January 4, 2018
CMS Penalizes 751 Hospitals Over Patient Safety Issues – United States
The federal government examined 3,306 hospitals during the fourth year of the HAC Reduction Program and those in the bottom 25% for patient safety face a one-year, 1% cut in Medicare payments. More than half also faced penalties last year, when the 769 hospitals saw their Medicare payments cut. CMS levies the penalties under the Hospital-Acquired Conditions Reduction Program, which was created by the Affordable Care Act. Teaching hospitals were again hard hit. One-third face lower payments this year versus half last year. Among the 115 academic medical centers affected this year are Grady Memorial Hospital in Atlanta, Northwestern Memorial Hospital in Chicago and Stanford Health Care hospitals in California.
Microsoft and Facebook Join Forces to Stop Cyberattacks – United States
The two companies that might normally be considered competitors in the tech arena collaborated with "others in the security community," though the other players weren't identified. In a White House news conference, homeland security advisor Tom Bossert said that "Facebook took down accounts that stopped the operational execution of ongoing cyberattacks and Microsoft acted to patch existing attacks, not just the WannaCry attack initially." Bossert chose not to elaborate on the nature of the other attacks. Both companies confirmed their role in the action. Facebook said that it deleted accounts linked with the hackers "to make it harder for them to conduct their activities." The hacking collective, known as the Lazarus Group, had a number of fake personal profiles that it used to target unsuspecting users. Facebook also notified individuals who had contact with the suspect accounts.
Why Your Employees Might Be the Biggest Threat to Your Growing Business – Worldwide
The biggest threat to your business is most likely from your trusted employees — and even yourself. According to Veriato’s 2018 Insider Threat Report, which surveyed 472 cybersecurity experts, 90% of cybersecurity professionals surveyed feel their company is vulnerable to insider attacks, and about 50% have experienced at least one of these attacks in the last 12 months. Those surveyed chose regular employees as the biggest security risk for their company. As you can expect, a majority (94%) believe they should monitor employees to prevent these attacks. Consider the recent example at Heathrow International Airport in London: Someone found a USB on the streets of London with all the airport’s security data. While it’s still being investigated, it appears likely that the USB drive was either accidentally dropped by someone with access to it (pure negligence) or deliberately dropped by someone with bad intel. Either way could be just as damaging. These threats might be malicious, such as a salesperson sending confidential data to a competitor, but they’re just as likely to be accidental, such as falling victim to a phishing email, failing to protect networks or not using antivirus software on your computers. What’s interesting is that -- while most companies are using data loss prevention (DLP) software, encryption, identity and access management, endpoint security, intrusion detection and prevention systems, and log management to track data -- companies seem to be doing a poor job tracking the user.
FOR MORE INFORMATION:
To sign up for the complete daily G4S Corporate Risk Services Intelligence Bulletin, as well as regular intelligence and risk updates and news, click here to subscribe!