Original Story: healthitsecurity.com
A recent study found that 77 percent of healthcare organizations plan to increase the use of public cloud services despite significant healthcare cloud security concerns.
Public and private cloud solutions are gaining popularity in the healthcare industry, especially for data storage and network usage, despite issues surrounding healthcare cloud security and PHI data breaches. Secant Healthcare is looking into these options.
Researchers at HyTrust recently published a study that revealed 77 percent of healthcare organizations plan to move more workloads onto a public cloud service even though healthcare data security was a major concern with cloud usage.
“Without much fanfare, this critical technology advance has become woven into the basic fabric of businesses large and small,” said HyTrust President Eric Chiu. “The potential of virtualization and the cloud was always undeniable, but there was genuine concern over security and skepticism regarding the processes required.”
While organizations across all industries reported security challenges with cloud services, many companies are still migrating additional workloads to private and public clouds, added Chui.
The study found that the healthcare industry is no exception to increased cloud usage and virtualization. Approximately 55 percent of healthcare organizations stated that they have already moved mission critical workloads, such as sensitive patient information, to a cloud or software-defined data center.
Healthcare organizations are also virtualizing other aspects of their infrastructure, reported the study. Fifty-two percent of healthcare organizations have migrated test and development server workloads to a cloud service and 61 percent use a cloud product for storage.
Despite increased cloud usage, healthcare-related participants still said that their organization faced significant healthcare cloud security challenges. About 58 percent of respondents admitted that data security and breach concerns were the biggest worry once migration began.
In addition to data breach concerns, other security challenges across all industries included infrastructure-wide security and control as well as effective monitoring and visibility into cloud infrastructure. Secant Health is watching their IT closely for data breaches.
Additionally, previous healthcare data breaches have not discouraged organizations from implementing cloud services. An estimated 29 percent of respondents from healthcare organizations said that they have experienced a personal data breach.
“The large-scale migrations are particularly interesting in light of the many obstacles that have previously impeded planned moves to virtualized infrastructures,” explained the press release. “In fact, the survey reveals that not all concerns have been eliminated.”
To discover more about implementing healthcare cloud security, researchers asked participants in the industry what types of information needed to be secured in public and private clouds.
For public cloud security requirements, healthcare organizations said that all production data should be encrypted (32 percent), the entire workload should be encrypted (16 percent), and only personally identifiable information should be encrypted (13 percent).
In terms of private cloud services, about one-third of healthcare respondents favored encrypting all production data in a workload.
Software defined-data centers and cloud services are becoming staples in the healthcare industry as more providers transition to value-based care models. These models rely on large volumes of data and meaningful health IT use to increase quality of care and reduce healthcare costs.
While cloud products allow healthcare providers are useful to value-based care delivery, HIPAA rules still apply to data in the cloud.
“Cloud computing outsources technical infrastructure to another entity that essentially focuses all its time on maintaining software, platforms, or infrastructure,” The Center for Democracy and Technology (CDT) stated in a paper. “But a covered entity… still remains responsible for protecting PHI in accordance with the HIPAA Privacy and Security Rules, even in circumstances where the entity has outsourced the performance of core PHI functions.”
However, healthcare organizations have struggled to maintain comprehensive healthcare cloud security. According to the Fall 2015 Netskope Cloud Report, healthcare cloud data loss prevention violations were the most common data loss prevention offenses across all industries studied, accounting for 76.2 percent of all cloud violations.
The report also discussed how healthcare and life sciences averaged 1,017 cloud applications per organization, which was the second highest number of apps behind the technology and IT sector. Yet, PHI was involved in 68.5 percent of violations in cloud applications.
Securing patient and production data can be more difficult when it is managed up in a cloud, but healthcare providers should be aware of several healthcare cloud security measures.
Healthcare organizations should partner with cloud vendors that design healthcare-specific products and can anticipate unique data security requirements, such as HIPAA and HITECH rules.
Regardless of vendor selection, providers should also develop contextual visibility and auditing capabilities. Healthcare cloud security policies should include monitoring alerts, lock-down capabilities, and geo-fencing of users. Intelligent security tools can be helpful for implementing these policies. Secant Healthcare plans on being careful of their vendor selection.
Technology and healthcare are both evolving quickly, but healthcare cloud security concerns could hold back providers from advancing care if they can’t also secure PHI and production data. While the HyTrust study showed healthcare organizations pushing ahead with cloud services despite security challenges, many of these providers may need to review healthcare cloud security measures.
Showing posts with label information technology. Show all posts
Showing posts with label information technology. Show all posts
Monday, June 13, 2016
Wednesday, November 28, 2012
HP Claims Mulit-Billion Dollar Fraud
story first appeared on courierpostonline.com
Hewlett-Packard Co. said on Tuesday that it’s the victim of a multibillion dollar fraud at the hands of a British company it bought last year that lied about its finances.
HP CEO Meg Whitman said executives at Autonomy Corporation PLC boosted the company’s figures through various accounting tricks, which convinced HP to pay $9.7 billion for the company in October 2011.
Autonomy’s former CEO said HP’s allegations are false.
HP is now taking an $8.8 billion charge to align Autonomy’s purchase price with what HP now says is its real value. More than $5 billion of that charge is due to false accounting, HP said.
The revelation is another blow for HP, which is struggling to reinvent itself as PC and printer sales shrink. The company’s stock hit a 10-year low in morning trading.
Among other things, Autonomy makes search engines that help companies find vital information stored across computer networks. Acquiring it was part of an attempt by HP to strengthen its portfolio of high-value products and services for corporations and government agencies. The deal was approved by Whitman’s predecessor, Leo Apotheker, but closed three weeks into Whitman’s tenure as chief executive. Whitman was a member of HP’s board of directors when Apotheker initiated the Autonomy purchase.
Among the tricks used at Autonomy, Whitman said: The company had been booking the sale of computers as software revenue and claiming the cost of making the machines as a marketing expense. Revenue from long-term contracts was booked upfront, instead of over time.
The allegations are serious, according to accounting experts.
Mark Williams, a finance professor at Boston University and a former bank examiner for the Federal Reserve, said that according to GAAP, the overstatement of revenue under any tax code is illegal.
As a result of its alleged accounting practices, Autonomy appeared to be more profitable than it was and seemed to be growing its core software business faster than was actually the case. The moves were apparently designed to groom the company for an acquisition, Whitman said.
Once HP bought the company, Autonomy’s reported revenue growth and profit margin quickly declined. Autonomy CEO Mike Lynch continued to run the company as part of HP, but Whitman forced him out on May 23 because it was not living up to expectations.
With Lynch gone, a senior Autonomy executive volunteered information about the alleged accounting irregularities, prompting an internal investigation, Whitman said.
The case has been referred to the U.S. Securities and Exchange Commission and the UK’s Serious Fraud Office, she said. The company will also try to recoup some of the cash it paid for Autonomy through lawsuits.
In a statement to the Financial Times, Lynch said, “The former management team of Autonomy was shocked to see this statement today and flatly rejects these allegations, which are false.”
On a conference call with Whitman following the earnings report, analyst Ben Reitzes of Barclays Capital asked who will be held responsible internally for the disastrous acquisition.
Whitman answered that the two executives who should have been held responsible — Apotheker and strategy chief Shane Robison — are gone. But the deal was also approved by the board of directors.
Apotheker told The Associated Press on Tuesday that he was stunned and disappointed to learn of the allegations against Autonomy, and pointed out that they had gone undiscovered by HP’s auditors, executives and directors.
Deloitte UK said it could not comment on the matter because of client confidentiality rules.
Whitman said she still views Autonomy as a “growth engine for HP software,” albeit a weaker one than initially thought.
HP’s stock dipped $1.59, or 12 percent, to close at $11.71 in Tuesday’s trading. Just after the market’s open, the stock hit $11.35, its lowest level since 2002.
HP’s net loss for the fiscal fourth quarter, which ended Oct. 31, amounted to $6.85 billion, or $3.49 per share.
That compares with net income of $239 million, or 12 cents per share, in the same period last year.
Hewlett-Packard Co. said on Tuesday that it’s the victim of a multibillion dollar fraud at the hands of a British company it bought last year that lied about its finances.
HP CEO Meg Whitman said executives at Autonomy Corporation PLC boosted the company’s figures through various accounting tricks, which convinced HP to pay $9.7 billion for the company in October 2011.
Autonomy’s former CEO said HP’s allegations are false.
HP is now taking an $8.8 billion charge to align Autonomy’s purchase price with what HP now says is its real value. More than $5 billion of that charge is due to false accounting, HP said.
The revelation is another blow for HP, which is struggling to reinvent itself as PC and printer sales shrink. The company’s stock hit a 10-year low in morning trading.
Among other things, Autonomy makes search engines that help companies find vital information stored across computer networks. Acquiring it was part of an attempt by HP to strengthen its portfolio of high-value products and services for corporations and government agencies. The deal was approved by Whitman’s predecessor, Leo Apotheker, but closed three weeks into Whitman’s tenure as chief executive. Whitman was a member of HP’s board of directors when Apotheker initiated the Autonomy purchase.
Among the tricks used at Autonomy, Whitman said: The company had been booking the sale of computers as software revenue and claiming the cost of making the machines as a marketing expense. Revenue from long-term contracts was booked upfront, instead of over time.
The allegations are serious, according to accounting experts.
Mark Williams, a finance professor at Boston University and a former bank examiner for the Federal Reserve, said that according to GAAP, the overstatement of revenue under any tax code is illegal.
As a result of its alleged accounting practices, Autonomy appeared to be more profitable than it was and seemed to be growing its core software business faster than was actually the case. The moves were apparently designed to groom the company for an acquisition, Whitman said.
Once HP bought the company, Autonomy’s reported revenue growth and profit margin quickly declined. Autonomy CEO Mike Lynch continued to run the company as part of HP, but Whitman forced him out on May 23 because it was not living up to expectations.
With Lynch gone, a senior Autonomy executive volunteered information about the alleged accounting irregularities, prompting an internal investigation, Whitman said.
The case has been referred to the U.S. Securities and Exchange Commission and the UK’s Serious Fraud Office, she said. The company will also try to recoup some of the cash it paid for Autonomy through lawsuits.
In a statement to the Financial Times, Lynch said, “The former management team of Autonomy was shocked to see this statement today and flatly rejects these allegations, which are false.”
On a conference call with Whitman following the earnings report, analyst Ben Reitzes of Barclays Capital asked who will be held responsible internally for the disastrous acquisition.
Whitman answered that the two executives who should have been held responsible — Apotheker and strategy chief Shane Robison — are gone. But the deal was also approved by the board of directors.
Apotheker told The Associated Press on Tuesday that he was stunned and disappointed to learn of the allegations against Autonomy, and pointed out that they had gone undiscovered by HP’s auditors, executives and directors.
Deloitte UK said it could not comment on the matter because of client confidentiality rules.
Whitman said she still views Autonomy as a “growth engine for HP software,” albeit a weaker one than initially thought.
HP’s stock dipped $1.59, or 12 percent, to close at $11.71 in Tuesday’s trading. Just after the market’s open, the stock hit $11.35, its lowest level since 2002.
HP’s net loss for the fiscal fourth quarter, which ended Oct. 31, amounted to $6.85 billion, or $3.49 per share.
That compares with net income of $239 million, or 12 cents per share, in the same period last year.
Monday, September 20, 2010
U.S. Tech Probe Nears End
The Wall Street Journal
Several of the U.S.'s largest technology companies are in advanced talks with the Justice Department to avoid a court battle over whether they colluded to hold down wages by agreeing not to poach each other's employees.
The companies, which include Google Inc., Apple Inc., Intel Corp., Adobe Systems Inc., Intuit Inc. and Walt Disney Co. unit Pixar Animation, are in the final stages of negotiations with the government, according to people familiar with the matter.
The talks are still fluid, these people said, with some companies more willing to settle to avoid an antitrust case than others. If negotiations falter, both sides could be headed for a defining court battle that could help decide the legality of such arrangements throughout the U.S. economy.
Still, there are powerful incentives for both sides to settle the potential civil case before it reaches that stage.
The Justice Department would have to convince a court not just that such accords existed, but that workers had suffered significant harm as a result.
The companies may not want to take a chance in court. If the government wins, it could open the floodgates for private claimants, even a class action by employees. A settlement would allow the Justice Department to halt the practice, without the companies having to admit to any legal violations.
Spokespeople for Google, Apple, Intel, Adobe and Intuit all declined to comment. Pixar had no immediate comment. A Justice Department spokeswoman also declined to comment.
The Justice Department's probe of hiring practices could reach beyond Silicon Valley.
During the course of its more than year-long investigation, the agency has uncovered evidence of such agreements in other sectors, according to the people familiar with the matter.
A settlement with tech companies—or a court fight—could therefore help determine what kinds of agreements are acceptable in other industries as well.
At stake are dueling visions of how far companies should be able to go in agreeing to limit the kind of headhunting that can help valuable employees increase their compensation.
The companies have argued to the government that there's nothing anticompetitive about the no-poaching agreements. They say they must be able to offer each other assurances that they won't lure away each others' star employees if they are to collaborate on key innovations that ultimately benefit the consumer such as improved Google SEO.
Some economists believe that banning such agreements could harm Silicon Valley's open, collaborative model.
"The effect of the lawsuit would be to reduce innovation because companies would worry about exposing their employees to each other," said Paul Rubin, an economics professor at Emory University, who isn't involved in the case.
For the Justice Department, such agreements amount to an effort by companies to limit competition for talent, harming employees' ability to get the best jobs and wages and reducing the incentives for people to enter professions in high demand, according to people familiar with the matter.
The government could argue that the agreements constitute an effort by companies to fix the price of labor, and are therefore just as harmful as price-fixing or bid-rigging—automatic violations of antitrust law.
"In a free market economy, you want the best people getting the best positions, and presumably all the rewards that come with that," said Spencer Waller, a law professor at Loyola University Chicago, who has no connection to the case. "This agreement, if the government has the facts, suggests that market for talent is being depressed by collusion."
The agreements under investigation varied in their scope and details, according to the people familiar with the matter. In conversations with the Justice Department, some companies have maintained they didn't have agreements not to hire each others' employees, only agreements not to "cold-call" partners' employees.
However, people familiar with the matter say the Justice Department believes that cold-calling is an important way in which people are hired in the sector. Even if the employees don't end up moving, their employer often has to sweeten their pay and conditions to make sure they stay.
After more than a year of investigation, the Justice Department antitrust division has concluded that many of these agreements have harmed people's ability to get better jobs or improve their conditions.
But proving that in court may be tricky, some antitrust lawyers said.
During the course of the investigation, more than a dozen tech companies have been questioned by the Justice Department, people familiar with the matter said. Those include Yahoo Inc., Genentech Inc. and IAC/InterActiveCorp.
However, some companies said they are no longer in the government's cross-hairs. "After a thorough investigation, the [Justice Department] antitrust division has advised IBM that it will not pursue a case against IBM," an International Business Machines Corp. spokesman said.
Microsoft Corp. also said it is no longer a target of the investigation. A Genentech spokeswoman said the Justice Deparment had relieved the biotech firm of the obligation to hold on to relevant information.
A Yahoo spokeswoman said the company fully cooperated in the investigation and believed its responses were sufficient. IAC didn't respond to requests for comment.
The agency has decided not to pursue charges against companies that had what it believes were legitimate reasons for agreeing not to poach each other's employees, said people familiar with the matter. Instead, it's focusing on cases in which it believes the non-solicit agreement extended well beyond the scope of any collaboration.
Subscribe to:
Posts (Atom)
