On this episode of HIPAA Critical we update you on the latest including Nation-Backed APT's using COVID-19 to cover spy attacks, warnings of phishing emails aimed at small businesses awaiting their PPP loans, updates on a COVID-19 research database offering information on drug effectiveness, health records and claims data and we chat with TJ Walsh a licensed professional counselor about the impact of coronavirus on therapy and mental health concerns.
Rather read?Here’s the full transcript of this episode.
Olena Heu: Thanks for tuning in, another edition of the HIPAA Critical Podcast headed your way. Joining me this week, Rick Kuwahara, your Chief Operating Officer of Paubox.
Rick Kuwahara: Hey, Olena. Great to be back again.[THEME MUSIC] Olena: Thank you so much for joining me, Rick. And we've got a stacked show with lots going on and we're gonna dive right into the news. What can you tell us about the very latest?
Rick: Okay. One of the big things in the news right now are, of course Coronavirus-related attacks. We talked about it on the last show how hackers were using Coronavirus-themed emails and phishing attacks to target individuals and some companies.
Well, it turns out that researchers have found that it's not just private companies who are targets of these cyber attacks, but also government organizations. And they're finding that the hackers themselves are actually nation-backed, what they call advanced persistent threats or APTs.
These are groups of hackers that governments actually pay to go out and try and hack or get information or intelligence from other countries. So you can think of it like a spy movie.
If you go to a spy movie and CIA is saying, "Hey, this organization got hacked. Someone hacked us and it was another country." I think Russia is always a bad guy in most movies, so let's say Russia hacked us. That is what is going on right now and it's actually a constant thing.
But they're finding that a lot of these attacks have changed their method over to Coronavirus-related themes. So an example would be a campaign that researchers found where they're targeting the personal accounts of US government employees.
They used phishing emails that pose like they were coming from American fast food franchises, so you could think like Burger King or McDonald's saying, "Hey, here's a free meal or here's a coupon. Click on it to redeem."
And trying to get people to click on it or even do online ordering in order to get them to phishing pages where they then collect their credentials, so really sneaky.
A lot of these type of promotions are legitimate and they're going out, and the hackers are trying to impersonate them to get people to click on and kinda hack into different government organizations to get intelligence.Olena: Interesting. And like you said, sounds like it's right out of a movie or a film. Anything like this happen with the World Health Organization?
Rick: Yeah, so they were in the news recently and they confirmed that they were attacked in March. And it was a site that was set up that kind of mimic their internal email system to get agency staffers for the World Health Organizations to reset a password or something.
Basically, they'll send them an email to their personal email saying, "Hey, do this," and take them to a site that look like their actual internal email system to get them to login and take their credentials.
And I think that it was an attempt to get non-public information regarding vaccine research and other COVID-19-related intelligence, which is pretty interesting as we're trying to get the vaccine to help get everybody back to somewhat of a normal life. That is also big money for whoever can get a vaccine out first, so that is very sensitive information.
Yeah, they confirmed that there was an attack that happened not too long ago in March.Olena: Wow. And they're not the only ones, right?
Rick: Yeah, everybody's kinda under attack. China's under attack. That government, the Wuhan province, there is an attack from a Vietnam-linked group that tried to go after them to take intelligence regarding how they responded to COVID-19 and their research and things like that.
I think researchers have found that some of the countries that a lot of these organizations are linked to include Iran, South America, Vietnam. And even though it's making the news right now because the tactics have changed with COVID-19, it is interesting that the general rate of attacks have kinda stayed the same, it's just that they've changed methods in order to be more effective during the pandemic.Olena: Excellent. And this is valuable information and thank you so much for always sharing that with us. Do you have another news headline that we should take note of?
Rick: Yeah, something else that's been in the news front page of a lot of news sites was the roll out, somewhat failed roll out, of the Payroll Protection Program, which was supposed to help small businesses.
It's a huge amount of funding that was given. It was $350 billion that was claimed in a matter of days.
But what's happened is they found that there are a lot of hackers who are trying to attack these small businesses and prey on their anxiety to steal their information and hack into their emails.
So there's been a rise in phishing emails that were sent out where they pose like it's coming from a lender to help them with their payroll protection program saying, "Hey, you need to sign this right away so we can get you your money."
If someone clicks on it, then get their information in there, then people can steal credentials and access their emails and really hurt the businesses. And a lot of these are really businesses that are already hurting, so it's like kicking someone when they're down.
And unfortunately, it's not that unusual to see hackers preying upon anxiety and fear in order to get access to sensitive information.Olena: And unfortunately, taking vulnerabilities and using them against people. Very, very sad. What are some things that people can do to ensure that they don't make that kind of mistake?
Rick: It goes back to trying not to move too fast. Just take your time to really look at the emails and being sure that, "Yes, this is legitimately coming from my bank or a lender that I did submit a loan request through."
And an easy way to do that is just to make sure that you are looking at the sender's full email address and not just a display name.
So, for example, a display name would be like your name would be "Olena Heu," but anybody can make that display name. I can send an email, change my display name to "Olena," but the email address will stay the same from who is actually sending it.
So just, that's one simple trick and another thing, just being sure that you are thoroughly reading the email itself because a dead giveaway a lot of times is if there are some small grammatical errors or these hackers a lot of time are trying to spin up something really fast, so there'll be an error in the logo or something like that. Just being aware that if you see anything like that, it's a red flag.Olena: And I always feel as though when it starts off with, "Dear Sir, or Madam," that that's kind of a red flag, too. [chuckle]
Rick: Right. Typically, your bank knows your name. So yeah, that can be a giveaway.Olena: Alright. Well, as we transition over, we like to also highlight those that are winning and failing and so we're gonna start with the winners, because we always like to hear some good news first.
Rick: Right. And this time we have not one particular winner but it's really, I think, just COVID-19 research in general. So, we found that 28 companies, including some tech firms, are collaborating to create a COVID-19 database based on information from electronic health records.
A lot of stakeholders are working together to put together this database and what it's gonna help with is a lot of the research and development of effective treatments and drugs, identifying demographic data that can help point to, "Hey, this person might be more susceptible versus another."
One example comes from the Cleveland Clinic, which is one of the biggest health care providers in the country.
They've teamed with SAS, and have co-created a series of models to help hospitals anticipate resource planning needs during this pandemic and made them available on GitHub, which is a code, a resource that, for coders and programmers.
People can take this model that they've created, and use it for themselves, to take a look at their supply chains and see based on these factors that are going on, maybe we have to order more of these supplies to help us with what we think will be an increase in demand.
So, those kind of predictive models are really helpful to make sure that there aren't shortages and if there are gonna be a shortage, that the health care providers can proactively act to it and not be reactive where there is a danger to people's health.Olena: That's wonderful and so very proactive, as you mentioned. And what's really nice about it is usually when we talk about people who are winning each week, there's one or two, but what we're talking about are 28 people. And so that's great.
Rick: Yeah, with a bigger impact available as this database gets more accessible. So, that's really great.Olena: And of course, priority being taking care of people and treating people, and having those resources available, so that's wonderful. Alright, we're gonna transition over to failures and we've got a pretty hefty one coming off the top.
Rick: Yes, a really big one. $8.9 million, Banner Health finally reached a settlement over a data breach that happened back in 2016. And it stems from a class action lawsuit against Banner Health, where there was a data breach that impacted more than 3.7 million patients, members and beneficiaries.
So what happened was back in 2016, Banner Health announced that there was a breach of its food and beverage outlets payment processing. So, if you go to a cafeteria and you run your credit card, that system got hacked. So hackers are able to leverage the system to get access into Banner Health's network where the patient files are. And the hack was not discovered until later, about a month later, so there is a lot of data that got compromised.
The settlement is $8.9 million, but it reimburses individuals for $500 per breach. And it does help with some expenses if there was any identity theft or fraud.
So it's a pretty big payout and lot of people who were affected and it does make it one of the largest breach-related settlements in healthcare. Primera was the largest one and that was over $74 million, and that breach affected 10.6 million patients.
More recently, was a settlement from Washington State University, April last year, which was about $4.7 million. And UCLA had one, too, that was about 7.5 million. So big numbers, primarily because it affected a lot of people.Olena: I see. And obviously, lots of lessons to be learned. And that's a lot of money to be paying out, but having the information...
Rick: Yeah, hard lessons...Olena: Yeah. [chuckle] And I just started flashing back to visiting someone in the hospital and grabbing lunch with my credit card. So good to know, good to know. And that hopefully, they're taking better precautions at this point. Alright. Well, this week Rick had a chance to chat with TJ Walsh, a licensed professional counselor and psychotherapist, educator, painter, and curator. In this interview, they talk about the impact of the Coronavirus on therapy, and how the next generation is already removing the stigma of mental health. Take a listen.
Rick: So how has delivering services changed with the Coronavirus?
TJ Walsh: Yeah. So that's, obviously, a really big important question for my field, in particular today. So the counseling profession, psychotherapy has been a really, really slow field to adapt over the course of its history.
It's notoriously slow and frustrating, especially to providers who want to be more flexible and want to be more forward thinking in their delivery of therapy to clients. So the Coronavirus has forced change upon the counseling and psychotherapy profession really quickly. So quickly that it's left many therapists who are risk adverse or slower to embrace technological change. It's left them kind of reeling a little bit.
The delivery of services has had to go online because we don't have any safe or effectively safe means to provide care to folks in person anymore. Some therapists have to provide it in person still and generally those people are in like a hospital, or inpatient, or intensive outpatient setting, where online treatment is not recommended due to the challenges that that patient is facing.
But for the majority of us in private practice or outpatient settings, we've had to really quickly adapt to the fact that it's not safe to be in person. And that's meant to go online and to figure out how to deliver services securely to our clients without causing them concern, without putting us in undue risk as the provider.Rick: Right. Do you see that move to telehealth and more virtual services as a potential benefit for the future?
TJ: Yeah, definitely. I do. I think, while I said a minute ago that the field of counseling and psychology has been slow to adapt, there have been over the past few years, folks in the industry who have been pursuing telehealth as a primary mode of delivery.
It has just been slow to catch on, both from the professional side and also the client side. I think now as we are seeing more people out of necessity coming online and receiving their therapy sessions today, that will hold an increase over the next months and years.
There's always been some back and forth in the therapeutic community about whether or not telehealth, whether by telephone or a video conference, is as effective as an in-person mode of delivery. And the research shows that it's actually just as effective.
And so, we can reassure our clients that the therapy that they're receiving online is equally effective as the therapy that they receive in the room with us in person.
There are some cases where telemedicine is counter-indicated, meaning that for that particular person and their challenges, it may not be appropriate and then we have to figure something else out. But for the vast majority of clients who engage in private practice therapy or outpatient therapy, telehealth is just as effective.Rick: That's great, good to hear. I think, especially, of people who are maybe in more rural areas, especially, that could help.
TJ: Yeah. Yeah, definitely. It's for sure a question of access, right?Rick: Right.
TJ: And if one of the ways we can provide quality psychotherapy or quality counseling services to people who live at a distance from a city or a larger population base where the therapists tend to congregate through the use of online tools, then we should be doing that.
There is still the question about whether or not those more rural communities have access to high-speed internet, but that is also something that we see being tackled in the technology field as well as we're growing.Rick: Yeah. I know that's why 5G is so exciting for a lot of people right now.
TJ: For sure, yeah.Rick: To get to those areas. I think one thing that comes up with it, too is there's still a lot of stigma around mental health and getting assistance. Even telehealth might help with that because you don't have to walk to an office anymore.
TJ: Yeah. Over the past few years actually, we've seen the... Well, the type of clients that I work with, I should preface that this is all based on my experience and from my point of view. Other therapists, other people who work with different populations than I do, of course have their own experiences.
But from my experience, most of the people that I work with talk about their therapists and their therapy within their social circles.
So, we do see with more and more types of delivery platforms coming on the market for therapy, different types of openness with the younger generation about taking care of themselves. Self-care, is of course this term that everybody throws around now, that the stigma of going to a therapist is reducing.
That's not to say that the stigma around mental health challenges and diagnoses is changing very quickly, but at least the fact that your best friend goes to a therapist and so you shouldn't be ashamed to go to a therapist either, is definitely changing.
We see platforms like BetterHelp and things of that nature really starting to change the conversation.
I'm not that kind of therapy provider, it's just not what I do, but it definitely helps in terms of the visibility and reducing stigma of people who engage in therapy.Rick: So it's really great that that younger generation is really becoming more accepting of therapy. I know just anecdotally myself, you know, my wife is a high school teacher, and there are a lot of, I wouldn't say... It might not be that there's more issues, but just that they're more aware of it now from when we are growing up, that there's a lot of things that are pushing on the youth these days. There's social media, the perception, like you said, self-care, how people view themselves, and there's data that there's more broken homes now. All these issues that are going on, I think that mental health is something that's even probably more important growing up, to have that support.
TJ: For sure. For sure. Yeah, I think our youth are up against challenges that generations before them have not been up against.
Every generation has their challenge and have things that cause distress in their life. But this particular generation, I think the pressures of succeeding, of image management, of performing at a particular caliber when measured against their peers, is pretty immense.
We look at data around the use of social media in general, and we're finding that people who use social media a lot are about 2.7 times more likely to be depressed than people who use social media more sparingly. And we see that for depression, we see that for anxiety as well.
The more you engage in social media, the more anxious and the more depressed you're likely to be.
And so when we look at the younger generation, who your wife works with probably, or the kids in college, students in college, they're on social media all the time. They're checking social media tens of times a day, multiple, multiple times a day, they're always on it.
And so if you're constantly being fed an image of perfection, there's going to be that expectation or pressure put back onto yourself to match that image of perfection. And so that's what we're seeing happening today.
And then also the type of parenting that happens in our culture tends to be very, very... Well, it can be two different ways.
It can be micromanaging and helicoptery, or it can be totally hands-off. Both of those ways are not helpful to the development of an individual.
And so being that we see students not being kind of directed in a healthy way, sometimes, we see them becoming more anxious and more depressed and more stressed out about success.
So yeah, social media, parenting styles and the culture at large today is really having an effect on the mental health of our youth.
Olena: Thank you so much, Rick, for that wonderful interview, and one of many that you've got.
Rick: Yeah, it's always fun to talk with customers... In this case, TJ Walsh is a customer of Paubox, and really learn about their insights into their profession. They're experts in what they do, and it's always interesting to talk to people about what they're passionate about.Olena: And for the full transcript of that interview, you can log on to our website, that's paubox.com, P-A-U-B-O-X.com. Thank you so much for tuning in this week and be sure to follow and like and subscribe to us, The HIPAA Critical Podcast, Wednesdays, right here. Thank you so much for joining me, Rick.
Rick: Thanks Olena.Olena: Until next time. [THEME MUSIC]