundreds of dollars each and are often sold several times. Healthcare system security is also often more vulnerable because security is often driven more by compliance than modern security best practices. 

This form of malware has the ability to infect any type of computer including mobile devices, IoT, routers, cloud storage, etc. but it often gains access through devices such as a printer, medical equipment, or other connected devices. When security scans are done by healthcare agencies to assess security vulnerabilities, often these devices are ignored because they are waived as low to medium vulnerability. It is often those low to medium vulnerability devices which are targeted; however, because they are often not prioritized to be secured and offer an easy way to gain access to your network. Make sure your healthcare agency is securing any and all vulnerabilities in your network and not just those which are flagged as high vulnerability targets. 

Additionally, make sure your EHR system is secure as it houses all of the records that threat actors are trying to gain access to. You can start by using an EHR with security certifications issued by reputable accrediting agencies such as databrackets. This will ensure your EHR has been audited on their ability to provide secure data management and is even more secure against the rise of ransomware. Extra layers of protection for your EHR like Multi-Factor Authentication is also recommended. Having an EHR vendor that provides regular data backups, a great incident response, and has contingency plans in place in the event of an attack are also advisable.

Finally, be sure your staff makes moves to increase security and protect patient data from ransomware. The primary ways that ransomware attacks happen are via malicious phishing emails meant to trick the recipient into disclosing login credentials. These credentials are then used to access your websites, applications and business data. The data they gain access to is then encrypted so that your agency cannot access it unless you pay the ransom. Because of this, oftentimes, the weakest security link at any organization is its employees. Educate all staff on password security, email security and not sharing work laptops with family and friends. Your staff should be informed that spam filters will not stop all malicious emails.  

According to an article by databrackets, ransomware attacks have cost U.S. healthcare organizations $157 million since 2016 and the individual ransom of 1,400 clinics, hospitals, and other healthcare organizations varied from $1,600 to $14 million per attack. Defending your organization’s data is more critical than ever, but if your staff follows these security measures, you can protect yourself from the rise in ransomware.

Patagonia Health Joins the Carequality Network

carequality network

Patagonia Health, an Electronic Health Record (EHR) software company serving Public Health and Behavioral Health agencies, has now joined the Carequality network. Carequality is a national-level, consensus-built, common interoperability framework built to connect many health data sharing networks. Carequality currently coordinates care between 600k care providers, 50k clinics and 4,200+ hospitals. Interfacing with Carequality will help Patagonia Health’s customers access and transmit patient data more seamlessly between these other healthcare entities and speed up their administrative functions of obtaining health records.

Health Information Exchanges are nothing new yet these have been mostly disparate local or state networks. Carequality being a national network-to-network trust framework gives providers access to a much larger pool of patient data. Carequality can be leveraged by existing networks (HIE, Vendor, Payer, PHR, etc.) and service providers (e.g. record locator services) to enable the sharing of data across these diverse networks, services and their participants. The search feature on the Carequality website allows agencies to see which providers are sharing health data.  

“An HIE is only as strong as its HIE members,”  says Jolie Rollins, Sales Engineer, Patagonia Health. “The more stakeholders who contribute patient data on the network, increase the value to everyone on the network, driving better decision making and patient outcomes.” 

Using Carequality aids healthcare agencies’ workflow by allowing them to obtain patient data from or share patient data with more in-network providers. They would be able to receive and transmit patient information with any others in the Carequality network. This helps healthcare providers minimize their administrative functions. It eliminates several steps involving phone calls and faxes to request or send medical records. It also reduces wait times for that information exchange.

Patagonia Health is committed to pushing the future of healthcare forward with its innovative and secure EHR technologies. Their modern, cloud and apps-based solution is interoperable with tools healthcare agencies need and is certified for meaningful use. By interfacing with the Carequality network, this is just one further step Patagonia Health is making to better serve their customers in Public and Behavioral health. Streamlined solutions like these help keep the focus on patient care and away from the burnout associated with administrative tasks.

About Patagonia Health, Inc.

Patagonia Health, Inc. is a healthcare software supplier with a cloud and apps-based software solution that is designed specifically for Public Health Departments, Federally Qualified Health Centers (FQHC), Community Health Centers (CHC) and Behavioral Health agencies. Their solution includes an integrated, federally-certified, Electronic Health Record (EHR), Practice Management (PM) and Billing software. For more information, visit https://patagoniahealth.com.

Patagonia Health Hires Clark McKenna as New Strategic Account Executive

Patagonia Health Hires Clark McKenna

Patagonia Health, Inc., a leading supplier of Electronic Health Record (EHR) solutions to the Public Health, Behavioral Health and Federally Qualified Health Center (FQHC) markets, recently expanded its sales team by adding a Strategic Account Executive.  Clark McKenna joins the team bringing a broad range of experience to this new position at Patagonia Health, including enterprise and international strategic development as well as Tier 1 and Tier 2 channel partnerships.

“Clark joins Patagonia Health during a time of unprecedented transition in the Public Health and Behavioral Health markets. He will work closely with our partner community as well as large and state level health departments to drive the transformation efforts to Public Health 3.0” says Amos Slaymaker, VP of Sales and Marketing at Patagonia Health.

Over the past few years, Patagonia Health has been accelerating to high levels of growth. Clark will focus on strategic sales activity, including 3rd-party partnerships, to help Patagonia Health continue this trend.

“Patagonia Health is laser focused recognizing the importance of strategic relationships with large public and behavioral health agencies guiding them through the evolution of the workflow, infrastructure, partnerships, data analytics, sustainable funding, managing social determinants of health and interoperability” states McKenna. He will serve as the main point-of-collaboration by adding value to the buyer-seller relationship and a resource to both parties minimizing risk and driving the expected value throughout the implementation process. 

Patagonia Health will continue to be the trusted advisors Public Health Departments, and others, turn to for assistance evaluating Electronic Health Records solutions. “With Patagonia Health’s commitment to providing easy-to-learn therefore, easy-to-use software, I am thrilled to be part of the team” says McKenna.  Most recently Clark served executive roles at The Carlyle Group’s Visionary RCM, Oracle, McKesson, VOW and CompuGroup Medical.   

7 Tips for Successful EHR Implementation

successful ehr implementation tips

After you have chosen a new Electronic Health Records (EHR) solution, how do you smoothly transition to it? Follow these 7 tips for successful EHR implementation. 

Set realistic goals and expectations.

Is it realistic to think you will be paperless in 1 month? Do all of your programs need to go-live at once or is a phased approach better? What are the politics in your agency? Who is going to be the most resistant to change and maybe should not be a super user or the department to go-live first? Consider these things and set realistic objectives towards successful EHR implementation.

Keep everyone informed and involved.

Make sure your staff understands the goals for your new EHR solution and implementation timeline. Consider involving staff in the selection and implementation process also because participation increases adoption and excitement.

Keep leadership involved.

Keep leadership involved after the decision making process of selecting your EHR. Leadership should be visible, engaged with the training, open and communicative. Leadership sets the tone for the entire project and can help ensure successful EHR implementation.

Educate leaders on change management. 

Educate your leadership on change management. Like the stages of grief, there is an emotional reaction that comes from switching solutions. This should be expected and supported. Understanding the change management curve and appropriate responses will help your leadership team and staff through this process effectively. 

Be communicative with your vendor.

Be communicative and willing to work with your vendor. Seek out acceptable solutions for all involved when issues happen to be sure of a successful EHR implementation. 

Make it fun!

For go-live, consider bringing in breakfast or lunch. You can decorate the lobby.  You could also host an award ceremony at the end of the first month with awards such as: Super User in Training, Best Attitude, Most Helpful, Overcame Most Challenges, Department Most Likely to be Paperless, etc.

Evaluate training.

Before you consider your staff fully trained, assess whether your staff members have practiced multiple training scenarios and whether clinicians have dedicated time outside of their patient hours to learn the new system. Take the time to make sure all users are well versed in the new system and utilize all training available from your vendor.

Benefits of an Embedded EHR Telehealth Tool

embedded ehr telehealth tool benefits

The healthcare field is quickly moving towards using telehealth solutions to increase patient care. The COVID-19 pandemic has spurred its use with an immediate need to connect patients with clinicians virtually, and now it is here to stay. When looking for a telehealth app for your clinic, consider the benefits of using an embedded EHR telehealth tool over purchasing an external-to-EHR telehealth product. If your telehealth app is embedded into your Electronic Health Record (EHR) system you will save on time, money and frustration.

An embedded EHR telehealth tool is one that is built right into your Electronic Health Records system, requiring no separate product to login to. This creates a more streamlined workflow than having an external and separate tool to learn and incorporate. This will prevent your staff from having to make duplicate entries and juggle between two applications thereby reducing errors, saving time and reducing risk of clinician burnout. 

By using an embedded EHR telehealth tool, one-click creates the functionality you need. One selection creates the telehealth appointments (easy for scheduler staff), starts the visits (easy for provider) and allows the patient to enter the visit (easy for the patient). In the same system you can then create invoices for billing (easy for the billing staff). Changes made while using an embedded EHR telehealth tool would also update the patient’s health records instantaneously. This ensures your clinicians are viewing the latest health information and are able to make clinical documentation while still face-to-face with your patients virtually.

To stay vigilant against cyberattacks, healthcare agencies need to make cybersecurity a priority in every tool and application they use. While there are HIPAA-compliant external telehealth tools available, they can be very expensive add-ons. If you use an embedded EHR telehealth tool as part of a certified Electronic Health Record product, then you can be sure it has been evaluated for security and HIPAA compliance along with the EHR system itself. This can give you confidence that the telehealth tool you are using is a safe choice. It also prevents you from having to purchase an expensive external application.

Health agencies and clinics make bold steps towards the future of healthcare by incorporating telehealth. Telehealth tools increase patient access to the right care, at the right place, at the right time. They save patients time and money and allow clinicians to see more patients. A merged EHR telehealth solution just increases the flow of information even further and gives your team confidence in a secure product that already works within your existing Electronic Health Record workflow.