Today’s post continues to enforce how important it is to keep your systems fully up to date. It has now been uncovered that the massive data breach at Equifax that exposed confidential data for over 140 million people was accomplished by exploiting a vulnerability that had a patch available for more than two months at the time of the breach. In fact, it was fixed on March 6th. On March 9th it was known and revealed that the vulnerability was under widespread attack by hackers. Unfortunately, Equifax did not heed apply the patch or heed the warning that the exploit was under active attack.
Vulnerabilities and the details of them are often fully explained and documented by the various security companies that search for vulnerabilities very close to the day that a patch is released for it. Some vendors, such as Google, with their Project Zero, only gives vendors 90 days to release patches for reported vulnerabilities before their details are made public. This means they may even release the details, including proof of concept code to exploit the vulnerability, before a patch is available. If it wasn’t bad enough there was a vulnerability that some hackers likely knew about in the first place, now the whole world knows and any hacker can start to work attacking systems.
This fact underscores the importance of keeping your systems up to date and in an extremely timely manner. It is very likely in many cases that some hacker groups are aware of a vulnerability before a security firm discovers it and reports it to the vendor. After all, that is what they do, look for vulnerability so that they can take advantage of them. So, this means that even before the vendor knows someone is probably already using the vulnerability. Once a vulnerability is reported to a vendor they usually work quickly to create an update that will “plug the hole”. That vendor then releases the update and if a system is enrolled in automatic updates users are given the chance to install this update. However, some users do not enroll in automatic updates or leave their computers off during the time updates might be automatically applied. There is some inconvenience involved in applying updates, systems often must be rebooted, it takes time to download the updates, apply them, etc. However, as we can see, failing to do so can have dire consequences as we have seen recently with Equifax. Keep in mind too that healthcare data is prized by hackers, so as a healthcare provider, you are particularly at risk.
HealthWare can help you determine where you vulnerabilities lie and provide solutions to help you protect your confidential information. Visit us www.healthware.com or better still contact us now at https://www.healthware.com/contactus or call us at 850-479-9035 and find out how HealthWare can help you.
Podcast Summary: It was a privilege to interview the founder and CEO of HealthWare. Walter started this company over 30 years ago building it from the ground up and talks about the “evolution” from starting out with billing applications custom built for the physicians in his neighbor office to over 30 applications today created specifically for the Home Health Care, Hospice and Private Duty agencies. Please welcome Walter as he discusses this journey…
A new threat is in the wild that can attack your point of care devices if they have Bluetooth enabled. This new threat is called BlueBorne and it uses Bluetooth to silently and covertly take over your Android, iOS or Windows device and provides the hacker virtually full control over the device, including data theft, screen captures and more so even if your data is encrypted, is still isn’t completely safe. This threat only requires that the devices Bluetooth be enabled, which is the case for many mobile devices since you use it with a stylus, mouse, pair it with your car and more. This video gives you an idea of just how easy it is for a hacker to use this exploit to take over an Android phone and some of the types of things they can do with it.
This is why it is so important that you keep your devices up to date and apply the latest updates from Google, Apple and Microsoft. In fact, Microsoft released a patch for this vulnerability in Windows on September 12 but if you haven’t applied this update yet, your device is still vulnerable. HIPAA regulations require you to keep your devices secure and part of that is making sure the devices are kept up to date with the latest security patches. Most operating system vendors supply these, but not all users are good about making sure they get applied to their device and of course some devices are running older versions of the operating systems and are no longer being updated.
This is because no matching OASIS was found and the claim receipt date is more than 40 days after the OASIS completion date. In most cases, these claims cannot be resubmitted for payment and the revenue is lost.
Medicare posted CR9585 on October 27, 2016 letting agencies know that a new edit was being put into place to enforce the OASIS as a condition of payment. The first phase of this was put into place back in 2015 when they made sure the payment group codes on the claim matched those submitted on the OASIS. The new edit that took effect on April 1, 2017 now enforces the reporting regulation that requires the OASIS to be transmitted within 30 days of completing the assessment of the beneficiary although the initial edit will allow for 40 days.
If your agency is struggling with this requirement HealthWare has the answer for you with our OASIS Validation Reporting Import feature. Not a fancy name, but it automates what you must otherwise do manually with your OASIS Validation Reports and helps to make sure that you can track OASIS that has not been submitted and validated and that you cannot submit a claim until it has been. Let HealthWare help you visiting our website at https://www.healthware.com/contactus or call us at 850-479-9035.