The Importance of Healthcare Data & Ensuring Its Confidentiality

Protecting healthcare data from unauthorized parties, while simultaneously making it accessible to authorized healthcare professionals, patients, and caregivers, appears to be an unsolvable conundrum. Healthcare administrators constantly struggle with sharing paper-based patient records effectively. Paper-based patient records need to flow quickly to and from primary care physician offices, specialists, hospitals, clinics, and patients, yet it remains cumbersome and time-consuming to scan and email, fax, or mail such records.

Conversely, electronic health records (EHRs) solve the need for efficient information sharing, yet are only used by about half of the nation’s doctors [1]. Unfortunately, many healthcare administrators worry about the risks and costs associated with unauthorized individuals receiving or merely accessing EHRs. Faith in keeping (electronic) records confidential, especially across disparate, connected systems, fluctuates as healthcare administrators hear more about patient record breaches than they do about technologies that offer bona fide cloud security.

Used effectively, electronic health records help physicians provide higher-quality, more personalized care to patients—at a lower cost. [2] For example, EHRs provide emergency-room doctors with rapid access to information about patient allergies, prior surgeries, current and former medications, and similar health-related information while treating a patient when seconds are critical.

EHRs are not only delivered instantly to healthcare administrators on demand, but also allow them to navigate quickly through dozens, hundreds, or even thousands of pages. Paper-based records can take immeasurably longer to sift through, yielding delays in care and higher costs. Keeping paper-based records secure is also a nightmare. While an original document may be locked in a filing room, once copied, those records will change hands numerous times as administrative staff are involved with copying, scanning, faxing, placing records in envelopes, handing them off to couriers, delivered to one or several recipients, then read by one or more healthcare professionals, and, eventually, filed and stored.

As healthcare administrators recognize the value of EHRs, they’re also beginning to see how properly-implemented cloud security gives them complete control of their data, ensuring only those with specific authorization to a patient record are granted access. Internal and external record queries are examined and managed with levels of granularity not previously thought possible, while all pertinent, confidential data remains encrypted in transit, at rest, and in use. With OfxCloud, healthcare administrators can minimize the risks of EHRs, but enjoy all the benefits, including cost-reduction, patient appreciation, and better healthcare overall. Contact us today to learn more about OfxCloud – an in-cloud data warehouse solution that delivers accelerated time to market, mass query capability, and comprehensive security.

Key Healthcare Assets Protected by OfxCloud

Medical device data, patient histories, financial information, and pharmaceutical data all require strong security controls such as data encryption and granular rights provisioning. This ensures that patients, designated family members and caregivers, appropriate medical staff, doctors, and other approved parties get the appropriate level of data access.

Such complex requirements create significant challenges for healthcare organizations who already struggle to maintain compliance with laws like the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Health Insurance Portability and Accountability Act (HIPAA). The costs of maintaining compliance with laws and implementing strong, effective security controls remains far lower than the expenses associated with a data breach, including reputation damage, loss of consumer trust, and, for public companies, devalued stock.

Healthcare executives, in their struggle to find reputable vendors and reliable technologies, listed expense reduction as one of their top five concerns for 2017, per the Advisory Board Company’s latest Annual Health Care CEO Survey. [1]

This means that affordable, reliable technologies designed to protect healthcare-related data are a strategic priority amidst healthcare organizations, many of which are taking a strong look at OfxCloud — which offers expert protection of digital assets, while ensuring all authorized parties have the specific access they require. Simultaneously, OfxCloud prevents unauthorized users, internal and external, from getting their hands on confidential healthcare information and utilizes data encryption while information is in transit, at rest, and in use.

Patients expect easy access to their medical information for themselves, authorized family members, and caregivers. Therefore, healthcare organizations must devise ways to supply access while preventing cyber thieves and malicious insiders from copying or stealing that very same data. Internal policies, and punishment for not following them, can only go so far as more stories of internal and external data breaches make front-page news.

Secure your organization’s digital assets with a reliable solution that guarantees data encryption in all three states, allows granular rights provisioning, helps meet compliance obligations, and delivers peace of mind and confidence for executives and shareholders. Contact us today to learn more about OfxCloud, a complete 360-degree solution for enterprises seeking to fully engage their business data in ways not previously possible!

Understanding Separation of Control to Protect Against Insider Threats

Companies across the globe face security and data protection challenges every day. Most invest in technologies to keep cyber criminals from getting into their network and pretty much stop there, which seems sensible until you take a step back and look at Verizon’s 2017 Data Breach Investigations Report (DBIR). The DBIR reveals that “insider and privilege misuse accounted for 15 percent of breaches across all patterns analyzed.” That’s a statistically significant percentage and, as expected, data breach prevention is becoming a big focus for corporate leaders.

Information technology and security leaders are looking for databases that permit data access for everyone who needs it. Traditional access controls often allow a select few, typically administrators and certain key associates, to access proprietary corporate and customer data. Conversely, a lack of adequate access controls gives all or most associates rights to this same data without appropriate administrative granularity. Neither scenario proves ideal. The former prevents or severely limits many associates from accessing data necessary to perform their job, while the latter method provides too much access and exposes the company to excessive data risks.

Hospitals know the dangers all too well, particularly when staff members access the medical records of celebrities or other prominent people and the breach is leaked to the media. That type of negative PR can damage a facility’s reputation in the eyes of current and future patients. On the other hand, if a hospital staff member falls for a spear-phishing or ransomware campaign and clicks on a malicious link, vital hospital records can be at risk of public exposure or complete inaccessible to the hospital.

It’s time to fully protect your company’s proprietary data and the personal information your clients and customers entrusted to you. Native security features in Olfactex mean you can feel comfortable giving data access to everyone. When it comes to data breach prevention, Olfactex protects against insider threats by having separate administration domains for each of its parts. Meet regulatory requirements, administer data access perfectly and accurately, secure your data, and set security worries adrift so you can focus on the rest of your goals. Contact us today to learn more about Olfactex!

For the Hackers at Lazarus Group, WannaCry Was Unusual

Recently, nearly everyone heard about or were impacted by the WannaCry ransomware worm – a hybrid-style malware that exploited a vulnerability within the Windows operating system, including current versions and those dating back to Windows XP. It is believed that hackers from the infamous “Lazarus Group,” credited for successfully hacking both Sony and the Bangladesh Central Bank, released WannaCry after information about the Windows vulnerability was publicly announced on WikiLeaks by another hacking group, Shadow Brokers. Both prior attacks proved extremely costly to Sony and Bangladesh Central Bank, given the attacks focused directly on their systems. WannaCry, on the other hand, affected over 200,000 computers spanning 150 countries and appeared to target as many machines as it could spread to [1]. It’s another case where having the right data security mechanisms and procedures in place saved the day for many companies, while a lack thereof led to much disarray for others.

WannaCry is considered unusual in that it combined the effects of ransomware and a worm.

Ransomware is a popular form of malware that encrypts data, allowing the hacker, or hacker group, to hold users’ and corporations’ data hostage until the afflicted pay a ransom. If they fail to do so, they can no longer access their encrypted data. A worm can replicate and spread itself to systems without the aid of other programs since it simply relies on network connectivity. Thus, rather than rely on users only clicking a malicious link or downloading the malware from infected links or sites on the Internet, WannaCry, once it infected one or more systems, quickly sought out other systems to infect and spread exponentially.

The evolution of malware, and hence ransomware, certainly has computer security professionals on edge. Each new iteration brings forth significant challenges while threatening to steal, or otherwise make unavailable, organizations’ prize information, including intellectual property, associate and customer personal records, and related company confidential data. Without strong and layered data security technologies, effective policies, and a top-notch associate awareness program, organizations will continue to find themselves susceptible to an array of hacking techniques including the ever-popular ransomware attack.

WannaCry introduced the world to a ransomware worm, the likes of which made it infamous overnight. While it’s difficult to speculate about what’s next, we may find ransomware recrafted to impact data on other devices and in different locations. Data in the cloud is already susceptible to ransomware and similar attacks, while personal and business smartphones have remained off-the-radar of hackers for the most part, though that may soon change. Data security across all platforms must be maintained and updated to shield organizations from the effects of ransomware, viruses, and malware in general, along with other malicious attempts by hackers to access corporate data.

Given that ransomware encrypts data, rendering it useless to those who own it, beating cyber criminals to the punch by backing up and encrypting your organization’s data makes the perfect addition to a layered security program. With most organizations leveraging the cloud to store and process information, data security techniques must extend into that space as well. Find out how to keep your data safe, secure, and ransomware-free; contact us today.

The Future of Artificial Intelligence & Neural Networks

Artificial Intelligence (AI) and Neural Networks (NN) are making a comeback after several years of being overshadowed by drones, dashcams, portable security products, and an array of other interesting and highly useful gadgets flooding the market. New developments in ultra-high technology, involving AI and NN, are beginning to appear around the world in labs, at symposiums, on campuses, and in the news. This future tech brings researchers closer to understanding how the human brain works and is contributing to the ability for computers to simulate certain forms of thinking and self-awareness. In the near future, artificial intelligence algorithms will require massive amounts of data to “learn” and train therefore a big data distributed storage solution where content can be extracted semantically will be a necessity for the advancement of AI technology.

Futuristic concepts are quickly translating into reality. For example, reinforcement learning allows computers to solve puzzles, navigate through mazes, and, when paired with large neural networks, has promise toward solving more complex, real-world challenges. [1]  Generative adversarial networks (GANs) involve systems where one network generates data, after ingesting a set of training data, while another system attempts to distinguish between real and fake information. GANs ultimately produce very realistic synthetic data. [1] This type of technological advancement may aid projects like PatientGen, which helps generate “fake people” who have realistic patient histories with clinically-relevant patient encounters. [2] Such allows for realistic testing without the need to involve real individuals’ private information. This means that artificial intelligence and neural networks may bring about new preventative measures and even cures for diseases that otherwise would have remained a mystery to modern medicine.

 

One of the next major advancements in AI and NN includes enhancements around natural language processing (NLP). Presently, artificial intelligence can grasp the meaning of simple language, and speak back to you, but it is limited by its literal interpretations of our questions. [3] Apple’s Siri, Amazon’s Echo and Alexa, Microsoft’s Cortana, and Google Assistant are all examples of how far artificial intelligence has come with natural language processing. And, that’s just the tip of the iceberg. On the horizon, expect more natural conversations, versus command-driven statements, to appear within our everyday technology. Cars, phones, televisions, and robots are just a few places to expect advancements in artificial intelligence and neural networks to appear.
Artificial intelligence and neural networks will continue to enhance the lives of millions as science and technology weave new paths in human and computer interaction. Speaking of cutting-edge, future technologies, check out Olfactex, our latest innovation; an in-cloud, NoSQL database that provides full encryption in transit, at rest, and in use! Contact us today to learn about the role that artificial intelligence and neural networks are playing in our database.

7 Ways Healthcare Providers Can Increase Data Security

Healthcare fraud is on the rise as indicated by the increase in attacks on healthcare providers [1]. Cyber criminals know the value healthcare data holds and continuously look for ways to steal or make it unavailable, the latter as part of ransomware attacks. Healthcare executives are clamoring to increase data security at their facilities and in the cloud as varying attack vectors threaten their organizations’ reputations. They certainly don’t want to see their organizations’ names in the news, at least not when it comes to data breaches. Yet, nearly every month it seems that a healthcare provider or related company experiences a costly data security event. In fact, the Health & Human Services’ Office of Civil Rights, the federal agency charged with enforcing the privacy rule of the 1996 Health Information Portability and Accountability Act, estimates that personal health data of 30 million Americans has been compromised since 2009. [2] The seriousness of this epidemic cannot be over emphasized.

While patient data remains in the crosshairs of cyber criminals, there are several steps healthcare providers can take to minimize the likelihood a successful data breach will occur. Some of the more pertinent actions organizations can take include:

  1. Hiring top-tier cyber security professionals, staffing their teams appropriately, and providing an adequate, dedicated security budget. Skimping on staff or budget often leads to regret, particularly when data breaches or other hacking incidents arise.
  2. Installing and configuring web application firewalls on their Internet-facing systems. Hackers often target websites and other Internet-facing systems looking for vulnerabilities
  3. Hiring a firm that specializes in security assessments and white-hat hacking. It’s far better to have vulnerabilities discovered by a company you hire than by a hacker.
  4. Tightening their firewall rules and hardening their systems, including all endpoints. Firewall rules, if not maintained, can leave ports unsecured and thus vulnerable, while locking down endpoints is a must, given their ubiquity.
  5. Deploying an effective patch management program to ensure systems are kept up-to-date. Systems must maintain the latest security patches to thwart exploitation of known and unknown vulnerabilities; remember WannaCry?
  6. Having a secured data warehouse that minimizes mass data breaches.
  7. Creating an effective security awareness program for all associates. This should not be just an annual training, but monthly newsletters, posters, etc.
  8. Encrypting and backing up all patient and other confidential data wherever it’s stored, transmitted, and processed. Whether on premises and/or in the cloud, data must be secured in transit, while stored, and while in use, as well as backed up and tested often.

This is far from an exhaustive list, but it certainly touches on the primary areas of an effective cyber security program. The security of healthcare data will remain top-of-mind for executives as cyber criminals never rest. To keep your organization’s data secure, check out Olfactex, our in-cloud, NoSQL database that provides full encryption in transit, at rest, and in use while allowing for massive scalability, uncompromised speed, and protection against insider threats as well.

Hackers Have a Special Taste for the Food Services Industry

The food industry is no stranger to data breaches. In fact, 2017 ushered in a series of data compromises infecting Chipotle, the most recently attacked, along with McDonald’s and Kentucky Fried Chicken (KFC), to name a few. Wendy’s was impacted as well, from late 2015 through early 2016. [1] It seems there’s an insatiable hunger amidst cyber criminals to steal data, and they’re just as content targeting restaurant chains as they are going after healthcare, financial services, and pretty much every other sector. Database security remains top of mind with business leaders across all sectors, and with good reason!

Verizon’s most recent Data Breach Investigations Report revealed that 97% of data breaches involving the food services industry in 2016 were committed by external offenders (non-insiders), and the attacks predominantly involved Point of Sale (POS) systems [2]. The common thread appears to be a lack of strong, effective, all-encompassing encryption to prevent cyber thieves from using the data they steal. Certainly, the goal is to prevent hackers from even reaching your network or the cloud your data resides in. However, should hackers get that far, knowing your data is fully encrypted and that they can’t do anything with it, certainly puts your mind at ease.

As companies continue searching for that “perfect app” that will alleviate their security woes, the closest they’ll come to absolute security will be via a database encryption solution that protects data entirely – in transit, at rest, and in use. That way, no matter what happens, their data remains secured and their customers and employees needn’t worry that their personal data will fall into the wrong hands. Likewise, the business needn’t concern itself with a brand-impacting data breach.

Criminals will continue to feed on the food services industry, just as they try to infect healthcare organizations, run away with travel companies’ data, learn how to steal from educational institutions, capitalize on vulnerabilities within financial organizations… the list goes on. No matter what type of organization you work for, cyber criminals are sizing-up and preying on companies in your industry. Don’t become a negative headline; invest in database security that can put your mind at ease. With Olfactex, an in-cloud, NoSQL, encrypted database with 360-degree data protection, stop hackers from inflicting mass data breaches. Find out more by contacting us today.

Data Encryption Methodologies & Data Security

Not all encryption methodologies are equal. Today, there are more options available in the encryption space than ever before. As organizations seek out solutions for data breach prevention, encryption remains top of list and top of mind. It pays to know the differences in what’s available. Here’s a brief comparison of the major database encryption methodologies:

Shared-Key Strategy

Shared-key strategy encryption is feature rich and scalable, yet has single point vulnerability and thus, no separation of control. Cloud systems can directly access both data and encryption keys, which are resident on a single system during processing. This allows data to be queried and analysed without a bulk pull [1].

Zero-Knowledge Strategy

Zero-knowledge strategy encryption offers separation of control and strong security, but only allows for bulk (data) pulls, which proves impractical for database storage and scalability [2].

Data Masking

Data masking simply replaces data with tokens, however doing so requires a look-up table for every tokenized value.  This makes in-cloud querying inefficient and limits scalability [3].

Homomorphic Encryption

Homomorphic encryption allows for data to be encrypted in all three states – in transit, at rest, and in use. Computational time increases with key size, however, and this forces a tradeoff between scalability and security [4].

Olfactex

Olfactex ensures data remains encrypted in transit, at rest, and in use. However, Olfactex also allows analytics to be performed 100% in-cloud without compromising security, privacy, or scalability. Hence, there’s no tradeoff between scalability and security or business intelligence vs. business risk [5]. Olfactex also allows administrators to control access to Personally Identifiable Information (PII), ultimately mitigating the risk of insider threats. New data types are automatically integrated into the Olfactex database, making it easy to use.

Business leaders are quickly taking notice of Olfactex as they develop data breach prevention and overall security strategies to protect their organizations. They realize cutting corners leaves their organizations more vulnerable to attack and data compromise.  Strong, reliable encryption that covers data across all three states (in transit, at rest, and in use) is only offered via Olfactex by Panoptex Technologies. Why sacrifice scalability for security? Find out more by contacting us today.

Over 1.5 Million Patient Records Impacted by Cyber Threats in March

March 2017 revealed 1,519,521 patient records were compromised across 39 data breach-related incidents [1]. That’s an astounding amount of private medical information falling into the hands of cyber criminals. So, what can be done to prevent these types of incidents? Whether through Encryption in the cloud or other methods, to ensure proper security, we must understand how the incidents occur.

The Verizon’s Data Breach Investigations Report, published in 2017, shares a myriad of mechanisms used by cyber criminals to steal confidential information. The report shows that 75% of data breaches that occurred in 2016 involved outsiders. [2] In previous years, insiders, such as those who already have access to sensitive and confidential information within organizations, played a far more active role in causing data breaches. We’re now seeing insiders involved with much less, while those without access to the company or its data are prying their way inside companies and exfiltrating whatever information they can get their hands on.

Cyber criminals use everything from web application attacks to phishing and malware, including ransomware, along with cyber-espionage and privilege misuse, to attack victim organizations, [3] often preying on unsuspecting employees’ naivety. One click may be all it takes for your healthcare organization’s sensitive data to become compromised. Encryption, when implemented correctly, changes the game entirely for organizations. The real key, however, is to leverage encryption in transit, at rest, and in use; a trifecta that’s only available from one solution provider – Panoptex Technologies.

Cyber criminals are constantly figuring out new ways to exploit web applications, e-mails, text messages, phone systems, and employees themselves. They have figured out just how valuable encryption is, as they use it as the main ingredient in ransomware attacks. Still, just as there’s no way an individual or company that fell prey to a ransomware attack can decrypt their information without acquiring a highly-secured encryption key, cyber criminals cannot crack encryption around data they’re attempting to steal and cannot gain access to your encryption key(s) when implemented correctly. With Olfactex, Encryption in the cloud is accomplished by transforming the data into one subsystem and then holding the keys in a completely separate subsystem. Queries are ran on a third subsystem. Each subsystem is independently secured and encrypted. In the end, Olfactex provides an impressive amount of security. For more information on how Olfactex can protect your organization’s data, contact us today.

Incidents that Lead to Data Breaches

According to the most recent Verizon Data Breach Investigations Report, 75% of all data breaches in 2016 were perpetrated by outsiders, which means that organizations need to further fortify their defenses against external hackers’ relentless efforts to steal their most valuable data. As leaders in data security and encryption in use, we are highlighting several types of threats, or areas of focus, that plagued organizations last year.

  • Ransomware: A type of malware that infects systems, then encrypts data leaving the victim to pay a “ransom” to the cyber criminals in order unencrypt their otherwise no longer readable data.
  • Phishing: A tactic usually involving e-mails designed to trick the recipient into clicking on a malicious link or responding in an effort to steal information or install malware.
  • (Distributed) Denial of Service: An attack involving a horde of computers, often referred to as zombies or bots, that act in sequence to send illegitimate traffic to specified targets, flooding them with requests that thereby deny legitimate traffic to the victim’s system(s). Telephone Denial of Service attacks are similar, yet involve the use of Voice over Internet Protocol (VoIP) calling systems.
  • Payment Card Skimmers: Devices that are surreptitiously placed on credit and debit card readers, such as gas station pumps and automated teller machines (ATMs), that appear to be part of the device itself, yet instead copy credit or debit card data unbeknownst to the victims using the card readers. Criminals later retrieve the card skimmers and extract the data to be used in credit card fraud.
  • Physical Theft: Criminals simply steal equipment, whether it’s USB (thumb) drives and other portable media, laptops, desktops, servers, and similar equipment that stores valuable data.
  • Web Application Attacks: An attack involving cyber criminals targeting online web application servers and infecting them with malware and/or entering code that causes the server(s) to react in unintended ways that leak data.

These attack types have one thing in common; they could have been prevented or at least mitigated if the organizations involved had deployed the Olfactex secure database.

  • Massive distribution in the cloud doesn’t provide one single data point that can be hacked. With data spread across anywhere from dozens to thousands of systems, it’s virtually impossible to target this data for ransomware.
  • Always-on encryption and separation of control protects data from phishing attacks, physical attack, and web application attacks.

With Olfactex, organizations can mitigate the impacts of a variety of cyber threats. Certainly, some security vendors who offer database encryption attach a heavy, time-consuming payload to their solution fueling fears of painful big data processing and stagnating query results. Olfactex, on the other hand, proves that not all vendors are created equal and delivers data encryption at rest, in transit, and in use with very little overhead. Providing encryption in use is revolutionary in this realm of security and flexibility of data. Hence, organizations can have their cake and eat it with 360° encryption and speedy data analytics.