Tuesday, September 29, 2015

Three Common Attacks of Social Engineers

Guest Blogger: Ray Balut, MedStar Chief Information Security Officer

Through the media we’ve all become familiar with the type of hackers who use their technical expertise to break into computer systems and compromise sensitive data. 

However, there is another type of hacker who can use a different set of skills to get what they want often with just a smile and a few well scripted lines.  They are the social engineers, hackers who specialize in the art of “Hacking People” instead of systems.

The Misplaced flash Drive”.  One tried-and-true trick is “accidentally” dropping a flash drive in a company’s parking lot or inside a building (if publically accessible) and hoping that a curious employee picks it up and plugs it into a company computer — In this case, the bad guy is letting you do the work for them without them ever having to touch a system.

These flash-drives may include more than the files you can see if you install them, they often contain malicious software that the hacker can use to capture passwords or even establish a connection directly back to their computer.
Safeguard: If you find a flash drive, turn it into the IT department; do not plug it into your computer and launch any files.

Phishing scams are probably the most common types of social engineering attacks used today.  Most phishing emails look like legitimate emails but in fact trick you into providing important information and or downloading malicious software all by simply clicking on a link in the email. Some common types of phishing email include:

·      Email from the Help Desk or Email team notifying you that your “email quota has been reached” or “your email account has been disabled” and including a link for you to click. MedStar’s help desk and MedStar IT will never ask for your password in an email or over the phone!

·      Email seeking to obtain personal information, such as username/password, real names, addresses and social security numbers.
     Phony security alerts – via email, pop-ups or social media (Facebook, etc…) warning you that your computer is at risk of being infected, typically with a link to click
·      Requests for money or bank/credit card account information. Often the bad guy poses as someone from another country who needs assistance accessing a large sum of money or even a friend or family member stuck in another country without any money.
Safeguard: To defend against phishing emails, you need to understand that they are typically designed to persuade you to click on a link or submit personal information.  As such, be wary of providing any information based on an email. To learn more, you might want to try this online quiz to test your phish spotting skills:

Sometimes the Social engineer will simply use tried and true old fashioned con-man approaches including:
·      Impersonating repairmen, IT support personnel, managers, etc., either by phone or in person and simply asking for the information they want.           
Safeguard: Challenge the authority or identity of persons unknown to you – ask them to identify themselves.
·       Collecting and analyzing information from discarded trash, aka “dumpster diving”.     
Safeguard: Any confidential, sensitive or personally identifiable information (PII) for patient should be shredded or placed into a designated secure shredding bin for pickup.  Remember, your trash can be a goldmine for a bad guy.
·       “Shoulder surfing”, which is watching to see employees type their passwords.                        Safeguard: Don’t type passwords with anyone else present (and be courteous by not watching other typing in theirs).
·      Searching a work area for passwords or other sensitive information that has been written down.         
Safeguard: Never write down passwords.
·       Using unattended computers that are already logged-in.                                                         Safeguard: Lock offices and lock computers when not in use.

While it’s not the “Hi-Tech” approach we might see on an episode of CSI Cyber, Social engineering is one of the most effective ways for the bad guys to get the access and information they need. This was perhaps best stated by a very prominent security expert, Bruce Schneier, who said “Amateurs hack systems, professionals hack people”

Thursday, September 24, 2015

Georgetown Summer Research Scholars' Capstone

Earlier this week, Georgetown medical students who conducted research last summer between their first and second year gathered at the French Embassy (across the street from Georgetown Medical School) to present their research findings in a capstone event. 

The late afternoon event started with a poster session (with about 60 students across disciplines of research and population health).  There was a lot of energy in the air!

We then gathered to hear some remarks and a few representative presentations.  Dr Steve Evans set the stage sharing how impressed he has been and continues to be with the quality of Georgetown medical students. One of his memorable quotes was 'The future is you.... it is you that we have been waiting for!'
I am proud that MedStar was able to support and fund 22 MedStar Scholarships last summer, including those funded by the Frank S Pellegrini Scholarship and the Pines-Kleinman Mental & Behavioral Health Scholarship.

Congratulations to the Class of 2018 for a job well done!


Monday, September 21, 2015

Sprint 4 the Cure

On Saturday, more than a dozen of your MHRI colleagues woke up early to join hundreds of people from the community at the Four Season's in Georgetown to run a 5K to raise money for cancer research at the Washington Cancer Institute at MedStar Washington Hospital Center. It was a beautiful (even a little too warm) morning and everyone had a good time (as you can see from the picture), even Finn!

MedStar Teaching Scholars Program: Accepting Applications!

The MedStar Teaching Scholars program is a two-year longitudinal program leading to Medical Education Research Certification (MERC) and Leadership Education and Development (LEAD) certification. The program is led by MedStar Health Academic Affairs and MedStar Health Research Institute, in conjunction with the Association of American Medical Colleges, and has been in place since 2009.
When I first heard about medical education research I was skeptical but have learned that it is a great venue for clinical educators to take their career to the next level. The program's goal is to teach clinician educators from across MedStar Health how to apply research principles to medical education and to be effective collaborators in medical education research. By doing this, they discover new ways to teach, present and publish their findings and become a leader in academic medicine. GME program directors, core clinical teaching faculty, clerkship directors and other clinician educators in all specialties and professions are encouraged to apply. 
Six participants will be enrolled each year into the two-year program. Applicants should be clinical teaching faculty who have a career trajectory focused on academic medicine, teaching, and medical education. All professions and disciplines are encouraged to apply.
All applications are due to Academic Affairs no later than October 9, 2015. To get more information and apply, click here

Wednesday, September 16, 2015

Watching History

Guest Blogger, Katie Carlin, Director, Research Development, Planning and Communications

I’m by no means a politician, but there’s something pretty cool about watching one of our own testify live in a senate committee hearing!

I’m currently live streaming Raj Ratwani, PhD and Scientific Director, National Center For Human Factors In Healthcare testify on the topic of “Achieving the Promise of Health Information Technology: Improving Care Through Patient Access to Their Records.” He is joined by the Founder of the Multiple Myeloma Research Foundation as well as the GM for Health and Life Sciences at Intel. The US Senate Committee on Health and Education (comprised of 22 senators) is discussing the current usability state of EHRs and how patient access, safety and understanding of data can be better improved with more uniform guidelines.

It’s a wonderful and proud moment to watch Raj represent MedStar and  our stellar Human Factors Engineering Team so well – and more importantly to know that their great work is informing policy which will directly improve the safety and care of every patient in the nation!

Tuesday, September 15, 2015

MedStar Human Factors Study published in JAMA and Author Testifies in Senate

A study by the MedStar Human Factors team, led by Raj Ratwani, PhD, Senior Human Factors Research Scientist, was published in the Journal of American Medical Association (JAMA) and is quickly gaining national attention. 

The study examined usability of Electronic Health Records (EHRs) for physicians. The findings showed that vendors of EHR systems often fail to meet federal compliance rules and guidelines for user-centered design, with 30% of EHR vendors not attesting to report a user-centered design process.

Tomorrow, Wednesday September 16, Dr. Ratwani will testify in senate committee hearing titled "Achieving the Promise of Health Information Technology: Improving Care Through Patient Access to Their Records". 

If you'd like to tune in tomorrow at 10 am to see Dr. Ratwani and others at the committee hearing, follow this link.

Tuesday, September 8, 2015

Research Grand Rounds are Back!

The new academic year has begun for Research Grand Rounds, hosted by MedStar Health Research Institute and Georgetown-Howard Universities Center for Clinical and Translational Science.

This Friday, September 11th, Waddah Al-Refaie, MD, Chief of Surgical Oncology at MedStar Georgetown University Hospital, Surgeon-in-Chief at Lombardi Comprehensive Cancer Center, and the Director of the Joint MedStar-Georgetown Surgical Outcomes Research Center.  Dr. Al-Refai’s talk is entitled, “Readmission after Cancer Surgery in the US”. The lecture will take place at MedStar Washington Hospital Center – 6th Floor, CTEC Theater 12:30-1:30pm. 

This lecture is part of an ongoing, monthly lecture series that provides a forum for researchers throughout the MedStar Health System and the Georgetown-Howard Universities Center for Clinical and Translational Science (GHUCCTS) to present their research methodology, findings and implications of their work to the medical and scientific community. The topics cover work done in diverse areas focusing on clinical, translational and interdisciplinary aspects. The lectures are 45-50 minutes in length followed by a 10-15 minute question and answer session. 

These lectures are great for research team members at all levels since no one is expected to come to the lecture as an expert in the topic of the day. Communication across disciplines is encouraged. The ultimate goal of the lecture series is to improve knowledge of cutting edge medical advances in the various fields and to enhance collaborations between departments and institutions. 

The lectures take place on the third Friday of every month. For more information and to view past Grand Rounds presentations, visit:  http://www.georgetownhowardctsa.org/education/seminars-and-workshops/research-grand-rounds

Tuesday, September 1, 2015

What’s the link between health disparities and patient safety?

Guest Blogger: Deliya Wesley, PhD, MPH, Program Manager, Health Services Research MedStar Health Research Institute

As the largest healthcare provider in the DC Metropolitan area, the MedStar system provides care to an incredibly diverse patient population, including some of the most underserved and underrepresented groups.  Across the country, we know that certain groups continue to experience differences in the type of care they receive, that some are less likely to receive routine medical procedures, and that others experience worse health outcomes overall.  These differences (also termed health disparities) are important to acknowledge in an effort to address and eliminate them. 

Why do these health disparities matter to us at MedStar as researchers and as providers?  Because we know that certain differences (including social inequities and differences in cultural attitudes) can impact patient safety.  Putting Patient First means truly understanding what the patient’s reality is, and understanding that the patient’s needs extend far beyond addressing the ailment that brought them to seek care in the first place.  It means understanding where the patient came from, how they think, how they view the world, and most importantly how they want to be related to when in our care.  In doing so, we take important steps towards providing care that is relevant to the patient regardless of factors such as their age, race, ethnicity, social status, literacy levels or the language they are most comfortable speaking.  This approach can improve how we relate and communicate with patients and their families, and help to improve the safety and the quality of care they receive.

At MedStar Health Research Institute, we continue to put patients first by striving to be inclusive and representative of our patient population in our research studies.  We have to recognize the differences in every patient that comes to us, whether they are on a research study, or seeking routine care.   Understanding these differences is a key piece in making sure they stay safe while with us, leave healthy, and remain healthy.
This past Monday’s ‘Good Catch’ covered this topic and serves as an excellent reminder for us all.  Check out this important message from MedStar Patient & Family Advisory Council for Quality and Safety member Dr. Knitasha Washington—it’s brief, and incredibly well said: https://www.youtube.com/watch?v=ntwc5MtWmBo&feature=youtu.be