There are only twelve notes in Western music. Just twelve. And in any Western scale, there are even fewer – just seven notes.
It is surprising how many of us in tech have music alter-egos. I’m guessing it has something to do with how both areas of study result in a challenging combination of art and science. There are rules, there are guidelines, and there is structure – but within those rules, guidelines, and structure, we find creativity, imagination, and inspiration. We strive for elegance amidst the chaos, and many times we find the most interesting things when we examine the 3rd note and the 7th note of a scale.
Just like how 3rds and 7ths in music can add interest to a solo, certain aspects of data can add interest and depth to an analysis. Here are some examples:
Outliers: Outliers are data points that are significantly different from the majority of the data. They can provide valuable insights into the data and can be used to identify trends and patterns that may not be apparent in the main data set. Why does it cost so much money to run that one facility?
Trends: Trends refer to patterns or movements in data over time. They can help identify changes or shifts in behavior and can be used to predict future trends. Trends highlight drift, and drift over time highlight things that might not be readily visible from day to day, week to week, or month to month observation. Why did my no-show rate go from 3% to 5% over the past 6 months?
Relationships: Relationships between variables can reveal correlations and associations that may not be immediately apparent. For example, there may be a relationship between income and education levels or between age and voting behavior. This is where AI shines – finding how non-intuitive variables trend together.
Anomalies: Anomalies refer to unexpected or unusual patterns in the data. They can provide insights into potential issues or problems and can be used to identify areas that may require further investigation. Anomalies are similar to outliers, but the difference is important. Outliers are single data points. In my example above, the outlier is a single department. Expanding on that example, an anomaly would be that one facility was so much more expensive than others because it was in the center of a pandemic hotspot.
By focusing on these aspects of data, just like how musicians focus on 3rds and 7ths to add interest to a solo, you can find the most interesting and valuable insights in your analysis.
An internal security assessment (ISA) from your vendors can help you understand the security risks associated with working with those vendors and can help you identify any potential vulnerabilities or weaknesses in their security measures. Here are some reasons why you should require your vendors to complete an ISA:
Protecting sensitive data: If you're sharing sensitive data with your vendors, it's important to ensure that they have appropriate security measures in place to protect that data. An ISA can help you verify that your vendors have adequate security controls in place to protect your data.
Compliance requirements: Depending on your industry, you may be required to conduct security assessments of your vendors to comply with GDPR, HIPAA, HITECH, PCI-DSS, or other state and federal regulations. Failing to comply with these regulations can result in fines, legal action, or damage to your company's reputation.
Third-party risk management: Working with vendors introduces additional risk to your organization. An ISA can help you identify potential vulnerabilities in your vendor's security measures and enable you to work with the vendor to mitigate those risks.
Improved security posture: By requiring ISAs of your vendors, you can ensure that your company is working with vendors who take security seriously. This can help improve your overall security posture and reduce the risk of security incidents.
Overall, requiring an ISA of your vendors can help you make informed decisions about your partners and ensure that you're taking the necessary steps to protect your organization and sensitive data.
If you do not have your own ISA, please feel free to download our ISA template.
I recently read this article from the Cybersecurity and Infrastructure Security Agency regarding the ongoing ESXiArgs ransomware attacks, and it got me thinking about why our industry is such an attractive target for hackers.
From the desire for our teams to work efficiently to the need to share data across entities for optimal patient outcomes. However, the reason healthcare is consistently among the top three favorite industries for bad actors is that we are so reliant on our data. Everything from appointments to collections is dependent upon our systems functioning unadulterated, making our data valuable to us as an organization. When you add on top of that the reputational damage that can occur when news of a hack gets out, it becomes obvious hackers are fishing where the fish are.
However, even with the advances we’ve made in protecting ourselves, ransomware attacks are on the rise year after year. And they are on the rise because they are effective. Here are some simple items that can dramatically improve your security posture.
Train and Test Your People
The glow of a screen bounces off the unshaven face of that weird guy from high school as he sits in a dark basement next to a stack of computers with flashing lights and whirling disks. Skillfully, artfully, methodically find his way into your systems… Makes for great movie entertainment, but this is not how the hack usually works. In reality, a guy in a coffee shop pushes a button and releases a flock of emails informing your staff that the HR department has a new policy for them to sign. All they need to do is sign in and read the document. And if they don’t do it by 5 PM today, their paycheck may be delayed. Shortly thereafter, someone is accessing your EHR and no one knows how it happened.
The most exploitable part of your network is not your computers – it’s your people. In healthcare, we are required by law to train our people. It’s not a burden, it’s an opportunity to find our soft spots and harden our environment.
Patch Your Systems
If you didn’t read the article mentioned at the beginning of this post, I’ll cut to the chase. The rapidly spreading EXSiArgs ransomware exploits a vulnerability patched two years ago. Make sure you have a patch program for all your systems that keeps laptops, phones, servers, printers, routers, firewalls, and anything else on your network up to date at least monthly. A strong patch program will apply updates more frequently based on how likely a hacker will be able to exploit the vulnerability and the damage that can result.
Risk Assessment
If you operate in the healthcare space, you are almost certainly subject to HIPAA either because you are a covered entity such as a medical practice, or because you are a business associate such as a revenue cycle management company. This means you are required by law to complete an annual risk assessment. Depending on the size and maturity of your business, this assessment can be straightforward with either this tool provided by HealthIT.gov or with outside help. No matter how you meet this requirement, remember that the goal is not to get a perfect score. The purpose of a risk assessment is to take a hard, candid look at your risk, identify areas for improvement, develop a plan, then execute that plan.
Bring in Help
Not everyone has the time, resources, desire, or even the need for dedicated IT staff. Fortunately, there are a number of companies ready and willing to fill any number of needs at an affordable rate.
The reality is that if you use computers, people are trying to hack your systems. Every day, all day. A quick look at any set of firewall logs will show thousands of attempts to breach your perimeter. Now the majority are clumsy attacks launched by lowbrow bad actors using any number of tools readily available on the web. These will show up as port scans, buffer overflow attempts, and other intrusion methods from which even the smallest of companies should be readily protected. But more sophisticated efforts are always being developed too. Don’t roll the dice with your technology.
Use the form below or call 1-214-216-0159!
