Clinical laboratories are particularly tasty targets for cybercriminals seeking the abundance of protect health information contained in patient electronic health records
Recent data from cybersecurity company Netwrix of Frisco, Texas, shows that 84% of healthcare organizations—including clinical laboratories and pathology groups—caught at least one cyberattack in the past year and “69% of them faced financial damage as a result.” That’s according to the company’s latest Hybrid Security Trends Report which notes that 24% of healthcare organizations are “fully cloud-based,” as opposed to just 11% of non-healthcare industries.
“Phishing was the most common type of incident experienced on premises, similar to other industries. Account compromise topped the list for cloud attacks: 74% of healthcare organizations that spotted a cyberattack reported user or admin account compromise,” the Netwrix report notes.
Phishing, where cybercriminals send fake emails and texts to unsuspecting employees that trick them into providing private information, continues to be one of the most prevalent cyberthreats experienced by healthcare organizations and often serves as the catalyst for much larger and more dangerous cyberattacks.
This is particularly dangerous in clinical laboratories where as much as 80% of protected health information (PHI) in patients’ electronic health records (EHRs) is laboratory test results and other personal medical data.
“Protected health information (PHI) is one of the most expensive types of data sold on darknet forums, which makes healthcare organizations a top target for cybercriminals, said Ilia Sotnikov (above), security strategist and VP of user experience at Netwrix, in the report. Clinical laboratory patient electronic health records are particularly weighted toward PHI. (Photo copyright: Netwrix.)
Don’t Open That Email!
Typical phishing scams begin with innocent-looking emails from companies that appear to be legitimate and often contain language that implies urgent action is needed on the part of the user. These emails can be very convincing, appear to originate from reputable companies, and usually instruct users to open an attachment contained in the email or click on a link that goes to a known company website. However, the site is a fake.
Once the harmful file attachment is opened, users will be directed to download fake software or ransomware that attempts to capture the user’s personal information. When visiting a malicious website, consumers will often receive pop-ups with instructions for updating information, but the true purpose is to harvest personal data.
Never provide any personal information to an unsolicited request.
If you believe the contact is legitimate, initiate a contact with the organization using verified data, usually via telephone.
Never provide any passwords over the phone or in response to an unsolicited Internet request.
Review any accounts, such as bank statements, often to search for any suspicious activity.
“Healthcare workers regularly communicate with many people they do not know—patients, laboratory assistants, external auditors and more—so properly vetting every message is a huge burden,” said IT security expert Dirk Schrader, VP of security research at Netwrix, in the report. “Plus, they do not realize how critical it is to be cautious, since security awareness training often takes a back seat to the urgent work of taking care of patients. Combined, these factors can lead to a higher rate of security incidents.”
Top 10 Brands Faked in Phishing Scams
Phishing emails often appear to be from legitimate companies to lull the recipient into a false sense of security. In a January 22 report, Check Point Research (CPR) announced its latest Brand Phishing Ranking for the fourth quarter of 2024. The report reveals the brands that were most frequently impersonated in phishing attacks by cybercriminals for the purpose of stealing personal information from consumers.
According to the CPR report, 80% of disclosed brand phishing incidents occurred within just 10 brands (listed below with each brand’s percentage of phishing attacks). They are:
According to the report, fraudulent domains “replicated official websites to mislead shoppers with fake discounts, ultimately stealing login credentials and personal information. These fraudulent sites replicate the brand’s logo and offer unrealistically low prices to lure victims. Their goal is to trick users into sharing sensitive information, such as login credentials and personal details, enabling hackers to steal their data effectively.”
Steps Clinical Labs Can Take to Protect Patients’ PHI
Clinical laboratories and pathology groups can take precautions that minimize the risk of allowing cybercriminals access to their patients’ PHI.
“A core defense strategy is to minimize standing privileges by using a privileged access management (PAM) solution. Another is to implement identity threat detection and response (IDTR) tools to quickly block malicious actors using compromised credentials,” said Ilia Sotnikov, security strategist and VP of user experience at Netwrix, in the report.
The threat of phishing scams is a lingering issue that everyone in healthcare should be aware of and take necessary precautions to recognize and prevent having one’s PHI stolen. Clinical laboratory management should constantly remind lab personnel and contractors to be vigilant regarding fake emails and texts from well-known brands that ask for private information.
Amid cost pressures, healthcare providers also plan to cut staff though some jobs are plentiful; adequate staffing at medical laboratories continues to be a challenge
Thanks to the COVID-19 pandemic and subsequent “Great Resignation,” masses of people have left the workforce and companies large and small in all industries are struggling to retain employees. Clinical laboratories have been particularly hard hit with no relief in sight.
Now comes the results of a PricewaterhouseCoopers (PwC) survey which shows 50% of US companies in various industries—including major healthcare providers—plan to lay off employees. And 83% of organizations intend to move forward with a “streamlined workforce,” according to the latest PwC Pulse: Managing Business Risks in 2022 report.
How this will affect the workload on remaining hospital and medical laboratory staff is clear. And healthcare consumers may not take well to healthcare provides running leaner and with fewer staff than they currently do.
Nevertheless, the PwC survey results “illustrate the contradictory nature of today’s labor market, where skilled workers can still largely name their terms amid talent shortages even as companies look to let people go elsewhere,” Bloomberg wrote on the CPA Practice Advisor website.
“Organizations are still walking a tightrope when it comes to talent as we begin to see the longer-term impacts of the ‘Great Resignation.’ Finding the proper balance between investing in specialized talent, managing headcount costs, and driving productivity and morale will remain a top focus,” said Bhushan Sethi (above), People and Organization Joint Global Leader at PwC and an adjunct professor at NYU Stern School of Business in a PwC news release. Clinical laboratories are finding it particularly challenging to fill staff positions across all areas of lab operations. (Photo copyright: PwC.)
Healthcare Has Biggest Challenges, says PwC
Clinical laboratory leaders and pathologist groups are well aware of the unique financial pressures on healthcare systems and medical labs, as well as shortages of pathologists, medical technologists, clinical laboratory scientists, information technology (IT) professionals, and other healthcare workers.
“Healthcare is seeing bigger talent challenges than other industries and is more focused on rehiring employees who have recently left,” the PwC report acknowledged. This is the second Pulse survey PwC conducted in 2022. The 722 respondents included leaders working in human capital and finance.
Finding Right Talent, Focusing on Growth, Automation
Finding the right employees is so important to companies that PwC ranks “talent acquisition” as the second highest risk (38%) behind cyber-attacks (40%).
“Finding the right talent continues to be a challenge for business leaders,” PwC said. “After a frenzy of hiring and a tight labor market over the past few years, executives see the distinction between having people and having people with the right skills.”
Unlike the high-touch and personal nature of healthcare, industries such as consumer technology, media, and telecommunications can turn to automation to alleviate staffing struggles. And that is what nearly two-thirds, or 63%, of companies in those sectors, aim to do, PwC said.
Other survey talent findings:
50% of companies plan layoffs.
46% are dropping or eliminating sign-on bonuses.
44% are rescinding job offers.
Conversely, the surveyed executives also told PwC they are “cautiously optimistic” and plan on growing and investing even as the economy gives mixed signals:
83% of companies are focused on growth.
70% plan an acquisition.
53% aim to invest in digital transformation, 52% in IT, 49% in cybersecurity and privacy, and 48% in customer experience.
“After more than two years dealing with uncertainty related to the pandemic, business leaders recognize the urgent need to focus on growth in order to compete, and they’re zeroing in on what they can control,” PwC said.
New Remote Work Programs, Reduction in Real Estate Investing, Big Tech
Although companies report having more than enough physical office space, many (42%) have launched remote work programs:
70% have expanded or plan to increase “permanent” remote work options as jobs permit.
22% are reducing real estate investment (financial services and healthcare industries lead the way with 30% and 29%, respectively, saying real estate buys are cooling off).
“While companies continue to invest in many areas of the business, they’re scaling back the most in real estate and capex ex [capital expenditure]. After two years of remote work, many companies simply need less space, and they’re allocating capital accordingly,” the PwC report noted.
In a somewhat parallel release to PwC’s findings, news sources are reporting reductions in real estate and staff at high-profile Big Tech companies.
Meta Platforms, Inc. in Menlo Park, Calif. (formerly Facebook Inc.), is closing one of its New York offices and cutting back on plans to expand two other locations in the city, the Observer reported.
Business Insider reported, “More than 32,000 tech workers have been laid off in the US till July, including at Big Tech companies like Microsoft and Meta (formerly Facebook), and the worst has not been over yet for the tech sector that has seen massive stock sell-off.”
According to Forbes, “San Francisco-based electronic signature company DocuSign will lay off 9% of its more than 7,400 employees (roughly 670 employees), the company announced in a Securities and Exchange filing Wednesday, saying the cuts are ‘necessary to ensure we are capitalizing on our long-term opportunity and setting up the company for future success.’”
And Bloomberg recently reported that Intel is planning to layoff thousands of people “around the same time as its third-quarter earnings report on Oct. 27.”
Healthcare Providers Plan Layoffs, Seek IT Pros
Meanwhile, major healthcare provider networks also are planning staff cuts amid service closures, rising costs, and other issues, according to Becker’s Hospital Review:
Ascension in St. Louis, Mo., plans to close an Indiana hospital and nine medical practices and lay off 133 employees.
“Our health system, like others around the nation, is facing significant financial pressures from historic inflation, rising pharmaceutical and labor costs, COVID-19, expiration of CARES Act funding, and reimbursement not proportional with expenses,” BHSH said in a statement shared with Becker’s.
Amidst these layoffs, however, IT jobs in healthcare seem to be growing. According to Becker’s Health IT, some healthcare providers have posted information technology openings:
Mayo Clinic in Rochester, Minn., has 43 IT job openings.
So, though it appears IT positions continue to expand, clinical laboratory leaders and pathology practice managers may want to prepare now for dealing with customers’ response to leaner healthcare systems overall.
Privacy concerns have one tech giant suggesting alternatives to sharing potentially identifiable location tracking data
Expect an interesting debate on the use of location tracking as a way to manage this and future pandemics. It is a debate that has implications for clinical laboratories. After all, if location tracking identifies individuals who may have been exposed to an infectious disease, will health authorities want those individuals to be immediately tested?
Location tracking has been around for quite some time. Anyone who owns a smartphone knows that digital map and navigation software applications (apps) locate our position and track our movements. That’s how they work. Maps are good. But does collecting and sharing location tracking data violate personal privacy laws that some Silicon Valley tech giants want to use to help public health officials track disease? Maybe.
Google, Facebook, and other tech companies have been talking to the US federal government about ways to use location tracking data from smartphones and online software applications to combat the spread of SARS-CoV-2, the coronavirus that causes the COVID-19 illness, reported the Washington Post.
The tracking data could be used by public health officials
to spot disease outbreaks in populations and predict how it might spread. Analyzing
the data generated by smartphone tracking and reporting apps also could be used
to identify individuals who may have been exposed to the coronavirus, and who should
get clinical laboratory tests to determine if they need medical intervention.
However, Google is apparently resistant to using its collected location data to track and identify individuals. Instead, Google Health’s Head of Communications and Public Affairs, Johnny Luu, said Google was “exploring ways that aggregated anonymized location information could help in the fight against COVID-19. One example could be helping health authorities determine the impact of social distancing, similar to the way we show popular restaurant times and traffic patterns in Google Maps,” said Luu in a statement. He stressed, though, that any such arrangement “would not involve sharing data about any individual’s location, movement, or contacts,” reported the Washington Post.
Can Privacy be Maintained While Tracking Disease?
Google’s sister company, Verily, launched a screening website in March for people who believe they may have COVID-19. The pilot program is only available to some California residents. Users of the service complete a series of online questions to determine their coronavirus risk and whether or not they should seek medical attention.
To use the service, individuals must log into the site using
a Google account and sign a consent authorization form which states data
collected may be shared with public health officials, a move that has received
criticism.
Jacob Snow, JD, a technology and civil liberties attorney with the American Civil Liberties Union (ACLU) of Northern California, expressed concerns about Verily’s program. “COVID-19 testing is a vital public necessity right now—a core imperative for slowing this disease,” he told CNET. “Access to critical testing should not depend on creating an account and sharing information with what is, essentially, an advertising company.
“This is how privacy invasions have the potential to
disproportionately harm the vulnerable,” he continued. “Google should release
this tool without those limits, so testing can proceed as quickly as possible.”
Facebook, on the other hand, has had a Disease Prevention Map program in place for about a year. This program provides location information provided by individuals who choose to participate to health organizations around the globe.
“Disease prevention maps have helped organizations respond to health emergencies for nearly a year and we’ve heard from a number of governments that they’re supportive of this work,” said Laura McGorman, Policy Lead, Data for Good at Facebook, in a statement, reported CNET. “In the coronavirus context, researchers and nonprofits can use the maps, which are built with aggregated and anonymized data that people opt in to share, to understand and help combat the spread of the virus.”
Researchers at Carnegie Mellon University worked with Facebook to create the COVID-19 Symptom Map (above), which is based on aggregated data drawn from self-reported symptoms Facebook. The map, which updates regularly, is viewable by day, counties, hospital referral regions, and COVID-19 symptoms. “This is work that social networks are well-situated to do. By distributing surveys to large numbers of people whose identities we know, we can quickly generate enough signal to correct for biases and ensure sampling is done properly,” wrote Mark Zuckerberg, Facebook founder and CEO, in a Washington Post op-ed about the Carnegie Mellon’s results, reported MobiHealthNews. (Graphic copyright: Facebook/Business Insider.)
Privacy Organizations Voice Concerns
Privacy and civil liberties issues regarding the collection
and use of smartphone data to curtail the pandemic are of concern to some organizations.
There may be legal and ethical implications present when using personal data in
this manner.
Al Gidari, JD, Director of Privacy, Center for Internet and Society at Stanford University Law School, says the balance between privacy and pandemic policy is a delicate one, reported the Washington Post. “The problem here is that this is not a law school exam. Technology can save lives, but if the implementation unreasonably threatens privacy, more lives may be at risk,” he said.
In response to public privacy concerns following the Washington
Post’s report, representatives for Google and Facebook said the companies
have not shared any aggregated and anonymized data with the government
regarding contact
tracing and COVID-19, reported the Washington Post.
Google reiterated that any related projects are still in their early stages and that they are not sure what their participation level might look like. And, CEO Mark Zuckerberg stated that Facebook “isn’t prepared to turn over people’s location data en masse to any governments for tracking the coronavirus outbreak,” reported CNET.
“I don’t think it would make sense to share people’s data in a way where they didn’t have the opportunity to opt in to do that,” Zuckerberg said.
The potential use of location tracking data, when combined
with other information, is one example of how technology can leverage non-medical
information and match it with clinical data to watch population trends.
As of April 23, there were 2,637,911 confirmed cases of COVID-19 and 184,235 deaths from the coronavirus worldwide, according to www.worldometers.info/coronavirus. And, cases of coronavirus disease have been reported in 213 countries according to the World Health Organization (WHO).
As testing increases, more cases will be reported and it is
unknown how long the virus will continue to spread, so advocates of location
tracking and similar technologies that can be brought to bear to save lives during
a disease outbreak may be worth some loss of privacy.
Pathologists and medical laboratory professionals may want
to monitor the public debate over the appropriate use of location tracking.
After all, at some future point, clinical laboratory test results of
individuals might be added to location tracking programs to help public health
authorities better monitor where disease outbreaks are occurring and how they are
spreading.
Online reputation management is increasingly becoming a critical function that all providers, including clinical laboratories, must address or risk losing revenue
Recent surveys cite growing evidence that Facebook (NASDAQ:FB) and online review sites such as Yelp (NYSE:YELP) are swiftly becoming healthcare consumers’ preferred sources for researching doctors, hospitals, medical laboratories, and other medical service providers.
Healthcare consumers are using the Internet to review information
on healthcare providers prior to visits. More important, data show a majority
of Americans share their healthcare experiences publicly online following
visits with providers.
This should serve as a wakeup call for clinical laboratories and anatomic pathology groups that have not developed effective social media strategies, as they are clearly among the health services being evaluated.
More than half of Americans (51%) reported sharing their healthcare experiences online, an increase of 65% over just one year ago;
Among Millennials (people born between 1981 and 1996) that number jumps to 70%, a 94% increase over last year;
70% of Americans overall say online ratings and reviews influenced their choices of physicians and facilities;
More than 40% of respondents admitted they researched doctors online even after being referred to them by another healthcare professional.
“The survey results underscore the significance of online ratings and reviews as online reputation management for physicians becomes ever-more important in today’s healthcare environment,” said Aaron Clifford, Senior Vice President of Marketing at Binary Fountain, in a statement. “As patients are becoming more vocal about their healthcare experiences, healthcare organizations need to play a more active role in compiling, reviewing, and responding to patient feedback if they want to compete in today’s marketplace.”
Healthcare Dive also noted that Millennials are likely to consider online reviews and ratings of healthcare professionals to be trustworthy.
97% of 24- to 34-year-olds report believing
online comments are reliable;
While 100% of the 18- to 24-year-olds surveyed felt
similarly.
Pathologists and clinical laboratory administrators should
consider the two findings above as evidence that a major change has already
happened in how the younger generations look for—and select—their hospitals,
their physicians, and their clinical laboratory providers. Thus, every
pathology group and clinical laboratory should have a business strategy for
managing the Internet presence of their labs. Failure to do so means that
competing labs that do a good job of managing their Internet presence will be
more successful at winning the lab testing business of Gen Xers (born
1965-1980), Millennials (Gen Y, born 1981-1996), and Gen Z (born 1997-2009).
In addition, the survey discovered that the most important
qualities consumers look for in a doctor are:
Friendly and caring attitudes;
Physicians’ ability to answer questions; and
Thoroughness of examinations.
Those polled reported the most frustrating issues when
dealing with healthcare professionals were:
Office wait times;
Cost and payment concerns;
Wait times for exam and medical laboratory
results; and
Scheduling appointments.
It’s All in a Word
Earlier this year, Healthcare Dive also reported on research that examined online reviews and their content conducted by Penn Medicine. Researchers at the University of Pennsylvania used digital tools and data analytics to help healthcare providers better understand and improve the patient experience.
The researchers analyzed 51,376 online reviews about 1,566
hospitals posted on Yelp over a 12-year period. They published their findings in
the Journal
of General Internal Medicine (JGIM).
They concluded the word most often found in positive Yelp
reviews was “friendly.” Their example of how positive review writers used this word:
“The doctors, nurses, and X-ray technician who helped me out were all so cool
and friendly. It really restored my faith in humanity after I got hit on my
bike.”
Other words the researchers commonly found in good online
reviews include “great, staff, and very.”
“Told” was the word most often found in negative reviews. The
researchers’ example: “I constantly told them that none of that was true and
the nurse there wouldn’t believe me.” It appears from the JGIM study
that Millennials often felt healthcare professionals did not listen to them.
The researchers identified “worst, hours, rude, said, no and
not” as other words often found in negative reviews.
“As providers, we need to take a moment to think about how we talk in hospitals, but also what patients are hearing,” said lead author of the Penn Medicine study Anish Agarwal, MD, Assistant Professor of Emergency Medicine at the University of Pennsylvania. “I may say something, but the way it’s heard and interpreted and then processed within patients when they’re going through a vulnerable time can be different.” (Photo copyright: University of Pennsylvania.)
Half of Millennials Prefer Internet Research and Online
Virtual Healthcare
Another survey conducted by Harmony Healthcare IT, a health data management firm based in South Bend, Ind., found that more millennials are researching the Internet for medical advice in lieu of actual doctor visits.
PC Magazine reported Harmony Healthcare IT’s survey found:
73% of Millennials reported following medical
advice found online instead of going to a doctor; and
93% reported researching medical conditions
online in addition to a doctor visit.
The survey also found that 48% of millennials trust online
resources for medical information and that 48% prefer virtual doctor office
visits over in-person visits.
In addition, 24% of this age group have gone five or more years without a physical and 57% prefer high-deductible health plans (HDHPs).
“With an emphasis on convenience, low cost, and technology, it will be interesting to see how this generation helps shape the future of health and how both patients and providers will adapt to those changes along the way,” Harmony Healthcare IT wrote in a blog post.
The results of these surveys illustrate why clinical laboratories
and anatomic pathology groups must have a social media strategy for managing
their reputations and presence on the Internet, especially where Millennials
are concerned.
That strategy should include easy and informative ways for
patients to learn about medical laboratory services, pricing of lab tests,
quality of work, and methods consumers can use to leave online feedback and
receive responses to their comments.
The DxMA Summit’s agenda will complement EWC’s and will explore disruptive technologies likely to be of great interest to medical laboratory leaders and pathology groups
That’s according to Debra Harrsch, President-elect of the Diagnostics Marketing Association (DxMA), a self-funded organization devoted to helping diagnostic marketing professionals stay abreast of industry trends and effectively navigate the changing legal, regulatory, and technology landscape.
