Kusserow on Compliance: Most data breaches are financially motivated by outside parties

71 percent of breaches last year were financially motivated

C-Suite Executives 12 times more likely to be a target

Ransomware attacks account for one out of four cyber-attacks

Safeguarding Tips from Strategic Management

According to the to the Verizon 2019 Data Breach Investigation Report (DBIR), 71 percent of breaches were financially motivated and 69 percent were perpetrated by outsiders. This 12th edition of the annual report analyzed 41,686 security incidents, which included 2,013 confirmed breaches. This year’s report included new metrics and analysis from the FBI Internet Crime Complaint Center (IC3). Not surprising, the C-Suite was the major target, because they are in the position to transfer money. They were found twelve times more likely to be the targets of breaches.  Also, time-pressed senior executives tend to move quickly in reviewing and clicking on emails, resulting in a greater likelihood that suspicious emails slip through. On a positive note, attacks against HR personnel has rapidly decline in recent years, in large measure as result of W-2 tax form scams almost disappearing as a problem. Some other interesting statistics from the report:

  • 52 percent of breaches involved hacking
  • 33 percent of breaches included social attacks
  • 28 percent of breaches involved malware
  • 32 percent of breaches involved phishing
  • 29 percent of breaches involved the use of stolen credentials
  • 21 percent of breaches were caused by errors
  • 56 percent of breaches took months or longer to discover

 

Safeguarding Tips from Strategic Management

  • Brief executives, as the prime targets, on avoiding cyber-attacks
  • Train employees to not click on email links/attachment, or respond to “phishing” inquiries
  • Provide ongoing employee and contractor training on what to do and not to do
  • Implement policies/procedures for precautions against malware
  • Conduct a risk assessment to understand threats presented by an insider
  • Regular systems tests can also help flag vulnerabilities before a hacker can get in
  • Configure email servers to block zip or other files that are likely to be malicious
  • Continuously monitor employee and vendor networks
  • Conduct regular systems tests to flag vulnerabilities before a hacker can gain access
  • Update and upgrade software
  • Use encryption to guard against information being read by unauthorized parties
  • Establish multi-factor authentication
  • Regularly test users to make sure they are on guard

For more information health care provider cyber-security, contact Dr. Cornelia Dorfschmid at cdorfschmid@strategicm.com or at (703) 535-1419.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Meeting nursing home compliance program legal mandates

The November 28, 2019 deadline approaches for skilled nursing facilities and nursing homes to adopt and implement an effective compliance and ethics program as a condition of participation in the Medicare and Medicaid programs. At that time, state survey agencies will begin assessing facility compliance with implementation of an effective compliance and ethics program. Yet, the OIG continues to find major problems with that health care sector. The OIG recently reported that posthospital extended care services or Medicare beneficiary coverage must be preceded by an inpatient stay in a hospital for not less than three consecutive calendar days. The OIG found that CMS improperly paid 65 of the 99 skilled nursing facility (SNF) claims sampled by the OIG.  Projecting from its sample, the OIG estimated that CMS improperly paid $84 million for SNF services over a two-year period.

Those nursing homes that followed the OIG guidance will have little problem in meeting the new mandate, but those who did not have only months to come into compliance. Organizations trying to catch up should consider having a compliance expert perform a gap analysis to identify elements needed for the compliance program and how be able to evidence program effectiveness. A gap analysis should provide a “road map” and step-by-step plan for bringing a facility into compliance with the mandates. Those that have already implemented a compliance program should consider having an effectiveness evaluation conducted by experts to verify that the program will meet mandated standards.

For more information about meeting the standards of these new mandates, Tom Herrmann may be reached at thermmann@strategicm.com or at (703) 535-1410.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Even the FBI has been a victim of cyber-attacks

The FBI confirmed that least three of its websites were hacked

Records of thousands of officers and federal agents stolen

Hackers have put the data up for free download.

As health care entities struggle to guard their data against cyber-attacks, the seriousness of the need was underscored by the fact that even the FBI has trouble protecting its systems. A group of hackers has exploited the flaws of at least three FBI-affiliated websites and leaked thousands of federal and law enforcement agents’ personal details, according to TechCrunch. The hackers infiltrated multiple websites run by the FBI National Academy Association that promote law enforcement training. The sites also support graduates of the FBI Academy through local chapters.  Three of the sites were breached and the “personal information has been obtained to be sold on the web.”

The hackers announced they were able to break into the pages and download the contents, which they then uploaded on their own website. In all, they were able to steal around 4,000 unique details. Those include member names, job titles, email addresses (some personal, some government-owned), physical addresses, as well as phone numbers. The hackers also said they have over a million pieces of information on federal agents and are planning to publish more data from hacked government websites in the future. Seeing as this is far from the first security breach to affect federal workers, the government and organizations linked to its agencies may want to think of more ways to beef up their security measures.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: CMS announced updates to nursing home ratings

CMS announced updates in April 2019 to Nursing Home Compare and the Five-Star Quality Rating System. Its purpose is to provide tools for consumers to compare quality between nursing homes. This comes in advance of the November 28, 2019 deadline for skilled nursing facilities and nursing homes to have implemented an effective compliance and ethics program as a condition of participation in the Medicare and Medicaid programs. The new tools announced have been created to help consumers, their families, and caregivers compare nursing homes and identify areas they may want to ask about when looking at nursing home care. Nursing Home Compare has a quality rating system that gives each nursing home a rating between 1 and 5 stars and those with 5 stars are considered to have above average quality and nursing homes with 1 star are considered to have quality below average. There is also a separate rating for each of the following three factors:

 

  1. Health Inspections include findings on compliance to Medicare/Medicaid health and safety requirements from onsite surveys conducted by state survey agencies at nursing homes.
  2. Staffing Levels are the numbers of RNs available to care for patients in a nursing home at any given time.
  3. Quality Measures for care are based on resident assessment and Medicare claims data.

 

The April 2019 changes include revisions to the inspection process, enhancement of new staffing information, implementation of new quality measures, and lifting of the “freeze” on the health inspection ratings instituted in February 2018 to hold up the star rating score until all nursing homes were surveyed at least once under the new survey process. In April, users of the site will be able to see the most up to date status of a facility’s compliance, which is a very strong reflection of a facility’s ability to improve and protect each resident’s health and safety. CMS is also setting higher thresholds and evidence-based standards for nursing homes’ staffing levels, recognizing that nurses have the greatest impact on the quality of care nursing homes deliver. As such, CMS is assigning an automatic one-star rating when a Nursing Home facility reports no RN is onsite. In April 2019, the threshold for the number of days without an RN onsite in a quarter that triggers an automatic downgrade to one-star will be reduced from seven days to four days. The new Update includes:

 

  • changes to the quality component to improve the identification of quality differences among nursing homes, raising expectations for quality, and incentivizing continuous quality improvement;
  • adding measures of long-stay hospitalizations and emergency room transfers;
  • removing duplicative and less meaningful measures;
  • establishing separate quality ratings for short-stay and long-stay residents; and
  • revising the rating thresholds to better identify the differences in quality among nursing homes making it easier for consumers to find the information needed to make decisions.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.