MEDHOST Blue Logo

Let’s talk about your EHR needs: 1.800.383.6278  

Whether it’s helping people to live healthier lives by giving doctors the tools to treat illnesses or simplifying how we connect with providers, there’s no aspect of the healthcare industry that hasn’t been transformed by technological innovation.

But while these advancements may provide greater and greater functionality, they’re also happening at a more and more rapid pace. There's a term for this in the tech world. It's called "exponential advancement," and it's becoming a massive issue for many hospitals.

The reason for this is simple: as these resources multiply, so does the burden of managing and maintaining complex IT systems and infrastructure. Keeping up can be complicated and time-consuming, especially for healthcare providers with fewer resources than larger IDNs.

This is where Managed IT Services come in.

Managed IT Services

In the simplest terms, managed IT services refer to outsourcing the responsibility of managing a company's IT systems and infrastructure to a third-party provider. In the healthcare industry, Managed IT Services can help hospitals, clinics, and other healthcare providers by taking on specific responsibilities to free up traditional IT teams, allowing them to focus on ensuring on-site clinician systems are up and running.

Partnering with a Managed IT Services vendor can provide several benefits to healthcare providers, including:

Increased Efficiency

Managed IT Services vendors have teams of experts who can proactively monitor and manage IT systems, identify potential issues, and resolve them before they impact operations. This means that healthcare IT teams can focus on helping clinicians deliver quality patient care rather than worrying about resolving large-scale issues beyond their skillset.

Reduced Costs

Managed IT Services can be more cost-effective than managing IT systems in-house. By partnering with a vendor, providers can benefit from the latest technology and expertise without the need for a large IT department or the high cost of ownership. This can be especially helpful for rural and community providers struggling with staffing shortages.

Improved Security

Healthcare providers have a unique responsibility to protect patient data and comply with data protection regulations. Unfortunately, there is a shortage of qualified security experts in the field.

Managed IT Services vendors can provide robust security measures and tenured expertise to protect vital health systems against cyber threats and data breaches, ensuring minimal downtime and maximum patient data safeguards.

Scalability

As healthcare providers grow and expand, their IT needs are going to change. Managed IT Services vendors can provide scalable solutions that can adapt to changing needs, ensuring that healthcare providers always have access to the technology and support they need, no matter the size of their footprint.

MEDTEAM Managed IT Services

MEDTEAM Managed IT Services is a comprehensive solution designed to meet the technology management demands of healthcare organizations at any scale. Our team of experienced IT professionals offers 24/7 customer support, complete infrastructure management, network operations, contract negotiations, and oversight for specialized devices.

Still not convinced? Check out our most recent case study on how managed IT services helped a healthcare provider reduce IT costs and improve efficiency.

If you’re ready to learn more about how our Managed IT Services can provide less downtime and more peace of mind for your healthcare facility, contact us at inquiries@medhost.com or dial 1.800.383.6278.

While the hybrid model has given us the freedom to choose whether we complete our work at home or off-site, anywhere access to enterprise systems has also made it harder than ever to protect sensitive data.

Recently, data architecture has emerged as a popular vector for attack. Malicious actors can take advantage of internet-facing servers that require a username and password by creating a clone of the server login page and tricking users into entering their credentials.

In this blog, we’ll outline how multi-factor authentication (MFA) can protect these systems as well as best practices that healthcare organizations can adopt to prevent criminals from using digital resources to compromise security.

What is Multi-Factor Authentication (MFA)?

MFA is an electronic verification method that uses two or more pieces of evidence (factors) to authenticate a user. These factors can include something only the user might know, a device only the user owns, or some other quality inherent to the authorized party. These measures work together to ensure that a single piece of information, such as a password, can’t be used to access protected data.

How Multi-Factor Authentication Protects Internet-Facing Servers

Threat actors can infiltrate servers through a sophisticated process that involves cloning a login page, using phishing emails to lure employees into visiting the cloned page, then stealing their credentials. If the target’s website is a single-factor access point, the hacker now has everything they need to gain control.

First, the attacker will compromise an unrelated website. The intent is to use this website as a staging ground. The attacker will allow the original website to operate as normal, and this server will be used later to capture credentials from the real target. We will now refer to this as the threat actor’s compromised website.

Next, the threat actor will identify its real target—in this instance, a hospital or health system. This target will have an Internet-facing server with username and password authentication. The threat actor will then clone the authentication page to the compromised website as an additional URL.

Finally, the threat actor will create a phishing campaign to target the real victim. All the attacker needs is one user to enter their login information on the fake web page.

Beefing up Your Cyber Protection

Companies must strongly consider what websites they allow to be externally facing. These public pages can be found by a search engine, which presents criminals with the opportunity to create clones that might fool unwitting users into giving up their login credentials.

For instance, we sometimes find a client has made their clinical software available on the internet. Usually, a physician has requested this for ease of use outside the facility.

Keep in mind: If content appears to have value, it will be targeted. For this reason, we strongly discourage attaching clinical software directly to the internet. Given the sensitivity of the data and the consequences of a breach in both regulatory fines and patient trust, we advise clients house this software behind a remote gateway. In creating this security apparatus, MFA is a must.

Furthermore, clients should have an asset inventory of what services and protocols are internet-facing. Website content should be analyzed for how much information is being exposed to an attacker. For example, the word “clinical” in the URL will get unwanted attention. A process should be established to approve all new websites prior to being enabled.

MEDHOST Information Security Services

MEDHOST Information Security Services can provide the expertise to help identify these and other threats to your organization. We can provide a comprehensive security review that includes identifying vulnerabilities, prioritization, remediation strategies, and preemptive measures to help manage risk and improve security and safety.

To learn more about how MEDHOST can help protect its customers from cyber threats and reduce their impact on operations, please reach out to us at inquiries@medhost.com or call 1.800.383.6278.

 

On March 21st, President Biden issued an urgent warning to the public sector on the need to immediately strengthen their cybersecurity. Since Russia certainly has the expertise to target a nation like the United States, and with hospitals historically susceptible to cyber-attacks, what can we do to protect our organizations?  

 Today, I’m going to talk about passwords. 

 MFA is Not a Standalone Solution 

Every article I have read states multi-factor authentication (MFA) is a must. And I agree, MFA is necessary. However, I disagree MFA is the first place to build a healthy information security program.  

For a user (or perpetrator) to get an MFA prompt, they must enter a password; however, the information security world seems to have waived the white flag on increasing password strength. There are two key reasons this is problematic—password complexity and rotation:   

  1. Companies still adhere to an eight-character password policy that only asks for a combination of upper case, lower case, numbers, and symbols. 
  2. Companies only rotate passwords every 90-days. This slow and stretched-out rotation can create massive headaches for employees with multiple linked devices and does little to prevent attackers who only need hours or days at the most to crack a password. 

Both these commonly held password complexity and rotation policies are outdated, established decades ago, and nowhere near sufficient for battling the complexities of 21st-century cyber threats 

In addition, MFA can only easily deploy to so many places, and while it may stop an attacker from quickly gaining access via a VPN connection or Citrix, it does not prevent a phishing attack.  

MFA also requires human interaction, which creates a small productivity hit.  

I would never say MFA isn’t a necessity; it certainly is. MFA reduces risk. But without the backing of a policy that champions password complexity under high rotation, MFA cannot eliminate the potential of a break-in. 

Password Are a First-Line Defense 

To achieve speed at cracking passwords, bad guys use pre-computed password hashes (scrambled representations of passwords) stored in databases. This is called a rainbow table. How do we knock the legs out from under that table?  

Create Password Complexity 

If we can reduce the need for an employee to generate or utilize a password on their own, we can significantly increase productivity while having a broadly deployed control system.  

Let’s say a worst-case scenario happened, and we lost all password hashes in a domain. Let’s also say we required 20-character randomly generated passwords for all employee and service accounts. The likelihood of a password being pre-computed is difficult at best. A larger number of characters with randomization takes away the easiest path for an attacker.  

Now consider an eight-character password. It is almost a guarantee pre-computed hashes for most users will exist. 

 Shorten Password Rotation Periods 

Changing a password every 90 days is just poor guidance. For server or administrator passwords, I believe they must be rotated weekly at a minimum, and for some accounts, after every use.  

I would rather have a long, complex password with no rotation than a short, guessable password rotated quarterly for less secure accounts. I have never worked with a paid penetration tester who required a full business quarter to infiltrate a network successfully. You can be assured that a well-trained adversary won’t need that much time either.  

Best Practices for Optimal Password Protection 

To produce the long and complex passwords necessary to stump the automated cracking programs used by cybercriminals, hospitals, and other potentially vulnerable organizations must invest in password vaults. Allowing users to select and input their active directory password (AD) via a vault means they don’t have to know their password.  

In addition, tools such as Windows Hello allow users to log on to a Windows workstation without knowing their password. Imagine no longer typing a password into the computer multiple times per day. Add a layer of multi-factor authentication to that process, and you are creating a situation where attackers have to work much harder to compromise an infrastructure.  

By forcing the attacker to work harder, information security resources have an improved chance of finding an irregularity earlier in a compromise, decreasing damages and costs to remediate. 

Password complexity with regular updates is a core tenant of cybersecurity at MEDHOST. Adherence to strict cyber security measures is something we employ in all the EHR environments we manage and a best practice we recommend to all our hospital partners. 

To learn more about how MEDHOST can help secure your critical healthcare data, please reach out to us at inquiries@medhost.com or call 1.800.383.6278. 

A couple of weeks ago, I was fortunate enough to join a few MEDHOST team members and healthcare IT colleagues from around the country at HIMSS22 in Orlando, Florida. With everything happening in the backdrop of healthcare in America over the past few years, this gathering could not have been more crucial. It was amazing to be surrounded by so many people working towards a shared goal of reimagining health and the role technology plays in optimizing the healthcare experience.

Healthcare delivery across the globe has been extremely disrupted due to the pandemic. HIMSS22’s theme focused not on the challenges presented through the pandemic but on the opportunities to "reimagine healthcare" through the lessons those challenges taught the industry.

Attendance was not as big as in previous HIMSS events. Still, it was exciting and relieving to get back to in-person events. The virtual meeting space has been an incredible asset to organizations across the country, enabling us to safely keep in touch and conduct business with our partners and customers. However, I believe many in our industry would agree the privilege to engage with your colleagues in person cannot be understated for an event of this magnitude.

More noticeable this year was the high level of participation by smaller companies. It was refreshing to see these organizations use this heightened platform to showcase their innovations and join in on the fun. This behavior alone sent a clear message to me that even with all the barriers to success thrown in our path, the desire to learn, engage, and collaborate with healthcare leaders representing all aspects of patient care delivery is still well and alive.

Some of the more popular technology themes that resonated with me and others in our organization encompassed digital experiences, data sharing, and cybersecurity.

At the MEDHOST booth, we were excited to preview all our innovations, including a new physician-centric solution, MEDHOST Mobile Physician. Stacey Holman, MEDHOST VP Product Management, was given the fantastic opportunity to share an overview of the latest mobile solution at the Amazon booth.

In her presentation, Stacey spoke on the advantages of collaborating with AWS technologies and how that relationship has laid the groundwork for giving our physician users a secure way to stay connected to their care workflows from any location.

As our industry becomes more consumer value-focused, which often translates to a digital-first experience, MEDHOST has emphasized finding ways to enhance those experiences for patients and providers. Our time at HIMSS22 connecting with partners and industry leaders strengthens our foundation needed to support that mission. We look forward to HIMSS23 and are excited to see our provider partners join us in Chicago!

To learn more about how MEDHOST can help your hospital in its transition to the digital patient experience, please reach out to us at inquiries@medhost.com or call 1.800.383.6278.

Recent surveys and articles paint a gloomy picture for the healthcare workforce in the US. According to a recent USA poll, 23% of healthcare workers say they are likely to leave the field soon. Medscape’s most recent survey identifies emergency medicine as one of the specialties experiencing the highest burnout rates, jumping from 43% in 2021 to 60% in 2022.

In the face of these workforce challenges, it is also essential to assess the potential impact on patient care and safety. Research suggests that physicians experiencing burnout are twice as likely to make a medical error.

In 2019, the World Health Organization categorized burnout as a syndrome resulting from chronic workplace stress that has not been successfully managed. While burnout was a concern before COVID-19, the pandemic has exacerbated the problem.

According to an ACEP October 2020 poll, 87% of emergency physicians reported feeling more stressed since the start of the pandemic, and 72% reported experiencing more burnout on the job.

Diagnostic Errors and the Financial Impact

Among medical errors, diagnostic error is one of the most glaring safety problems in healthcare today, particularly in emergency medicine.

As outlined in The Sullivan Group’s whitepaper on the dangers of diagnostic error, the frequency of this problem is significantly underestimated by malpractice claims. A recent publication from Johns Hopkins shed light on the diagnostic error rate for specific conditions:

According to a recent Medscape poll, 26% of emergency physicians think they make a diagnostic error every shift.

Diagnostic errors are the leading type of paid medical malpractice claims filed against emergency physicians, costing approximately $288,000 per claim filed. Before the onset of COVID-19, the medical malpractice insurance marketplace increased premiums due to the increased frequency of high severity cases. In fact, the projected loss rate for hospital professional liability increased by 30% (Occupied Bed Equivalent from $2,960 in 2020 to $3,850 in 2021) and increased by ~15% for emergency medicine (from $5.92 per patient visit in 2020 to $6.81 in 2021).

As a result of this market pressure, healthcare organizations are increasing their self-insured retention layer to lower their total cost of risk. Large health systems (>$5B in gross revenue) increased their self-insured retention limits by 34.5% ($8.4M to $11.3M), and medium ($2B–$5B) and small (<$2B) health systems increased their limits by ~8%.

Risk Mitigation, System Solutions

Given the current workforce challenges in healthcare and the impact on the quality of care and cost of care, many hospitals are looking to software to help resolve these challenges. To that point, MEDHOST’s partnership with The Sullivan Group aims to support acute care hospitals in mitigating their openness to medical error risk via MEDHOST’s EDIS platform.

The integration focus on several key areas essential for reducing risk and the potential for patient harm:

Triage: The Sullivan Group defined a series of ‘Seconds-to-Minutes’ emergencies that can often be overlooked by nurses working in triage, especially in the face of COVID.

Nursing Documentation: Helping nurses identify potential key clinical considerations and supporting their documentation practices is critical to facilitating teamwork in the ED.

Provider Documentation: The Sullivan Group’s research into gaps in clinical practice and documentation offers a framework for identifying where providers are at greatest risk for diagnostic errors.

Vital Sign Functionality: During the entire patient visit, clinicians should maintain a front-of-mind awareness around vital signs and their importance on suggesting more severe underlying conditions that occasionally get overlooked.

Discharge: Prior to discharge, the entire ED team should feel confident that they are sending home a patient where all high-risk conditions have been considered and ruled out.

To learn more about how MEDHOST and The Sullivan Group work together to help improve patient safety and alleviate clinician burnout by reducing the likelihood of medical errors, email us at inquiries@medhost.com or call 1.800.383.6278 to speak with one of our specialists.

About The Sullivan Group

The Sullivan Group (TSG) has worked with over 1,000 acute care facilities, has been used by 95,000 clinicians, and has an impact on over 20 million patient visits annually. Their RSQ® Solutions platform is used by some of the nation’s largest hospital systems to successfully reduce adverse outcomes. The TSG Innovation Lab partners with organizations in the healthcare technology space, resulting in co-development of new products and greater exposure to solutions that impact patient safety and improve patient outcomes and patient experience. www.thesullivangroup.com

Maximizing the long-term returns of an EHR investment is directly tied to the quality of that solution’s clinical adoption. A hospital’s best opportunity to encourage adoption and advocation of an EHR is at the early stages, during the implementation of that new solution, and throughout training.

A multi-phase approach to EHR implementations-or any clinical-facing healthcare IT solution-is one of the most effective ways to ensure adoption and positive results.

The below infographic offers an example of what such a layered, multi-phase timeline might look like.

sample-ehr-implementation-timeline

Download the infographic

All too often, hospitals and vendors want to accelerate the implementation of a new EHR solution, hoping to capitalize on the latest benefits as soon as possible. When in fact, a rushed EHR implementation can quickly work against a facility by fomenting resistance within the hospital’s user base.

A phased approach to clinical adoption dramatically reduces resistance and the risks associated with accelerated implementations. By layering certain rollout phases, you can create a strong foundation for success that gives clinical, financial, and operational staff time to become acquainted with the new solution.

To learn about how the MEDHOST implementations team can set you up for continued success, reach out to us at inquiries@medhost.com or call 1.800.383.6278.

FRANKLIN, Tenn. – March 09, 2022 – MEDHOST®, a leading EHR (electronic health record) and healthcare IT solution and service provider, will showcase key offerings from their catalog of enterprise, departmental, and digital health solutions at the HIMSS22 Annual Conference and Exhibition tradeshow Booth 3858, March 14-18.  

In addition to their full range of services and solutions, MEDHOST will be showcasing new offerings that will enhance hospital end-user experiences and help streamline hospital workflows. The three new solutions include but are not limited to MEDHOST Anesthesia Experience, MEDHOST Mobility Physician, and MEDHOST Cloud-Based Analytics Solution. 

Built to complement the perioperative platform, MEDHOST Anesthesia Experience is a comprehensive, clinician-driven application that supports anesthesia providers by integrating anesthesia documentation, vitals graphing, medication documentation, anesthesia charting, and orders with other stages of the surgical process.  

The mobile solution, MEDHOST Mobility Physician, provides a complete view of patients’ charted data and includes a HIPAA-secure messaging tool, all from a handheld device, offering physicians greater digital freedom and flexibility in their workflows. The secure messaging tool enables the physician to connect with other clinicians that use mobile or web-based secure communications. 

Lastly, MEDHOST Cloud-Based Analytics is an out-of-the-box, browser-based analytics product that adds simplicity to capturing a holistic view of a hospital’s essential performance metrics with drill-through capabilities initially in financials, revenue cycle, and payor performance. 

“At MEDHOST, we continually strive to discover new ways to help our customers care for, and connect to, their communities,” states MEDHOST President Ken Misch. “More recently, we are emphasizing the digital health experience through healthcare IT innovation, as is evident with our new products. Building healthcare IT solutions and services that empower providers and patients alike and elevate their digital experience is at our core. It will continue to be a large part of our mission moving forward.” 

The EHR provider welcomes attendees to visit booth #3858 to learn more and discuss how MEDHOST can help with evolving needs of community healthcare facilities. 

 About MEDHOST  

MEDHOST has provided products and services to healthcare facilities of all types and sizes for over 35 years. Today, healthcare facilities nationwide partner with MEDHOST and enhance their patient care and operational excellence with its clinical and financial solutions, including an integrated EHR solution. MEDHOST also offers a comprehensive emergency department information system with business and reporting tools. Additionally, its unparalleled support and cloud platform solutions make it easy to focus on what’s important for healthcare facilities: their patients and business. Connect with MEDHOST on Twitter, Facebook, and LinkedIn. 

Media Contact:
Samra Khan
Senior Brand Manager
615-761-1000, ext. 2119
Samra.khan@medhost.com 

Over the past decade, we have witnessed one of healthcare’s most impactful transitional periods—the rise of the digital patient. Innovations led by partnerships will be an intrinsic part of supporting hospital success in compliance and improving population health throughout this newest stage of healthcare evolution and every stage hereafter.

While at HIMSS22, MEDHOST will be demonstrating our dedication to healthcare IT partnerships, showcasing the many solutions and innovations we have developed over decades of experience in the HIT sector.

Meeting Patients and Providers at a Digital Crossroads

MEDHOST has strived to be at the crossroads of every healthcare IT change for our customers. Coming through on that promise means creating solutions and services that elevate the digital experience for both patients and providers.

Keys to Elevating the Patient Experience:

From the onset of the care journey, patients expect streamlined, transparent, and efficient care that matches their modern lives.

Keys to Elevating the Provider Experience:

A healthcare provider should have the freedom to focus on what they do best—providing exceptional patient care.

A History of Healthcare IT Innovation

What started at the dawn of the electronic health record (EHR), leading to the HITECH Act and Meaningful Use, now finds us in a place with many exciting opportunities. In addition to advancing EHR technologies and other healthcare IT systems, rapid consumer technologies have influenced patients and regulators like never before. Now more than ever, hospitals need new digital pathways and solutions to deliver positive care experiences. MEDHOST is well-poised to help.

From cloud-based EHR to patient engagement platforms, MEDHOST understands the need for healthcare IT solutions that empower providers to widen their digital doorway and is dedicated to helping them reimagine how they can achieve that goal.

Make sure to visit booth #3858 at HIMSS22. Hear the full story of how we have helped providers across the nation elevate care and sustain operations to impact their communities positively.

Growing Gains: How a Healthcare IT Partnership Supports Community Hospital GrowthRapid growth has not come without its challenges. As the healthcare provider, Carrus Health expanded its capabilities, it found its clinical, financial, and operational proficiencies needed to follow. While they continuously improve—to ensure their growth and services remain aligned—Carrus partners with MEDHOST to help manage various aspects of their clinical and financial healthcare IT (HIT) systems. A significant feature of the partnership includes an implementation of MEDHOST’s cloud-hosted, enterprise EHR solution.

In this case study, we’ll highlight some key milestones in the Carrus Health and MEDHOST partnership that began in one facility and continue to develop as both organizations grow to meet the needs of the changing healthcare industry.

It seems ransomware may be a common topic to talk about these days; however, many people do not truly understand ransomware and its risks.

Ransomware is a symptom of a much larger root cause, like getting a fever or chills from seasonal flu. To prevent it, we need to break ransomware into three distinct phases:

  1. Initial infection
  2. Spread
  3. Recovery

In this blog, we will discuss initial infection and spread.

Phase 1: How Ransomware Infects Your System

Ransomware typically arrives via phishing or through a vulnerability. These two vectors reduce most of the risk associated with infection. There are a variety of controls, but some of the most common include:

Even with all these controls enabled, risk will be reduced but not eliminated. Someone will always click on something they shouldn’t.

How Ransomware Spreads in Your System

The second phase of ransomware separates organizations with robust information security programs from others. Ransomware wants to spread once the initial infection has occurred. To do so, it uses one of two methods.

Method 1 – Using a common vulnerability within a deployed operating system.

In 2017, WannaCry (a ransomware cryptoworm) spread via the EternalBlue vulnerability. Other ransomware strains, including NotPetya, followed up this infection.

There was a failure to install existing patches (vaccine) to the infected networks in both cases. Healthcare was a prime target due to the lack of consistent patching in biomedical devices or unpredictable areas targeted for an attack, such as an Emergency Department. For the latter, the blame falls on the lack of high availability architecture/design.

EternalBlue type vulnerabilities are rare, and although there have been high-risk vulnerabilities since EternalBlue, the spread vector witnessed in the WannaCry attack made it unique. What if ransomware had a highly privileged account such as a domain administrator account? It would no longer need a coding/environmental vulnerability condition. It would simply move through the network, installing itself on every device.

Method 2 – Using a domain admin account to spread the infection to other systems.

What if the person initially phished had access to a server with their standard account? The malware or the threat actor behind the malware can quickly advance to the server environment using the target's permissions.

If a service account with administrator rights existed on the box (service account to perform backups), the malware/threat actor could retrieve the more privileged account from memory. The infection can repeat these steps until it retrieves an account that allows a high enough saturation of machines. Once there, the malware will begin exfiltrating data or encrypting drives.

As security professionals, we must focus on segmenting users from administrators. An IT administrator must have a regular account and a privileged account. Administrators must be careful where they utilize their account(s). Whatever that account authenticates into is now a target. If the malware can authenticate there, it can retrieve the elevated account. Reset administrator accounts frequently or reboot machines to remove stored tokens in memory.

How MEDHOST Keeps Ransomware Contained

MEDHOST controls include:

These controls have a positive effect on ransomware. MEDHOST provides hosted customers additional peace of mind knowing MEDHOST has taken complex steps in its journey to protect against the ever-increasing complexity of ransomware.

Our next blog will discuss recovery and required hosting capabilities to ensure hospital business continuity and patient safety.

To learn more about how MEDHOST can help protect your patient data and business operations, please reach out to us at inquiries@medhost.com or call 1.800.383.6278.