As technology advances, crime keeps pace. Modern lawbreakers can now hold lives hostage from afar. It’s all because of type of malicious software called ransomware. These programs are designed to lock down computers and data until a monetary demand is paid. When these viruses first cropped up, they generally targeted users indiscriminately by casting a wide net of spam emails and infected links, waiting for an unsuspecting web surfer to bite. Your computer would freeze, or your data would disappear under encryption, and you’d be treated to a pop-up asking you to pay up. But cyber criminals have gotten more sophisticated with their methodology just as the technology itself has evolved. These hackers now increasingly target health care organizations for their vast wealth of confidential medical records, which can be sold on the dark web for up to $1,000 each. At the same time, the attackers can deny access to the health care organization’s systems, including their electronic health records and medical administration solutions. This can have huge consequences for caregiving. Since most health organizations now rely on tablet-based charts, staff are left without medical histories and care plans to ensure proper treatment, putting their patients’ lives at risk. Long-term care under attack Hospitals aren’t the only care facilities affected by ransomware. Criminals have begun targeting businesses who handle the IT service needs for smaller organizations in health care – including senior living providers. This way, hackers can infiltrate hundreds of client businesses from a single breach. It’s what recently happened to Virtual Care Provider Inc, based out of Milwaukee, Wisconsin. On November 17, a criminal group encrypted the data of their entire customer base: 110 skilled nursing and acute care providers in 45 states. Resident records were locked, internet access blocked and medication...
Securing Senior Data
With Blockchain Technology
Senior medical records hold a vast quantity of sensitive data. As care providers strive to work together on patients’ behalf, that data is circulated and altered. There is minimal accountability when changes are made. The result is a chaotic web of transactions with incomplete and often inaccurate information. Additionally, the ever-changing tide of medical programs and coverage criteria impedes efficiency. Blockchain has the potential to improve the handling, accuracy, and accountability of senior records. Hope for the Future, Today Blockchain may improve the accuracy and efficiency of senior data transactions. It can masterfully create configurable records of transactions and other sensitive data, bundled together under a single patient profile and secured with cryptography. When applied to provider directories, the technology can also be used to streamline the verification of benefits, eligibility, and legal authorizations. Currently, senior care providers have difficulty verifying benefits and confirming medical eligibility. The information needed is stored in directories that are regularly amended, lack cohesion and are sometimes riddles with redundancies. In its flawed state, maintaining the current provider directories costs about $2.1 billion each year. When all the necessary data is updated and stored in a single location, caregivers are empowered to make better decisions, faster. Blockchain could revolutionize healthcare by creating an efficient system that is also secure, conforming to antitrust and privacy laws. That efficiency could lead to a lower cost of care. Obstacles to Overcome Blockchain technology is already in use at financial institutions and major corporations worldwide. In its current applications, blockchain successfully improves data-sharing between providers and payers. But before the technology is widely accepted, its advocates must overcome obstacles to blockchain adaption. Trust is a major hurdle. For many, blockchain still feels too new to be trusted. PricewaterhouseCoopers (PwC) surveyed 600 tech executives...
Data at Risk
Breaches Tick Up in 2017
A report published by the Identity Theft Resource Center and CyberScout found there were 1,579 data breaches tracked in 2017. That figure represents a 45% rise over 2016, and an all-time high number of such events. More than half of the breaches (870) listed by the report were associated with the business sector. Other categories reported by ITRC and CyberScout include 374 breaches in the healthcare sector and 134 breaches in the banking/credit/financial sector. “Each year we see an upward trend in number of data breaches cited in these reports. These troubling statistics are a good reminder for property managers to take proactive steps to avoid the potential catastrophe of a data breach,” said Jay Shobe, Yardi vice president of cloud services. According to the report, the most common breaches occurring in 2017 involved hacking of user accounts to gain access to protected data. Hacking typically involves phishing scams, where scammers fool users into entering a username and password into a forged online form, and ransomware which can infect a computer when a user clicks on a nefarious email attachment. In the case of ransomware, access to data can be locked until a payment is made. On a positive note, the study found that the rise in breaches isn’t purely due to increased illicit activities. An increased willingness of organizations to make breaches public knowledge, as opposed to keeping them quiet and privately handled, also boosted the number of 2017. “Companies can avoid a lot of negative attention by responding to data breaches with transparency, as opposed to covering up attempts to steal their clients’ data. When individuals know their data is compromised they can take proactive steps to mitigate immediate and long-term impacts of a breach,” said Shobe. The Security of the Yardi...
Digital Identity
Blockchain + The Homeless
In December, we named blockchain technology as one of the major trends for 2018. We were on to something. Even though blockchain technology is most often associated with cryptocurrencies, it has exceeded those applications. What is Blockchain? Blockchain is a digital ledger that records transactions in a series of blocks. It exists in multiple copies spread across multiple computers (nodes), impossible to tamper with thanks to the fact that each block of transactions (data) is linked back to previous blocks. Once you learn more about blockchain, it becomes clear that there are a vast number of uses available for the technology. Cryptocurrencies were only the beginning. Blockchain in the Real World The City of Austin is among the governments and private entities seeking ways to use blockchain technology to solve some of society’s biggest challenges. Currently, there are about 2,000 people struggling with housing insecurity in Austin. Several thousand more live in poverty. For people facing housing insecurity, identification documents are a serious challenge. Without safe storage, documents are easily stolen or lost. Securing housing, employment, and services becomes more difficult. The lack of documentation results in high costs, re-traumatization and diminished motivation. In July 2017, Austin received a $1.25 million three-year grant for research and development to improve existing homelessness services. With the funds, officials launched a pilot program that uses blockchain to help homeless persons protect their identities in the event that their IDs are lost or destroyed. Dubbed MyPass Initiative, the program is a partnership between the city of Austin, Austin-Travis County EMS and Dell Medical School at the University of Texas. The blockchain initiative will enable users to store information such as identification cards, social security numbers and medical history all in one virtual space. No matter where users show...
Argentum
Senior Living Industry Meets
Don’t miss the Argentum Senior Living Executive Conference and Expo on May 14-16, 2018. This year’s event will take place in sunny San Diego. The Conference Join more than 2,700 of your fellow C-level executives for three days packed with informative sessions and networking opportunities. Sessions covered include memory care, technology, hiring and management, safety, market trends and much more. Yardi’s Michael Remorenko will discuss the white paper, Senior Living Data Security. Attendees will learn how to safeguard sensitive data from online attacks and third-party hacks. Since 2015, data breaches have increased by 17.7 percent. Personally identifiable information (PII) such as social security and credit card numbers are valuable to criminals. Private information can be used to forge prescriptions, open new lines of credit and other offenses. Remorenko will present on the industry’s best practices—as well as groundbreaking advancements—that keep seniors’ data safe. For more information, visit Remorenko’s session on Wednesday, May 16, 2018 at 7:45am to 8:15am. The Expo You can explore Yardi’s latest offerings for senior living at our expo booth. The Expo showcases the latest solutions by leaders in senior living products and services. Yardi will have a 20 x 30 booth where guest are encouraged to test-drive Yardi’s senior living suite. Get answers to your questions about product offerings and how they can enhance your organization. Between the conference and the expo, there is a lot to do! Keep your schedule organized with the My Show Planner. This planning tool allows users to research exhibitors, schedule appointments, and add sessions to your itinerary. After the Show San Diego, the nation’s eighth largest city, has tons to offer visitors. The San Diego Convention Center, places guests in the center of the action. A short walk places conference attendees on the doorstep...
Trojan Apps
Tech Security
Google has eliminated 300 apps from its online store after discovering a secret plugin silently installed across several Android devices. The seemingly innocuous apps were all secretly outfitted with the WiredX botnet. WiredX commandeers vulnerable Android phones and tablets, using the gadgets to kick off a DD0S attack. While Google does not yet have an official account of just how many devices currently host the WiredX botnet, Chad Seaman, a senior engineer at Akamai, a cyber security firm, estimates the number could reach 70,000 or more. “I know in the cases where we pulled data out of our platform for the people being targeted we saw 130,000 to 160,000 (unique Internet addresses) involved in the attack,” said Seaman. Silent, but Deadly The initial WiredX outbreak occurred on August 17th, when several Content Delivery Networks (CDNS) reported similar DDoS attacks. A search for the source eventually landed at the doorstep of Google’s Play Store, prompting the tech firm to pull hundreds of affected applications from its store and initiate procedures to remove the malware from infected devices. “We identified approximately 300 apps associated with the issue, blocked them from the Play Store, and we’re in the process of removing them from all affected devices,” a Google spokesperson said. “The researchers’ findings, combined with our own analysis, have enabled us to better protect Android users, everywhere.” The apps chosen to host the plugin provided genuine services, like ringtones and video players, but included hidden malware designed to commandeer the device for potential DDoS attacks. Once powered on, any infected phone or tablet mainly served as a soldier in a broader DDoS army – all unbeknownst to the user. While the apps themselves operated as promised, the malware surreptitiously connected to an internet server run by the WiredX...
Senior Living Security...
Data Security
Hackers never sleep. According to the Identity Theft Resource Center (ITRC), data breaches increased by 40 percent last year, and the healthcare and business industries were amongst those hardest hit. Much of this increase can be attributed to the fact that Personally Identifiable Information (PII) including patient data and healthcare records present an alluring target to hackers. As Jay Shobe, Vice President, Technology at Yardi, explains: “Any centralized database is at risk of a breach. Because the cyber security continually evolves, it’s important to maintain constant network security that’s able to evolve as the threat evolves.” Yardi Takes Security Seriously. For healthcare providers and senior living communities, advances in software and data collection are helping keep costs, increasing operational efficiency and improving resident care. Unfortunately, advances in cloud-based productivity and convenience open the door to vulnerability. In Yardi’s latest whitepaper, Senior Living Data Security, senior living providers will get the latest information on the most common database and network vulnerabilities and discover how to protect their organization’s sensitive data with the industry’s most trusted cloud provider. Senior Living Data Security provides insight on the evolution and forecasts how data breaches will dominate the healthcare industry for years to come. Along with recommendations on how to develop robust security data protocols to safeguard sensitive information the whitepaper also provides suggestions on how to address network vulnerabilities and establish effective security protocols. Download Senior Living Data Security today, and see how multiple layers of security can help you stay proactive and hacker...
Ransomware Rundown
Healthcare Security
Though some experts predicted the final payoff would hit one billion dollars, Friday’s ransomware attack – believed to be one of the largest ever perpetrated – ended with a fizzle over the weekend with the hackers barely pulling in $26,000 before being temporarily stopped in their tracks by an anonymous cyber security expert. Summarizing the situation Monday morning, Jan Op Gen Oorth, senior spokesman for Europol, told the AFP, “The number of victims appears not to have gone up and so far the situation seems stable in Europe, which is a success.” “It seems that a lot of internet security guys over the weekend did their homework and ran the security software updates.” A Simple Fix According to Gizmodo the damage was mitigated, in part, due to the quick action of an “anonymous 26-year-old security researcher” named MalwareTech, who managed to temporarily slow the spread of the ransomware attack late Friday. After discovering the domain name associated with the ransomware, iuqerfsodp9ifjaposdfjhgosurijfaewrwergwe- a.com was available for purchase for just $10.69, MalwareTech bought the domain and halted the attack. “Initially someone had reported the wrong way round that we had caused the infection by registering the domain, so I had a mini freak out until I realized it was actually the other way around and we had stopped it,” MalwareTech told The Guardian. According to Matthieu Suiche, founder of cybersecurity firm Comae Technologies, MaltechWare’s registration of the domain stopped the malware from spreading throughout the US. “The kill switch is why the U.S. hasn’t been touched so far,” he told the New York Times on Saturday. “But it’s only temporary. All the attackers would have to do is create a variant of the hack with a different domain name. I would expect them to do that.” A Global Attack The flurry of ransomware attacks shut down several...
Travel Tech
Mobile Security On The Go
For many international business travelers, crossing a border means more than just a stamp in their passport. It also means making sure cell phones and laptops stay secure. Whether it’s an intrusion from foreign hackers or the evermore-invasive surveillance of customs officials, protecting sensitive data – both personal and business – has never been more complicated. As a result, more and more jet-setting corporate employees are making sure to secure their devices before their trip and while on the move. “Although mobile devices can facilitate connecting back to headquarters and maintaining workflow, the risk for exploitation of these devices and the information accessed can greatly increase on overseas travel,” warns the US Department of State Overseas Security Advisory Council (OSAC). Before Departure The OSAC’s best practices guide for traveling with mobile devices suggests several steps business travelers should take before stepping out the front door. As a matter of course, all nonessential devices should simply be left at home. Data can also be kept local through a backup on an external hard drive or a secure cloud-based service. For travelling devices, it’s important to make sure all software and apps are up-to-date. That means upgrading passwords with stronger variables and initiating file encryption with tools provided by BitLocker, TrueCrypt or Apple Firevault. Bluetooth and GPS should also be disabled and available firewalls enacted. During Travel Once you’re on the road, there are plenty of ways for your device to be compromised. In addition to maintaining physical control whenever possible, the best way to protect your device in transit is to power down before entering customs. As an added step, Wired recommends disabling any biometric access – like Apple’s TouchID – and sticking to PIN accessibility. It’s good practice to disable automatic Wi-Fi connections and use a...
Stranger Danger
Cyber Security 2017
In many ways, 2016 will be known as the year of the hack. Between Russian Hackers, DDoS attacks bringing down the eastern seaboard, or the little matter of over a billion compromised Yahoo! Accounts, last year marked the moment “cyber” security went mainstream. While there’s no doubt more of the same is on the way, Wired has put on its prognostication cap to ponder what new security threats will emerge over the next 12 months. After all, as they say, forewarned is forearmed. “It’s hard to know for certain what lies ahead, but some themes began to present themselves toward the end of 2016 that will almost certainly continue well into next year,” begins Wired. “…the more we can anticipate them, the better we can prepare.” Dawn of the Drones Military drones have been fighting proxy battles across the globe for quite some time now, but private, commercial drones could soon turn deadly. Though they’re smaller than their battle-worn counterparts, commercial drones have existed in an unregulated, wild west-type no-man’s-land. Though the FCC currently requires drone owners to register their devices, internationally, there’s little oversight. Wired reports small drones have already been used for terrorist activities and guerrilla warfare, including an attack on US-allied Kurdish soldiers in October of last year. “What better way to deliver deadly ordnance across enemy lines or into secure zones of cities than with remote-controlled accuracy and off-the-shelf hardware that offers no easy way to trace the perpetrator,” Wired asks. “The US government is already buying drone-jamming hardware. But as with all IEDs, the arms race between flying consumer grade bombs and the defenses against them will likely be a violent game of cat-and-mouse. iPhone goes to Court Wired predicts the conflict between federal authorities and mobile-phone providers, which hit...
Cybersecurity
Shortage + Growth
Your organization manages sensitive information every day. You rely on cybersecurity specialists to protect your data from misuse. The demand for security specialists is skyrocketing, yet a shortage in candidates leaves the industry—and your organization—vulnerable. Symantec reports that the global demand for the cybersecurity workforce is expected to rise to 6 million by 2019, with a projected shortfall of 1.5 million. The profession is slated to grow by 36.5 percent through 2022. While that is a notable improvement, it is still woefully short. Reports by the Bureau of Labor Statistics suggest that the demand for information security specialists is expected to grow by 53 percent as soon as 2018. Currently, 209, 000 cybersecurity jobs in the U.S. remain unfulfilled. The result is a lack of 24×7 monitoring by nearly 75 percent of security enterprises. There simply aren’t enough specialists to supervise your data around the clock. The shortage of talent causes many security teams to fall short of their goals. A report by 451 Research compiled responses from more than 1,000 IT professionals. The outcomes revealed that 34.5 percent of security managers couldn’t implement desired security projects due to a lack of staff expertise. More than 26 percent fall short of objectives due to inadequate staffing. To fill the void, many organizations opt to cross-train existing IT staff. Chris Cochran, Threat Intelligence Leader at IronNet Cybersecurity expounds: “The great thing about cross-training is that IT technicians already have a background in a cyber craft. This shortens the time it would take to make someone operational in a given task or field. The downside is that, more often than not, you find cyber experts stretched for time and expertise. They are being spread too thin across the landscape. We need resident experts. We need people...
Smartphone Safety
Securing your device
For most of us, the smartphone has become the latest version of “don’t leave home without it” – remember that old American Express slogan from back in 1985? Most of us can’t make it more than a few minutes without access to our personal communication devices, which double as mini-computers and someday very soon will probably supplant our credit cards as a financial transaction point of contact. Most of us have adapted to the positive implications of the mobile technology we are carrying in our pockets. But we are less aware of the capable sensor suite, and associated risk, that is probably within your visible – or at least audible – range at this very second. Scientists and researchers have examined phones from all the angles, trying to help us prepare for any threats to the security of our personal information and data contained therein. One facet of the study on mobile phones involves the accelerometer’s power to detect vibrations. According to a research conducted by the computer scientists at Georgia Tech, placing a phone on a desk can detect the vibrations from keys pressed on a nearby keyboard and even pick out words with an accuracy of up to 80 percent. Although this type of attack might be more difficult than other methods of keylogging it can be a highly effective espionage story. “The best-case scenario, if you are an attacker, is if you are going after a very specific person”, says assistant professor at Georgia Tech, Patrick Traynor. “I think it is realistic in that case.” Accelerometers track movement in three dimensions: side-to-side, forward-and-backward and up-and-down. Analyzing the data they collect can give a good idea of the number code or pattern used to protect a smartphone. Adam J. Aviv, Katherine Gibson,...
Taking data to go
Secure USB drives
Network security gets the lion’s share of the press, but an often overlooked part of data security architecture revolves around the use of USB drives. As the capacity of these devices continues to soar, more and more data is going mobile. But that convenience is a double-edged sword that also carries with it the danger of loss or theft, and the resulting potential for a disaster. Kingston, a brand already well-known for its multitude of award-winning flash storage solutions, recently introduced its latest ultra-secure USB drive, the Data Traveler 6000 (DT6000). This device offers an incredible array of safeguards: FIPS 140-2 Level 3 validated No passwords stored on device or host Utilizes elliptic curve cryptography (ECC) Drive locks down, encryption key self-destructs after 10 intrusion attempts Secure channel communication Enforced complex password Tamper-proof physical security barrier If you don’t know what some of that means, take my word for it – this device provides amazingly robust protection for data. The DT6000 is also built to survive rough handling – the casing is titanium-coated stainless steel and the drive is waterproof up to a depth of four feet. But is there a need for such rigorous flash drive security standards in the business world at large? Kingston gears its sales pitch toward government organizations and financial institutions that routinely move sensitive data and customer files. As sales director Nidhi Sethi noted at a recent DT6000 launch event: “Establishing security policies and deploying USB products that prevent data loss is as important and immediate as an organization’s network security. Using non-secure USB drives makes organizations vulnerable to data loss and breaches that can affect the company’s credibility with its employees, customers, and partners. The DT6000 is the most secure USB flash drive available and will meet...