201625
Top 5 Jobs in Cybersecurity for Healthcare
Explore Cybersecurity Careers in Network Security, Risk Assessment, Medical Device Security and More
Looking for a career path that will put you on the cutting edge of technology and give you plenty of job security moving into the future? Then it’s time to consider cybersecurity for healthcare.
The world of cybersecurity for healthcare is expanding every day as technology takes over more and more of daily life. Patient records that were once collected by hand are now entered digitally, instantly added to a network, and synced with insurance information, medical history, and other crucial data. Keeping all that data secure is crucial – not only for HIPAA compliance, but also for patient confidence and improved doctor efficiency. It’s no wonder that the salaries for professionals working in cybersecurity for healthcare start around $55,000 a year and go up to $125,000-$150,000 depending on your experience.
With opportunities that range from innovative – like safely integrating high-tech medical devices and equipment – to exhilarating, like tracking network attacks and leaping into action to stop hackers and ransomware, careers in cybersecurity for the medical industry vary widely. Check out these top five healthcare cybersecurity jobs with long term prospects and unlimited potential.
#1 Network security
Healthcare records are subject to strict privacy laws, which means that all the information collected and kept by doctors, hospitals, insurance providers, and anyone else who provides medical services must be securely protected. Since most healthcare records are managed digitally and stored on networks, the security of healthcare systems and servers is crucial.
A career in network security for healthcare involves all aspects of protecting a network and the information it contains, from creating firewalls to cryptography to intrusion detection and prevention. This aspect of healthcare cybersecurity also may involve “red teams,” which find system vulnerabilities and weak points where networks can be breached by trying to hack into the system and documenting their results and processes so improvements can be made.
#2 Incident responders
While health network security specialists make networks as safe as possible, no network is completely secure – and attacks will happen. Healthcare data is very valuable, so networks are a prime target for hackers or other cybercriminals who may try to steal and sell it. Attackers can also install ransomware or other malicious software, or simply take the network offline.
All these scenarios can be devastating for hospitals, doctors, or mental health professionals, so healthcare cybersecurity incident responders are constantly on alert, watching for and diagnosing those attacks as early as possible so they can take immediate action. The sooner they know a network has been breached, the sooner they can take the necessary steps to keep data secure and networks up and running.
#3 Compliance and Governance
Anyone who provides medical services or handles highly sensitive private patient information is subject to HIPAA (the Health Insurance Portability and Accountability Act of 1996), which is an extremely complicated and intricate law with nuances that can be hard to interpret. Small violations – even if they’re unintentional – can result in strict penalties and steep fines.
A healthcare cybersecurity professional working in compliance and governance knows the ins and outs of HIPAA regulations and how those rules apply in real-world medical environments. They might offer advice about required security features for hospital networks, review and adjust policies and procedures for collecting patient data on tablets, or make sure privacy and access settings for digital records are in keeping with HIPAA requirements.
#4 Risk Assessment and Management
An ounce of prevention is worth a pound of cure – and that’s the idea behind risk assessment and management. An important part of healthcare cybersecurity, members of this team anticipate when, where, and how attacks might unfold; decide which ones are most likely; and create strategies to minimize the risks to the security of healthcare data and network.
Healthcare risk assessment and management professionals work in tandem with network security experts to identify the critical data and systems in the overall healthcare infrastructure. Then, they assess risk and identify potential security concerns or system vulnerabilities, offering their expertise for how to mitigate those risks and reduce the likelihood of a potential network attack.
#5 Internet of Things and Medical Device Security
While many jobs in cybersecurity for healthcare involve protecting patient data and securing networks, Internet of Things (IoT) and medical device security is a little different. It involves the security of products like radiation machines, MRIs, CT scanners, insulin pumps, and pacemakers – and how to safely integrate them into the healthcare landscape.
As healthcare evolves and incorporates more and more technology, medical devices are becoming increasingly interconnected. A cybersecurity expert who works in IoT and medical device security figures out how to make sure those connections stay safe, creating security plans that integrate these devices into the greater IT healthcare infrastructure in ways that are both protective and compliant.
Ready to learn more? Contact Touro College Illinois and find out how to earn your degree and start your own exciting career in healthcare cybersecurity!
Touro University Illinois
https://illinois.touro.edu/news/top-5-jobs-in-cybersecurity-for-healthcare.php
https://illinois.touro.edu/media/schools-and-colleges/tcil/images/stories/iStock-695273360rev.jpg
July 23, 2020
201736
Touro College Opens Graduate Division in Chicago
Offerings Include Certificates and Master's Degrees in Four Top Fields
Touro College is launching a graduate division based in Chicago, Touro President Dr. Alan Kadish announced today. Beginning this fall, Touro College Illinois (TCIL) will offer a post-bachelor’s certificate in Cybersecurity as well as an M.A. in Data Analytics. TCIL plans to open a Family Nurse Practitioner program and a Physician Assistant program, once the accreditation process is complete. Cybersecurity and Data Analytics classes will be given online and available to students across the U.S.
“We are pleased to open our new location in the Village of Skokie,” said Dr. Kadish. “The establishment of Touro College Illinois furthers the mission of Touro College by providing access to education and perpetuating Jewish values of education and community service.” Touro College and University System has a substantial footprint in the medical and health care education space, and President Kadish noted that both the cybersecurity and data analytics programs will offer concentrations in health care.
“TCIL will bring Touro's expertise in graduate and professional programs and health professions to Illinois. Chicago is a major hub for business and home to many prominent hospital systems and health care institutions. TCIL aims to enrich these communities by training future professionals and leaders,” said Patricia Salkin, Provost of Touro College Graduate and Professional Divisions, which now includes TCIL. “Touro College and University System’s existing programs in technology, nursing and health sciences will offer unique synergies to ensure high quality academic and workforce development opportunities for our TCIL students,” added Salkin.
"Our strong partnerships with the Village of Skokie, the Hebrew Theological College (HTC) and community leaders have helped to launch our campus in a meaningful way. Everyone involved is excited to bring new forms of learning and training to an eager and energized student body. Classes in cybersecurity and data analytics will be offered online to interested students from around the U.S.," said Dr. Zev Eleff, Vice Provost of Touro College Illinois and Chief Academic Officer at HTC.
Fall application to Touro College Illinois is open. To learn more or to apply, visit illinois.touro.edu.
Touro University Illinois
https://illinois.touro.edu/news/touro-college-opens-graduate-division-in-chicago.php
https://illinois.touro.edu/media/touro-college/communications/images/featured/2020/zeveleff.jpg
July 23, 2020
202381
Joseph Giordano to Lead Touro’s New Cybersecurity and Data Analytics Programs
Seasoned Technology Expert To Help Launch Cybersecurity Certificate Program
Touro College has appointed Joseph V. Giordano to be the founding director of its new cybersecurity and data analytics programs, the College announced. An experienced computer scientist, Professor Giordano was, until recently, a professor at Utica College, where he served as director of cybersecurity undergraduate and graduate academic programs.
The cybersecurity program, which launches in September, will be delivered online and will be accessible to students across the U.S. Additional degree programs will be added in the future. The cybersecurity and data analytics programs are part of the newly launched graduate division, Touro College Illinois.
“I’m excited to join the faculty of Touro and to launch a unique certificate program in cybersecurity for healthcare. Protecting medical records, securing healthcare networks and addressing the complexity of healthcare security are critical to the future of healthcare. This certificate will enable graduates to compete in the competitive world of healthcare security,” said Professor Giordano.
“This certificate program is the next step in Touro’s commitment to excellence in healthcare. As technology takes over more and more of daily life, the world of cybersecurity for healthcare is increasingly important. Our graduates will be prepared for meaningful careers in the healthcare system of the future,” said Touro Provost Patricia Salkin.
Professor Giordano received his bachelor’s degree from Utica College and his master’s degree from Syracuse University.
Under Professor Giordano's direction, the programs at Utica were designated as a national center of academic excellence in cybersecurity by the National Security Agency and the Department of Homeland Security, as well as a center of academic excellence in computer forensics education by the Defense Cyber Crime Center. In addition, Professor Giordano served as the interim director of Utica College’s economic crime management graduate program and also helped to create its first computer forensics center.
Touro University Illinois
https://illinois.touro.edu/news/joseph-giordano-to-lead-touros-new-cybersecurity-and-data-analytics-programs.php
https://illinois.touro.edu/media/touro-college/communications/images/featured/2020/Giordano_J_Official_Pic.jpg
August 04, 2020
204837
Advance Your Career With a Healthcare Cybersecurity Certificate
A Look at Where Cybersecurity and Healthcare Intersect and Their Career Potential
Q&A with Joe Giordano, Director of Touro’s new cybersecurity program, on why a certificate in healthcare cybersecurity can take your career to the next level.
What does healthcare cybersecurity mean? What is unique about healthcare data? Cybersecurity for the healthcare sector is very important. The healthcare sector is a national critical infrastructure and must be protected and defended as such. Areas where cybersecurity for healthcare is unique include the following: protecting patient records, ensuring that patient records don't fall into the wrong hands, securing proprietary medical data, providing clients with secure telemedicine capabilities.
What does the program entail and how is it different from other similar programs out there? The Touro cybersecurity for healthcare program consists of 6 courses and 18 credit hours. The program is a strong mix of technical, legal, policy, and ethical aspects of healthcare security. Most of the cybersecurity for healthcare programs that exist across the nation are management or policy-oriented. Touro’s program is very comprehensive, addressing policies and management but also teaches the technical aspects of the field. It’s a very comprehensive program. In addition, Touro’s program offers career services, industry contacts, and internship possibilities.
What kind of work can someone with a certificate in healthcare cybersecurity find? Where should job seekers be looking for work?
Graduates can secure positions in healthcare security, which is in high demand. Positions abound in insurance companies, government organizations (federal, state, and local), the military, hospitals, nursing homes, medical labs, and clinics. Any organization that handles and/or processes public health information (PHI) and personally identifiable information (PII) needs employees who are able to secure these sensitive records.
What is the outlook for this field?
The future for this field is quite strong. There is much demand nationally and internationally for people who work in this field. According to ZipRecruiter, as of August 2020, the average annual pay for the healthcare cybersecurity jobs category in the United States is $84,448 a year.
Can a certificate help boost career prospects?
Earning a post-baccalaureate certificate from Touro College will provide graduates with a modern, up-to-date credential that shows evidence of competence in this essential field. In the course of their program, students will gain hands-on experience with network security tools, learn about cloud computing security, experiment with Internet of Things (IoT) and medical devices, apply incident response and recovery techniques to real-world problems, and learn about ethical, policy, and compliance issues related to cybersecurity for healthcare.
Does the school assist with career coaching or job placements?
Touro is committed to helping students and graduates with career coaching. The program director and professors have a strong understanding of the field. In addition, Touro is building internship relationships with healthcare sector partners in order to give students relevant work experience.
Touro University Illinois
https://illinois.touro.edu/news/advance-your-career-with-a-healthcare-cybersecurity-certificate.php
https://illinois.touro.edu/media/schools-and-colleges/tcil/images/stories/iStock-1096811086sm.jpg
September 22, 2020
207135
The Future of Cybersecurity Depends on Well-Trained Experts
Q&A with Healthcare Cybersecurity Program Director Joe Giordano
Touro College Illinois Director of Healthcare Cybersecurity Certificate Program, Joe Giordano, breaks down why cybersecurity is a central part of today’s healthcare industry. Learn the importance of information security and how the internet of things in healthcare is playing a growing role in the field.
Why is cybersecurity so important?
Cybersecurity is important because it allows organizations to protect private data and maintain public trust. Data is an extremely valuable commodity. Lost data can mean lost profits or lost lives.
When one thinks of cybersecurity the first thing to consider is the CIA Triad (Confidentiality, Integrity, and Availability). Confidentiality is concerned with ensuring that data is protected. That means that the secrecy and privacy of the data and the systems that process the data is enforced. Integrity is about ensuring the correctness and consistency of data, especially critical data. Finally, availability guarantees that systems, networks, and computers, in addition to applications (software) and data are available as needed. Organizations must be concerned with the confidentiality, integrity, and availability of their information systems.
Hackers and attackers live on the other side of the coin. They want to steal data (breach confidentiality), maliciously change data (breach integrity), and/or take systems down via denial-of-service attacks or ransomware (breach availability). Today, when so many organizations are totally dependent upon their data for day-to-day operations, having effective cybersecurity is tremendously important.
A hacked system can put an organization out of business. Proprietary information can be stolen or destroyed. National critical infrastructure systems, the systems which a modern society depends on to function, such as electricity, oil and gas, air traffic control, financial systems, and the hospitals, can be taken down. The results can be devastating for not just the organization and the people that they serve, but the country as a whole.
Why get an advanced graduate certificate in healthcare cybersecurity?
Recent news has shown that hospitals are increasingly becoming victims of ransomware and other types of cyber attacks. In addition, hostile actors have been suspected of stealing critical information related to the COVID-19 vaccine in development.
Earning an advanced certificate in healthcare cybersecurity will provide the graduate with a much-needed skill that can be applied to one of the nation’s critical infrastructure sectors. It’s an in-demand field, with the potential to have great impact. The graduate certificate offered by Touro College Illinois addresses the area from many angles, so graduates are well-prepared. The program presents the student with a detailed view of the healthcare critical infrastructure sector from the standpoint of legal, policy, risk, compliance, and ethical issues.
HIPAA and GDPR are two important topics addressed in the Touro program. On the technical side, the Touro program teaches the students hands-on, applicable skills in the network security and survivability, cloud computing security, medical device (IoT) security, and incident response and recovery. The skills that you will learn at Touro will enable you to work to secure healthcare IT systems including those in hospitals, health clinics, nursing homes, medical laboratories, insurance companies, and any other environments related to healthcare.
What is the future of cybersecurity?
Cybersecurity is a field that’s in high demand and will continue to grow. The future of cybersecurity will depend on well-trained experts who can tackle the challenges ahead. Broadly speaking, more and more systems will come online and greater amounts of data will be stored electronically, especially in the healthcare field. At the same time, hackers and bad actors will become smarter and smarter. Their tools will become more and more sophisticated, and it will become more difficult to attribute attacks to specific actors.
In addition, the growth of Internet of Things devices will increase at a rapid pace. These IoT devices will permeate every field and every critical infrastructure, and IoT in Healthcare will adapt to address new challenges. Wearable IoT devices are more and more commonplace. With each and every piece of new and innovative technology comes not just greater capability but also another area for attack. Remembering that a system is only as secure as its weakest link —all the hacker needs to do to hack into a system is to find that one small vulnerability. This future holds great promise for capable cybersecurity professionals who know how to hunt for threats, find system vulnerabilities, protect systems, recover from attacks, and find perpetrators.
Touro University Illinois
https://illinois.touro.edu/news/the-future-of-cybersecurity-depends-on-well-trained-experts.php
https://illinois.touro.edu/media/schools-and-colleges/tcil/images/faculty/joseph_giordano_headshot.jpg
December 02, 2020
207305
New Internet of Things Cybersecurity Legislation Brings Changes to the Industry
Touro Healthcare Cybersecurity Director Joe Giordano Says Bill Increases Need for Security Experts
Recently, the Senate passed by unanimous consent H.R. 1668, the Internet of Things (IoT) Cybersecurity Improvement Act. This very important bill directs the National Institute of Standards and Technology (NIST) to develop guidelines on the use of IoT devices and the management of their vulnerabilities.
A New Potential Cybersecurity Law for IoT Security
This bill demands that NIST develop and publish standards and guidelines for how the federal government should use and manage IoT devices connected to information systems, including “minimum information security requirements for managing cybersecurity risks associated with such devices.” This cybersecurity legislation directs NIST to consider current industry standards, guidelines, and best practices.
While this is a great first step in terms of securing IoT devices, it is important that there is enforcement so the standards and guidelines are taken seriously and followed. Too many times in the past, standards and guidelines have been sidestepped or even ignored. The stakes are too high here as the number of IoT devices increases and security measures are sorely lacking.
IoT Device Security in Healthcare
Touro College Illinois’ innovative healthcare cybersecurity graduate certificate has a course dedicated to securing IoT devices. The Touro course on IoT security presents students with foundational concepts and understanding related to the application and impacts of IoT devices within the healthcare environment. Medical IoT devices already exist in many aspects of healthcare today. This includes complex medical devices and procedures such as CT scans and MRI systems to simple devices such as blood pressure and temperature recording instruments that communicate and record measurements directly into the patient chart.
Increasingly, medical IoT devices such as heart monitors are being placed on patients for extended periods of time to monitor fluctuations in real-time as they go about their daily lives. These devices report real-time readings to healthcare environments for immediate evaluation and triage. The security and safety of these devices are vital and require detailed validation and constant monitoring. Critical questions regarding the life cycle of these devices from the development, supply-chain, device updates, and the integration with information systems will be covered in this course.
Healthcare environments are another area of security concern. As hospital staff, contractors, patients and their families enter the environment, they bring with them a host of IoT devices that may present a security and/or safety threat to any healthcare environment.
As cybersecurity legislation lays the foundation for improving IoT device security, we need well-trained cybersecurity specialists and engineers to lead future innovation and keep our healthcare networks safe.
Joe Giordano is the Director of the Healthcare Cybersecurity Certification Program in Touro College Illinois.
Touro University Illinois
https://illinois.touro.edu/news/new-internet-of-things-cybersecurity-legislation-brings-changes-to-the-industry.php
https://illinois.touro.edu/media/schools-and-colleges/tcil/images/stories/TCILIOT.jpg
December 21, 2020
207306
Why Risk Assessment is Necessary
Exploring a Critical Component of Cybersecurity
You might recognize risk assessment as it’s applied in varied fields and disciplines when they ask: Should we develop product X? Should I invest in portfolio A or portfolio B? Should we offer a long-term contract to player A or player B? Not surprisingly, risk assessment is a critical component of cybersecurity and cyber intelligence. Effective cybersecurity depends upon accurate and comprehensive risk assessment. Learning how to make an accurate risk assessment is a key element of most post-graduate cybersecurity programs, and helps prepare students for real life scenarios in the field.
What is the Purpose of a Risk Assessment?
The purpose of a risk assessment is to uncover any vulnerabilities or weaknesses in an IT system or network that can be exploited by a threat. Risk assessment can be performed on any component of a system or network. The risk assessment should be based upon the CIA Triad and address the Confidentiality, Integrity, and Availability requirements of the greater system including networks, computers, software, and data.
What Are the Steps of a Risk Assessment?
The steps in a risk assessment must be well-structured and purposeful.
Characterization of the System A risk assessment typically starts with a characterization of the system. This initial step looks at the overall IT system and its components, the data, the data flows, and most importantly, the criticalness of each of these areas. It must be noted that not all components and all data are created equal. Some elements are much more critical than others, and a loss of such a critical system, piece of software, or data could severely affect the organization and its ability to function.
Identification of Threats The second step in the risk assessment process is the identification of threats. This step is concerned with gaining an understanding of the groups that have a capability and an intention to harm an organization via the cyberspace domain. This hacker group may want to steal information, covertly change information, or take a system down (distributed-denial-of-service attack or a ransomware attack). A new job that addresses this part of the risk assessment process is the threat hunter. The modern-day threat hunter proactively searches for advanced cyber threats in an attempt to neutralize such threats. They are a critical player in threat identification. In addition to the threat hunter, many organizations have created cyber intelligence units. These units are constantly searching for threat actors and work to understand their capabilities and tools.
Vulnerability Assessment Another key step in the risk assessment process is vulnerability assessment. The goal of this step is to identify weaknesses in the information system, network, and software. Some organizations add in physical security and personnel security assessment to this step.
Once vulnerabilities are identified, tools, techniques, and technologies can be applied to address the vulnerabilities. Taken together each of the above steps constitutes the risk assessment process.
Long-Term IT Risk Management
Not all risks will be addressed. The reason for this could be cost or limited resources or a vulnerability that has been found is not currently exploitable by a threat agent. This is why it’s important to perform risk assessments in a methodical and detailed manner using the CIA Triad (confidentiality, integrity, availability).
The risk assessment process is very technical. Someone who leads a risk assessment group needs to be able to understand the technical details of the assessment but also needs to be able to communicate the results in a jargon-free manner. The ability to speak and write clearly and effectively while communicating deeply technical information is an art.
Finally, risk assessment is not something that is done just once. It is a continuous process. As new technology is integrated into an organization or new software is built, an organization must conduct a risk assessment. This consistency and continued commitment to security risk management helps protect the organization.
Joe Giordano is the Director of the Healthcare Cybersecurity Certification Program in Touro College Illinois.
Touro University Illinois
https://illinois.touro.edu/news/why-risk-assessment-is-necessary.php
https://illinois.touro.edu/media/schools-and-colleges/tcil/images/stories/TCILRisk.jpg
December 23, 2020
207307
Emerging Threats in Healthcare Information Security
How Vulnerable Systems Lead to Hospital Cyber Attacks
The healthcare industry has long been known to lag behind in the process of securing their technology, including using outdated operating systems (OS), applications, and devices, which accounts for major gaps in cyber security, especially mobile device security. These gaps can lead to serious vulnerabilities in hospitals and healthcare organizations. If that wasn’t bad enough, the pandemic has pushed doctors and other professionals to quickly move to new systems and new methods of reaching patients. While this move was necessary, it caused an increase in security vulnerabilities. What are some of the areas of concern?
Growing Security Concerns in Healthcare
Mobile Healthcare, Telehealth and Growing Security Concerns
Hospitals and private institutions have increasingly turned to telehealth and mobile healthcare during the pandemic. This exacerbates the threat landscape available for attackers to target. Even if the hospitals were able to deploy new applications and software, it is possible that outdated operating systems, devices, and technology are still in use. In any infrastructure or technical upgrade project there is a possibility of missing or misconfigured security controls. These missing controls leave gaps for attackers to conduct phishing campaigns, or even compromise entire healthcare networks with cyber attacks.
Increased Network Risks from Remote Work
As some workers moved from the office to home, users are increasingly adopting virtual desktop or virtual private network solutions to connect to the office. Without proper training, these solutions can create a tunnel for attackers to exploit a potentially outdated or unprotected network. Both this year and last year, hospitals saw increases in phishing campaigns and ransomware, showing that even during a pandemic, hospitals are a target for attackers (Health IT Security, 2020).
COVID-19 Healthcare Hacks
Not only were hackers interested in hospital records and patient data, they were also interested in laboratories and medical research facilities that are working on a COVID-19 vaccine. In July, the US Department of Justice indicted two Chinese individuals for hacking into the computer systems of hundreds of victim companies, governments, and non-governmental organizations, as well as individual dissidents, clergy, and democratic and human rights activists in the United States and abroad.
In some cases, the defendants acted for their personal gain; in others, they acted for the benefit of Chinese government agencies. The hackers stole terabytes of data and created a sophisticated and prolific threat to U.S. networks. Even during a pandemic, attackers will exploit vulnerabilities and search out proprietary or sensitive information. Phishing attacks are also used to steal information or trick unsuspecting individuals to click on “COVID trackers” or other COVID data-related sites.
Insider Threats to Hospital Cybersecurity
External attackers are not the only issue within the healthcare system. Insider threats and improper use of data are still major causes for concern in data breaches. As our healthcare system is strained with doctors, nurses, and technicians working overtime, the chances for mistakes increase. Additional strain and lack of resources put medical workers in a tough situation. It is essential for security and IT teams to be vigilant in data protection and alert for potential data exfiltration or improper use. A smaller number of attacks are done by insiders, but it is still an important component to consider during technical refreshes or when considering purchasing data loss prevention tools.
Healthcare Cybersecurity Solutions
Improving Remote and Mobile Device Security
Altogether, these factors—increased telehealth, mobile devices, and phishing campaigns—create an environment ripe for increased attacks on the healthcare sector. But there is hope! And there are ways to deal with this situation in both private practices and larger institutions. Here is a three-tiered approach:
Carefully consider technical refreshes and ensure that inventories of both applications and hardware are complete prior to upgrades. These refreshes should be done in combination with security assessments during the project. Including assessments ensures that all software is up-to-date and that maintained documentation exists for current inventory and processes for upgrades, in addition to showing that security controls are properly in place.
Create (or update) continuous monitoring and incident responses to match the technical refreshes. These programs should be updated to ensure both IT operations and security teams are on the same page for the new systems.
Re-train users on how telework environments should be used, and how any new technology is implemented into routines. Given that healthcare professionals use and manage sensitive and private data, these are important points to make during training sessions to ensure even remote workers are careful about the security and privacy of PHI (Protected Health Information).
Recognizing the Importance of Network Security
These possible improvements are not all-inclusive and there are many tools, applications, and guidelines available for protecting the healthcare sector. Standardizing security controls and removing end-of-life applications can greatly improve overall security. Attackers will continue to research and use new methods of attack, which is why our defenders must pursue new methods of prevention. As the proverb says, “necessity is the mother of invention.” With the COVID-19 healthcare crisis, all sectors are finding new ways of using technology and must equally find new ways of securing it.
If you're interested in exploring healthcare cybersecurity further and want to learn how to protect vulnerable information, cybersecurity certifications are a great place to start and can help you enter this exciting field.
Dr. Nikki Robinson is an adjunct faculty member in the Touro College Illinois Healthcare Cybersecurity Certificate Program.
Resources:
BBC, “US charges Chinese Covid-19 research ‘cyber-spies’”
Security Magazine, “How hackers are using COVID-19 to find new phishing victims”
Consolidated Technologies, “Security threats in healthcare systems”
University of Illinois Chicago (UIC), “Top 4 threats to healthcare security”
Touro University Illinois
https://illinois.touro.edu/news/emerging-threats-in-healthcare-information-security.php
https://illinois.touro.edu/media/schools-and-colleges/tcil/images/stories/TCIL_Robinson.jpg
December 24, 2020
212066
Does HIPAA Affect Healthcare Cybersecurity?
Pivotal Legislation Safeguards Private Healthcare Information
The Health Insurance Portability and Accountability Act of 1996 — better known as HIPAA — is a federal law that was primarily created to address healthcare insurance coverage limitations, particularly for individuals between jobs. It’s probably more widely recognized for leading to the development of regulations to safeguard the privacy and security of protected health information (PHI). HIPAA came about just as the Internet was expanding and allowed for the flow of healthcare information to be modernized while preventing fraud and theft. HIPAA has many parts to it that affect other private and public sectors, but the HIPAA Privacy Rule and the HIPAA Security Rule are probably the most significant and well-known related directly to the field of cybersecurity in healthcare.
The HIPAA Privacy Rule and the HIPAA Security Rule were established by the U.S. Department of Health and Human Services. While the HIPAA Privacy Rule safeguards protected health information (PHI) including information communicated in verbally and in writing, the HIPAA Security Rule, protects health information of patients in electronic form (ePHI).
What information is protected by HIPAA?
The HIPAA protected health information definition is relatively broad. It encompasses any healthcare information that “relates to the past, present or future physical or mental health or condition of an individual; the provision of healthcare to an individual; or the past, present or future payment for the provision of healthcare to an individual”, even in casual conversations.
Examples of HIPAA protected health information include:
Demographic data, such as a patient’s age, gender and location
Clinical information, such as a patient’s medical diagnosis or prescription meds
Medical histories and records, such as a pre-existing condition or past surgical procedure
Lab and test results, such as x-rays or blood work
Insurance information, such as a patient’s health insurance claims and coverage
HIPAA cybersecurity requirements
HIPAA impacts just about everyone, from patients and doctors to administrative staff and network administrators. This also includes health providers, business associates and healthcare workers. Basically, anyone who might come in contact with or handles protected health information is subject to HIPAA.
In particular, health providers and organizations that collect, store, maintain or transmit HIPAA protected health information must adhere to HIPAA cybersecurity requirements. This includes rules for HIPAA computer and technology compliance meant to prevent unintentional, or malicious, access to HIPAA protected health information. For example, health providers and organizations are required to have security policies in place that define how they conduct risk assessments and vulnerability assessments to look for weaknesses, enact risk mediation plans and respond to cyber incidents.
HIPAA technology requirements ensure the confidentiality, integrity and availability of electronic protected health information (ePHI). Health providers and organizations must use reasonable and appropriate healthcare cybersecurity measures to implement the necessary standards for keeping HIPAA protected health information private. How to implement them is left up to individual organizations and the healthcare cybersecurity personnel they employ.
Strong access control is one of the key safeguards for securing HIPAA protected health information. Access control grants rights or privileges to specified users working in information systems, applications, programs or files, so they can perform job-related functions. Access control methods include:
Unique user identification, from biometric fingerprint readings to eye scans
Emergency access procedures that document instructions and processes for gaining access to ePHI during a time of crisis
Automatic logoff that terminates a user session after a certain period of inactivity
Encryption to convert data into unreadable form and decryption to decode data back to its original form
These measures also ensure different people in different roles have different levels of access to data. For example, doctors may have access to everything, nurses may have access to 90% of a system and billing or insurance may have very limited access.
The benefits and challenges of HIPAA
As the healthcare sector has transitioned from paper files to digitizing healthcare information, HIPAA cybersecurity requirements have resulted in many benefits. Electronic health records (EHRs), in particular, have helped streamline administration and management, improve efficiencies and security of HIPAA protected health information and ensure patient privacy. At the same time, HIPAA has saved the healthcare industry billions of dollars annually.
On the other hand, the extensive provisions of HIPAA make it expensive to comply with, and many organizations don’t have the necessary budget to allocate to the effort. Another challenge is HIPAA’s age. HIPAA was first put in place over 20 years ago. A lot has changed — and continues to change rapidly — in healthcare and technology. For example, hospitals have become increasingly web connected, using automation to update electronic health records with real-time feeds from sensors and other medical systems. Advancements like this didn’t exist when HIPAA was written.
In response, HIPAA continues to evolve, which means healthcare providers and organizations must keep up to date on the latest HIPAA cybersecurity requirements to remain in compliance.
“The complexity of HIPAA makes compliance with the law difficult. Very few organizations are able to do it properly,” said Joe Giordano, Founding Director of Cybersecurity and Data Analytics at Touro College Illinois. “The best way to balance HIPAA compliance with protection is to do your due diligence. Create a secure network architecture, run tests and conduct assessments, continually monitor for threats, and develop and implement a sound response plan.”
Health providers and organizations are subject to heavy penalties if they’re not in HIPAA computer and technology compliance. This ranges from monetary fines to corrective actions.
While it is expensive to comply with HIPAA’s security measures, it can be more expensive not to. The impact of weak health cybersecurity is extremely costly. These recent cybersecurity issues and attacks in healthcare provide a cautionary tale for health providers and organizations.
Learn more about HIPAA protected health information with Touro’s healthcare cybersecurity certificate
Touro’s online certification program in healthcare cybersecurity arms you with advanced technical skills and knowledge for HIPAA technology and computer compliance. The six-course, 18-credit certification program curriculum combines hands-on, technical work with coursework that addresses policy, legal and ethical issues. Topics include:
Healthcare cybersecurity policy and procedures
What information is protected by HIPAA
Health cybersecurity laws
General Data Protection Regulation (GDPR)
Data privacy and the protection of health cybersecurity networks
Two of the courses in the program are specifically designed around HIPAA, directly addressing the environment and technology in the medical field. For example, the online program course in HIPAA and Cybersecurity focuses on how healthcare information is kept safe by applying HIPAA privacy rules, security rules and technology safeguards.
Find out more about how Touro’s cybersecurity certificate in healthcare can prepare you for an exciting career in the technology and healthcare fields.
Touro University Illinois
https://illinois.touro.edu/news/does-hipaa-affect-healthcare-cybersecurity-.php
https://illinois.touro.edu/media/schools-and-colleges/tcil/images/stories/HIPPAphoto.jpg
February 22, 2021
212067
Cybersecurity in Healthcare: An Overview
Growing Field for an Emerging Need
Cybersecurity deals with the protection of critical infrastructure — assets, systems and networks vital to the function of a modern society — from damage, unauthorized access or attack using best practices, processes and technologies.
Cybersecurity is also referred to as IT security and is closely related to computer, network and Internet security. The following cornerstones of cybersecurity are known collectively as the CIA Triad:
Confidentiality relates to the security and privacy of information.
Integrity relates to the correctness and consistency of information.
Availability relates to the operational status of networks, computer systems and software that house information.
The U.S. Department of Homeland Security defines 16 critical infrastructure sectors vital to U.S. national security, economy and public health or safety. These include communications, emergency services, financial, transportation systems, energy and healthcare and public health.
What is cybersecurity in healthcare?
Confidentiality, integrity and availability of information is important to healthcare organizations that collect, store, access and transmit large amounts of sensitive data. This includes:
Patients’ protected health information
Personally identifiable information such as Social Security numbers
Financial information such as bank account and credit card numbers
Intellectual property related to medical research and development
For example, pharma companies developing vaccines and managing supply chains store serious intellectual property in cloud-based healthcare systems that could result in millions of dollars of loss if stolen or subverted. Hospital networks are also a mission-critical environment where lives are at stake. Cybercriminals, referred to as adversaries, attackers, threat actors or hackers, can change information so a patient does not receive the correct medication dosage or shut down entire networks so hospitals can’t operate.
With so much sensitive data floating around cyberspace, you may be asking, how is healthcare information kept safe? Healthcare cybersecurity helps protect patients’ personal information, ensure accuracy of medical care, increase organizational efficiencies and effectiveness, save lives and money and manage brand reputation. All of this is done while complying with government regulations, particularly the Health Insurance Portability and Accountability Act (HIPAA). So, does HIPAA affect healthcare cybersecurity? The short answer is yes.
“Technical innovations go nowhere without a deep understanding of policy, legal and ethical issues,” said Joe Giordano, Founding Program Director of Cybersecurity and Data Analytics at Touro College Illinois.
Why is cybersecurity in the healthcare industry important?
Recent cybersecurity issues and attacks in healthcare underscore why cybersecurity, especially in healthcare, matters. Healthcare organizations are particularly vulnerable to cybercrimes, because of the high value that this data has on the dark web. The dark web is a part of the Internet, accessed with special software or configurations, where users and website managers are anonymous or untraceable. On the dark web, stolen medical records are for sale.
In 2020, 642 healthcare data breaches of 500 or more records were reported to the Office of Civil Rights, including two from December alone that impacted more than 1 million records each, according to HIPAA Journal.
This staggering figure represents an increasing trend in cybersecurity issues and incidents that should influence the way technology is thought about and adopted.
Opportunities in healthcare cybersecurity
Technology offers incredible opportunities in healthcare: virtual appointments via telemedicine, quicker test results through mobile applications and easier coordination between doctors thanks to electronic medical records, to name just a few. In today’s global information-intensive environment, Internet of Things components, advanced computational medical devices and Big Data are being integrated into the greater fabric of healthcare information systems. Medical patients and healthcare providers alike can use electronic and cloud-based systems, smart devices and digital tools to improve the quality of healthcare.
Overall, these new technologies offer great opportunities for the healthcare community. To make these opportunities a reality, cybersecurity for the healthcare sector is a must have.
Cybersecurity in healthcare jobs
Cybersecurity is being integrated into strategic planning to help healthcare organizations incorporate technology safely and effectively into their information systems. The intricate tools used to secure a network, passwords and the cloud take time to master and are critical to ensuring computers and software run properly. Healthcare organizations are increasing budgets for hiring trained professionals who can design and implement these practices, processes and technologies.
Jobs for information security analysts are projected to grow 31% from 2019 to 2029, with some of the highest growth seen in the healthcare sector, according to the U.S. Bureau of Labor Statistics.
Healthcare cybersecurity professionals with advanced training and skills, such as a cybersecurity certification, are especially in high demand.
What sets our cybersecurity certificate program apart from other programs and cybersecurity degrees?
Touro’s dynamic combination of — and strength and reputation in — technology and healthcare education is unmatched by even the best cybersecurity schools in the country. Our cybersecurity certificate program will prepare you to start or advance your career with highly specialized course topics and lab-oriented projects. For example, the Principles of Healthcare Security and Privacy course emphasizes real-life scenarios in clinical practices and business operations in healthcare. This foundational course also addresses U.S. laws and regulations and their application in other parts of the world.
You’ll get practical, hands-on experience using cybersecurity software, tools and systems, including Wireshark, Nmap, Netcat, AWS Console, VirtualBox/VMware and John the Ripper. Plus, the advanced technical skills and knowledge you’ll gain are transferrable to related technology fields. In particular, you’ll learn:
How to read outputs to gain situational awareness related to the security of a healthcare network
How to secure healthcare networks, especially in the e-Health cloud where medical data is stored
What to do with medical devices and how to secure them
How to diagnose, respond to and recover from a cyber incident
Explore Touro’s online cybersecurity in healthcare certificate to move forward in your career and help transform the future of healthcare working in exciting cybersecurity in healthcare jobs.
Touro University Illinois
https://illinois.touro.edu/news/cybersecurity-in-healthcare-an-overview.php
https://illinois.touro.edu/media/schools-and-colleges/tcil/images/stories/HEALTHCARECYBERSECURITYOVERVIEW.jpg
March 01, 2021
212068
How is Healthcare Information Kept Safe?
Migration to Digital Environment Adds Value and Vulnerabilities
Healthcare information encompasses a wide variety of data, including:
A person’s medical history such as demographic and clinical information
Collective health records of a community, from local to global
The activities of healthcare providers and organizations such as strategic planning and operations, financial information and research and development efforts
Healthcare information at the individual level can provide a holistic view of a person’s health for better coordinated care. At the community level, healthcare information can help understand public health and the factors that impact it.
The broad term can also refer to the technology systems that manage all of the healthcare-related data. This integrated network works together to improve patient care, increase productivity and profitability, and influence decisions and policies made by leaders.
The evolution of healthcare information
Not too long ago, the healthcare sector was a very static environment. Healthcare information was stored as paper files in physical locations and maintained and accessed through manual processes. These outdated methods had many issues, including communication, efficiency, accuracy and security.
Today, healthcare information is widely collected, stored, accessed and transmitted digitally, thanks in part to the Health Information Technology for Economic and Clinical Health (HITECH) Act, a component of the 2009 Recovery Act.
HITECH encouraged healthcare providers to use electronic health records (EHRs) and health information exchanges (HIEs) for housing and sharing data.
The widespread adoption of industry practices and tools such as these has led to significant changes in how healthcare information is handled. Data are coming directly from medical devices and machinery in hospitals, such as radiation and x-ray machines. Automation, in particular, means that health records are updated frequently, in real time. This is how, for example, the number of COVID-19 cases are tracked by health institutions, shared with media and reported to the public.
As healthcare information has migrated to the digital environment, it has become highly valuable and therefore vulnerable to cyber criminals on the dark web. Organized crime on the dark web is actively selling stolen health records by the hundreds of thousands. This in turn has led to an increasing importance in protecting health information through healthcare cybersecurity.
Healthcare cybersecurity helps protect patients’ privacy while complying with federal regulations, namely the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
What is PHI in healthcare?
Under the HIPAA Privacy Rule, protected health information (PHI) is defined as health information that “relates to the past, present or future physical or mental health or condition of an individual; the provision of healthcare to an individual; or the past, present or future payment for the provision of healthcare to an individual.”
Examples of protected health information include:
Demographic data
Clinical information
Medical histories and records
Lab and test results
Insurance information
From a personal perspective, you may find it easy to understand why protecting health information is so important, but the ways to ensure PHI security are much more complicated.
Issues in protecting health information
Healthcare data including the examples of protected health information mentioned earlier are everywhere in cyberspace. This sensitive data comes from a variety of sources, from cloud-based services to smart devices to mobile applications. The high value of personal data on the dark web makes PHI in healthcare vulnerable to cyber threats and attacks. In fact, recent cybersecurity issues and attacks in healthcare underscore just how big of a challenge this is today. Healthcare organizations must protect healthcare information — for personal privacy, public health and even national security.
Strategies to ensure PHI security
Data breaches can be extremely costly — to individuals and organizations. So, it stands to reason that processes or products that help keep healthcare information safe are well worth the investment in time and money. The following are just a few healthcare cybersecurity measures for protecting health information:
Security management controls who has access to PHI in healthcare data and how much access they have, and tracks all of the devices that data passes through.
Risk and vulnerability assessments identify, evaluate and mitigate weaknesses in a network that could be exploited.
Data encryption encodes protected healthcare information and data, so it can’t be read or understood without being decrypted.
Education such as training, seminars and workshops teaches employees to take an active role in healthcare cybersecurity. Topics could include the importance of PHI security, how HIPAA affects healthcare cybersecurity and how to identify a cybercrime.
To maximize the benefit of these strategies and tools, health providers and organizations are spending money on hiring cybersecurity specialists who have the advanced technical skills and knowledge to help design, implement and manage them.
Jobs in healthcare cybersecurity
Healthcare cybersecurity professionals are the guardians of the modern healthcare industry, protecting vital healthcare systems and keeping PHI in healthcare safe and private.
Touro prepares you for an exciting, rewarding career in this highly specialized field with a healthcare cybersecurity graduate certificate. This online program can be completed in as little as six months and focuses on how to:
Assess and manage risks and vulnerabilities and make recommendations to key decision-makers
Implement the essential elements of data encryption and data protection
Secure cloud-based information systems and advanced medical devices
Recognize, respond to and recover from cyber attacks
Develop security policies and procedures and implement them across a health network
Address legal and ethical issues and comply with government regulations to keep HIPAA protected health information secure
With a dynamic combination of technology and healthcare education, Touro has a strength and reputation that is unmatched by even the best cybersecurity schools in the country. Most graduate programs that offer cybersecurity degrees only cover the technical aspects of the field, but Touro also incorporates legal and ethical issues into the 18-credit online coursework.
Explore our online healthcare cybersecurity certificate and learn how you can play an important role in protecting health information.
Touro University Illinois
https://illinois.touro.edu/news/how-is-healthcare-information-kept-safe.php
https://illinois.touro.edu/media/schools-and-colleges/tcil/images/stories/KEEPSAFEHEALTHCAREPHOTO.jpg
March 04, 2021
212829
Recent Cybersecurity Issues and Attacks in Healthcare
From Phishing to Malicious Software, Discover the Techniques Hackers Use
The number of cybersecurity in healthcare incidents that threaten the confidentiality, integrity and availability of HIPAA protected health information continues to rise. This is in part due to the continued adoption of new and advanced technology in the healthcare sector. At the same time, healthcare cybersecurity professionals are also having to deal with sophisticated tools and techniques used to exploit vulnerabilities, attack healthcare systems and gain unauthorized access to data.
Types of healthcare and hospital cyber attacks
Weak health cybersecurity falls under three categories: people, tech and policy. This includes outdated software, legacy operating systems, configuration vulnerabilities and insider threats. Software could be poorly designed. Healthcare organizations could lack explicitly written security policies. Incident response and recovery plans could be inadequately implemented. Security technologies such as firewalls could be weakly configured. Personnel such as doctors and nurses could be poorly trained.
Health cybersecurity weaknesses put organizations and patients alike at risk to cyber threats and hospital cyberattacks such as these:
Phishing attacks. Phishing is a type of social engineering attack. Someone posing as a trusted entity tricks an employee into opening a message or email and clicking a malicious link. Oftentimes, the goal is to steal health information. The best defense against this is well-trained staff who can spot a phishing attempt. The FBI, Department of Health and Human Services and Cybersecurity and Infrastructure Security Agency recently warned healthcare providers that phishing attacks are an “imminent and increased cybercrime threat.”
Data breaches. Data breaches occur when healthcare information, especially HIPAA protected health information, is accessed without authorization. Between 2009 and 2020, more than 3,700 reported healthcare data breaches of 500 or more records impacted nearly 270 million healthcare records, according to the HIPAA Journal. This represents over 80% of the U.S. population.
Malicious software (malware) and hospital ransomware attacks. Malware is designed to damage individual computers, one or more servers or entire hospital networks. Hospital ransomware attacks lock up networks and make them unusable. This could include critical medical devices such as radiation or dialysis machines. If healthcare systems aren’t probably backed up, organizations have to pay a lot of money to get their systems back online. Reported hospital ransomware attacks declined in the middle of 2020, but a new wave of these cyberattacks hit the healthcare sector in the fall of 2020.
Denial of service (DoS) attacks. DoS attacks try to shut down the operations of a machine, network or system by consuming all available network or system resources and overloading it with excess requests. These types of cyberattacks impact anything from a website to a medical service. The result is typically a slowdown or server crash. A coordinated effort from multiple sources is known as a distributed denial of service (DDoS) cyberattack.
Examples of healthcare and hospital cyber attacks
Healthcare organizations continue to be big targets for cyberattackers, who have committed numerous high-profile incidents in the past year. These are just a few of the cybercrimes that have recently hit the healthcare sector.
Phishing attack on Magellan Health. In May 2020, hackers impersonated a client of Magellan Health and gained access to the hospital’s network, including Merit Health Plan, UF Health and the University of Florida Health. Impacting more than 365,000 patients, the hackers withdrew data from a single corporate server then deployed ransomware.
Data breach on Dental Care Alliance. From September to October of 2020, hackers gained access to the network of third-party vendor Dental Care Alliance, which includes 320 affiliated practices across 20 states. The data breach impacted about 1 million patients whose HIPAA protected health information and payment card numbers were stolen. About 10% of those patients had bank account numbers stolen.
Ransomware attack on Blackbaud. Between February and May 2020, a hospital ransomware attack hit Blackbaud, a company that stores donor information for health systems, among other organizations. The cyberattack affected more than 46 hospitals and health systems, as well as their patients. The breach exposed HIPAA protected health information of millions of individuals, including Social Security numbers, and led to at least 10 different lawsuits.
DDoS attack on U.S. Department of Health and Human Services (HHS). In March 2020, cyberattackers increased pressure on HHS through a DDoS attack in an attempt to impact the coronavirus pandemic response through disruption and disinformation. Officials claim the cyberattack was unsuccessful and no networks or data records were affected.
Current trends impacting cybersecurity in healthcare
The global coronavirus pandemic has deeply impacted the healthcare sector, from the way healthcare is delivered to how healthcare information is kept safe. Health and medical cybersecurity efforts have had to ramp up to meet the rapidly growing demand for technology in healthcare delivery. This includes telemedicine, mobile service applications and videoconferencing. Remote working, in particular, is making the job of managing access control more difficult for cybersecurity in healthcare teams. Access control is a key safeguard of the HIPAA Security Rule.
Federal regulations in healthcare, namely HIPAA, have also evolved due to the coronavirus pandemic. The Department of Health and Human Services issued a limited waiver of HIPAA sanctions, and the Office for Civil Rights lifted certain HIPAA penalties to allow more platforms that weren’t considered HIPAA-compliant to be used during the outbreak. These regulatory issues present new opportunities, as well as challenges, to cybersecurity in healthcare.
Learn how to mitigate hospital cyberattacks and threats
Touro’s online certificate in healthcare cybersecurity covers some of the most pressing issues in healthcare technology today, including:
Network security and survivability and the types of cyber threats that threaten them
The impact of Internet of Things (IoT) devices on the healthcare sector and cybersecurity
Understanding the Health Insurance Portability and Accountability Act (HIPAA) and how HIPAA affects healthcare cybersecurity
Enterprise health clouds and how to secure them
Security, privacy, legal and ethical issues related to protecting health information
In six courses, you get a broad perspective on cybersecurity in healthcare. For example, the Incident Response and Recovery course looks at how healthcare organizations can best protect themselves from hospital ransomware attacks and other cyber threats. In this course, you’ll gain hands-on experience using advanced strategies, tools and techniques such as the development and implementation of operational procedures and an effective incident response and recovery plan. This and other program coursework help you develop technical skills in incident response team development and management, evidence handling and other vital areas in medical and health cybersecurity.
Find out more about how Touro’s cybersecurity in healthcare online certificate program can prepare you for an exciting, transformative career in healthcare cybersecurity.
Touro University Illinois
https://illinois.touro.edu/news/recent-cybersecurity-issues-and-attacks-in-healthcare.php
https://illinois.touro.edu/media/schools-and-colleges/tcil/images/stories/TCILRecentAttacks.jpg
February 25, 2021
212834
Analytics in Healthcare
Translating Healthcare Information Into Actionable Insights
Big data has the potential to make a significant impact on the healthcare sector, from improving daily operations and management to informing executive-level decisions to influencing marketing and communication strategies and more. The ability to translate healthcare information into actionable insights is vital to unlocking the power of big data in healthcare. This is the primary focus of healthcare analyst jobs.
What is health data analysis?
In general terms, analysis is the process of converting something whole into separate parts, then examining those parts in detail to understand its essential qualities or characteristics. In the healthcare sector, health data analysis uncovers patterns and trends in healthcare data and draws reliable and meaningful conclusions from it. This involves using both quantitative methods that are numerical and measurable and qualitative methods that are observational and descriptive.
Problem solving with health data analysis
Using historical and current — even real-time — data sets from internal and external sources, healthcare data analysis allows health providers and organizations to do the following:
Assess a situation and evaluate or calculate its results. For example, insurance companies can assess an applicant’s health status based on his or her medical history to calculate an individual health insurance premium and underwrite a health insurance policy.
Compare healthcare data to identify similarities and differences between two or more options and determine the best option for a particular situation. For example, a physician can compare the effectiveness of different medications and dosages used to treat certain health conditions and apply that data to develop and monitor a personalized treatment plan for a particular patient.
Estimate numbers or the extent of something to make informed judgments. For example, healthcare systems can operate more efficiently by estimating the number of patients they’ll admit at any given time throughout the day and allocate personnel and medical resources accordingly.
Predict future trends and consequences. For example, organizations can identify, manage and control the outbreak and spread of disease. During the global coronavirus pandemic, medical experts pulled health data related to COVID-19 variants, such as the UK variant and the South Africa variant, to predict how these variants of the disease will affect the U.S. population. The healthcare sector has also predicted the spread and total number of deaths in upcoming months due to COVID-19 based on weather data, the number of confirmed cases and deaths from previous months and many other factors.
Test the performance, quality or reliability of something before putting it into practice or widespread use. For example, pharma companies can test the efficacy and side effects of new prescription drugs to perfect their chemical formula before taking them to market.
Improve something to produce better results and outcomes. For example, analytics in healthcare can be used to identify gaps in service areas and improve outreach and care in specific locations. Or, health data analysis can lead to the development of health intervention and disease prevention programs.
Big data analytics in healthcare can be used in a wide variety of other cases to understand a patient, organization or community.
Predictive analysis in healthcare
Predictive analysis in healthcare has emerged as an important subfield of data analytics in healthcare, especially at the enterprise level. In a recent survey from the Society of Actuaries, more than half of respondents reported that their healthcare organization has adopted predictive analytics, with a significant number of them experiencing improved patient satisfaction and cost savings.
Health systems use predictive analytics to learn from historical data and make reliable predictions about the unknown. For example, predictive analytics has been used to monitor and analyze patient vital signs and identify who is most likely to need an intervention in the immediate future. This has enabled critical caregivers to respond early and proactively to changes in a patient’s condition.
Data analysts also use predictive analysis in healthcare to make sense of behavioral, biometric and psychosocial data that was once hard for healthcare data analysts to manage. For example, predictive analysis in healthcare has helped detect early signs of deterioration in patients with data transmitted from wearable biosensors. These medical devices enable care providers to monitor patients remotely, which has proven to be an effective way to carry out clinical surveillance of COVID-19 patients.
Predictive analysis in healthcare is often combined with related branches of biomedical science such as clinical medicine and epidemiology for larger data sets and more effective results.
Healthcare analyst jobs
Healthcare analyst jobs focus on providing actionable insights to healthcare organizations. Data analysts in healthcare design and develop health data analysis procedures and techniques using programming languages such as R, Python and SQL. Then, they demonstrate conclusions using business intelligence suites and data visualization tools such as dashboards. Healthcare analysts work closely with healthcare data managers, who prepare health data for analysis, and health informatics specialists, who apply the information and insights to make strategic decisions and changes.
Degrees in data analytics
Well-designed degrees in data analytics may prepare you for any of the fields mentioned above: healthcare analytics, health data management and health informatics. The difference at Touro is our strength and reputation in technology and healthcare education.
Our 10-course, 30-credit online program curriculum prepares you to kickstart, change or advance your tech career, especially in the healthcare sector. You’ll gain in-depth knowledge of healthcare operations while developing advanced technical skills in data analysis tools and methods. For example, the Analytics Data Modeling and Strategic Decisions course combines interactive lectures with hands-on labs to teach you how to apply various data modeling and data analytics concepts using state-of-the-art tools and technologies.
The data analytics in healthcare master’s degree program also prepares you for the Certified Health Data Analyst certification from the American Health Information Management Association. The hands-on experience and technical work are designed to give you a competitive edge over other candidates for healthcare analyst jobs with degrees in data analytics.
Explore Touro’s data analytics in healthcare master’s degree program and find out how you can help transform the future of healthcare while working in healthcare analyst jobs.
Touro University Illinois
https://illinois.touro.edu/news/analytics-in-healthcare.php
https://illinois.touro.edu/media/schools-and-colleges/tcil/images/stories/TCILAnalysis.jpg
March 08, 2021
212874
How is Healthcare Data Managed?
Good Data Analysis and Improved Outcomes Begins With Good Healthcare Data Management
The ability to manage data is becoming increasingly valuable in the healthcare sector. Healthcare providers, organizations and networks benefit from incorporating data management into their strategic planning and business goals. Effective healthcare data management is a key part of healthcare data analytics that enables healthcare information to be translated into meaningful insights. This, in turn, can lead to increased operational efficiencies, better patient care and improved health outcomes, while protecting the quality, privacy and security of healthcare data.
What is data management in healthcare?
Healthcare data management, also known as health information management (HIM), refers to the systematic organization of health information, especially in digital form. This includes collection, storage, retrieval, transfer and protection of healthcare data. A large part of what healthcare data analysts do is related to understanding and controlling the way data is collected, where it’s coming from, how it’s being stored and who has access to it. Through healthcare data management, information is made readily available and accessible for data analysis in healthcare.
In the past, data management in healthcare has been pretty primitive. Healthcare organizations have moved from using paper files to electronic health records to store healthcare information. Today, the healthcare sector continues to transition to a data-centric environment. This means big data is collected and stored with data warehousing and cloud-based systems, then managed in relational databases.
Data management in healthcare is regulated by the government. Federal law, namely HIPAA, requires all healthcare providers and organizations to use data management practices that secure healthcare information and protect patient privacy.
Types of data in healthcare
Data in healthcare comes from many different sources in many different forms. Internal sources typically fall under one of the following categories:
Clinical data. This type of healthcare data includes personal medical records, electronic health records (EHRs) and hospital records.
Administrative data. This includes claims and costs information such as billing details, insurance claims and doctor appointment records.
Behavioral and sentiment data. Healthcare data such as this includes patient satisfaction surveys, health surveys and other quality indicators.
Pharmaceutical data. This includes product research and development, clinical trial data, observational studies, pre- and post-market research studies and regulatory studies.
Healthcare data analysts can also tap into external resources for additional or larger data sets, such as disease registries and medical databases from HealthData.gov, World Health Organization, the National Center for Health Statistics, the U.S. Census Bureau and more.
Tools and methods for data management in healthcare
Advancements in technology are helping healthcare data analysts manage big data with more tools. These include mobile and web applications and electronic or cloud-based databases.
The foundation of healthcare data management starts with a data operating and storage system that serves as a central repository for managing healthcare data. A well-designed system should effectively and efficiently create databases that are soundly structured, searchable and maintainable. It should also integrate with a vendor-neutral archive (VNA) that consolidates many types of healthcare information into a single platform.
“A VNA is a standardized format that works no matter what product you're using for data management,” said Joe Giordano, Founding Program Director of Cybersecurity and Data Analytics, Touro College Illinois. “You never want to be locked into a single vendor who uses proprietary technology to manage your healthcare data.”
Tools and methods such as these work together as part of a clear data management plan that supports a health system’s strategic goals. With the right infrastructure in place, as well as properly trained personnel to manage it, healthcare organizations are well positioned to harness and leverage the power of big data in healthcare and its diverse applications.
Challenges with data management in healthcare
As the healthcare sector tries to catch up to others in using big data to its benefit, many challenges continue to block the widespread adoption of healthcare data management.
The sheer amount of data available is staggering, and it continues to increase rapidly.
Healthcare data analysts must determine the best ways to store all the data using a solution that is affordable and expandable.
The data must be clean, accurate and continuously updated to be useful.
Some types of medical data aren’t in digital form or haven’t yet been merged into health data management systems.
Some healthcare organizations still manage data in isolated silos that are difficult to access across healthcare networks, causing duplication, inconsistencies and inefficiencies.
Healthcare data is highly valuable and therefore vulnerable to cyber threats and attacks.
New and improved technologies are being used to manage healthcare data and changing the types of data available.
Laws and regulations, namely HIPAA, have requirements for audit and compliance that continue to evolve.
Make a career out of healthcare data management
Leveraging its strength and reputation in technology and healthcare education, Touro offers a healthcare data analytics master’s degree program that can be completed in as little as one year. The 10-course, 30-credit online curriculum includes topics traditionally covered by data management in healthcare programs but also features data analyst classes that prepare you for health data analyst certification.
Collectively, the program courses address most of the content areas of the Certified Health Data Analyst (CHDA) certification exam administered by the American Health Information Management Association (AHIMA). For example, the Data Warehousing and Data Mining course covers data quality, preprocessing data, modeling and design through the practical application of data analytics and business intelligence software. One of several foundational data analyst classes, this course introduces you to WEKA — the workbench for machine learning — and relational databases.
Explore our online master’s degree program in healthcare data analytics and find out how you can build an exciting career working with data management in healthcare.
Touro University Illinois
https://illinois.touro.edu/news/how-is-healthcare-data-managed.php
https://illinois.touro.edu/media/schools-and-colleges/tcil/images/stories/iStock-849181820.jpg
March 15, 2021
216131
The 10 Biggest Ransomware Attacks of 2021
Recent Cyber Attacks Hit Infrastructure and Critical Facilities Across the US
Ransomware attacks on Colonial Pipeline, JBS Foods, and other major organizations made headlines in 2021, and show no sign of slowing down. Across the world, hackers are exploiting security weaknesses and holding the data of companies, governments and healthcare organizations hostage, sometimes demanding tens of millions of dollars in payment.
How is Ransomware Defined?
According to the U.S. Government’s Cybersecurity and Infrastructure Assurance Agency (CISA): “Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.”
So what does that mean? Hackers take advantage of security weak spots to steal sensitive data or lock files. These criminals will only give you the key to access your system, or return the files, once you’ve paid their ransom.
Recent Ransomware Attacks in the News
Over the past few years, we have seen an increase in ransomware attacks, many of them high-profile attacks. Cyber attacks in 2021 that have used ransomware as their attack vector include attacks perpetrated against the Colonial Pipeline, Steamship Authority of Massachusetts, JBS (the world’s largest meatpacker), and the Washington DC Metropolitan Police Department. These attacks against U.S. companies and organizations result in shutdown of critical infrastructure, which can create shortages, increased cost of goods/services, financial loss due to shutdown of operations, and loss of money due to having to pay the ransom to the hackers, and worse.
2020 also saw an increase in the frequency of cyber attacks and higher ransom payments. According to Harvard Business Review, the amount companies paid to hackers grew by 300%. The sudden increase in remote work and more lax security protections at home gave hacker groups the perfect opportunity to breach sensitive data.
Healthcare Ransomware
During times of crisis, many hackers take advantage of upheaval and disorder and look for potential monetary gain. With the onset of the COVID-19 crisis in 2020, there was increased attention on cyber attacks in the healthcare space. A study by Comparitech has shown that ransomware attacks had a huge financial impact on the healthcare sector, with over $20 billion lost in impacted revenue, lawsuits, and ransom paid in 2020 alone. Over the course of the year, over 600 hospitals, clinics, and other healthcare organizations were impacted by 92 ransomware attacks.
CEO of cybersecurity firm FireEye, Kevin Mandia, shed some light on why these healthcare organizations are targeted. "Pharmaceuticals, hospitals, healthcare, public companies, organizations that don’t have the talent and skills to defend themselves—they’re getting sucker-punched," Mr. Mandia said. Marene Allison, J&J's chief information security officer, said that Johnson & Johnson experiences 15.5 billion cybersecurity incidents on a daily basis. (Becker's Hospital Review)
And it’s not only finances and patient data that’s at risk; given the crucial importance of healthcare, ransomware attacks can also lead to loss of life. According to NBC News, Teiranni Kidd sued Springhill Medical Center in Alabama after a botched delivery. In 2019, the hospital was the victim of a ransomware attack that shut down their IT infrastructure. The hospital failed to inform Kidd of the attack. According to the article, Kidd and her child received “diminished care” and missed key tests that could have prevented the baby’s severe brain injury, which led to her death nine months later. This is just one example and we’re likely to see more dire ways cyber attacks affect human life.
High-Profile Ransomware Attacks in 2021
In 2021, we’ve seen many high-profile attacks on corporations and firms across the country and the world. Just six ransomware groups are responsible for breaching the cybersecurity defenses of 292 organizations. These criminal organizations have so far taken more than $45 million in ransom money from their attacks. (ZDNet)
Here are 10 of the biggest ransomware attacks that made headlines in 2021.
Colonial Pipeline
Of all of the cyber and ransomware attacks in 2021, the breach of Colonial Pipeline in late April had the most news coverage. As Touro College Illinois Cybersecurity Program Director Joe Giordano notes, “The Colonial Pipeline attack made such an impact because the pipeline is an important part of the national critical infrastructure system. Taking the system down disrupted gas supplies all along the East Coast of the United States, causing chaos and panic.”
As most Americans are directly impacted by gasoline shortages, this attack hit close to home for many consumers. The DarkSide gang was behind the attack and targeted the firm’s billing system and internal business network, leading to widespread shortages in multiple states. To avoid further disruption, Colonial Pipeline eventually gave in to the demands and paid the group $4.4 million dollars in bitcoin.
This attack was particularly dangerous because consumers started to panic and ignored safety precautions. Some East Coast residents tried to hoard gasoline in flammable plastic bags and bins, and one car even caught on fire. After the chaos receded, government officials confirmed that Colonial Pipeline’s cybersecurity measures were not up to par and may have been prevented if stronger protection was in place.
Thankfully, US law enforcement was able to recover much of the $4.4 million ransom payment. The FBI was able to trace the money by monitoring cryptocurrency movement and digital wallets. But finding the actual hackers behind the attack will prove a lot harder. (The New York Times)
Brenntag
At around the same time in early May 2021, the same notorious hacker group that targeted Colonial Pipeline, DarkSide, also targeted Brenntag, a chemical distribution company. After stealing 150 GB worth of data, DarkSide demanded the equivalent of $7.5 million dollars in bitcoin.
Brenntag soon caved to the demands and ended up paying $4.4 million. Although it was a little more than half of the original demand, it still stands as one of the highest ransomware payments in history. (IT Governance)
Acer
Also in May this year, the computer manufacturer Acer was attacked by the REvil hacker group, the same group responsible for an attack on London foreign exchange firm Travelex. The $50 million ransom stood out as the largest known to date. REvil hackers exploited a vulnerability in a Microsoft Exchange server to get access to Acer’s files and leaked images of sensitive financial documents and spreadsheets.
JBS Foods
Although Spring 2021 held hopeful news for the end of the pandemic, the increased trend of cyber attacks that began in 2020 showed no signs of slowing down. Another high-profile ransomware attack took place this May on JBS Foods, one of the biggest meat processing companies in the world. The same Russia-based hacking group that attacked Acer, REvil, is thought to be behind the attack. (CNN)
Although there weren't any major food shortages as a result of the attack, government officials told consumers not to panic buy meat in response. On June 10th, it was confirmed that JSB paid the $11 million ransom demand after consulting with cybersecurity experts. This massive payment in bitcoin is one of the largest ransomware payments of all time. (CBS News)
Quanta
As with the Acer attack, the REvil gang also demanded a $50 million ransom from computer manufacturer Quanta in April. Although Quanta may not be a household name, the company is one of Apple’s major business partners. After the firm refused negotiations with the hacker group, REvil targeted Apple instead. After leaking Apple product blueprints obtained from Quanta, they threatened to release more sensitive documents and data. By May, REvil seemed to have called off the attack.
National Basketball Association (NBA)
Businesses and organizations from all different kinds of industries are targeted by ransomware attacks. One of the more surprising on the list this year was the National Basketball Association (NBA). In mid-April of this year, the hacker group Babuk claimed to have stolen 500 GB of confidential data concerning the Houston Rockets. Babuk warned that these confidential documents, including financial info and contracts, would be made public if their demands were not met. As of this posting, no ransom payments have been made.
AXA
This May, the European insurance company AXA was attacked by the Avaddon gang. The attack happened soon after the company announced important changes to their insurance policy. Essentially, AXA stated they would stop reimbursing many of their clients for ransomware payments. This unique (and somewhat ironic) attack on a cyber-insurance firm made headlines and the hacker group gained access to a massive 3 TB of data. (BlackFog)
CNA
Earlier this year in March, another large insurance firm fell victim to a ransomware attack. CNA’s network was attacked on March 21 and the hacker group encrypted 15,000 devices, including many computers of employees working remotely. The attack is supposedly linked to the hacker group Evil Corp and uses a new type of malware called Phoenix CryptoLocker.
CD Projekt
CDProjekt Red is a popular videogame development firm based in Poland. In February of this year, the firm was hacked by the HelloKitty gang. The hacker group accessed source code to game projects in development and encrypted devices. However, CDProjekt refused to pay the ransom money, and has backups in place to restore the lost data. (ExtremeTech)
Kaseya
REvil, the same hacker group that targeted Acer, Quanta, and JBS Foods, again made headlines in July with an attack on Kaseya. While not a name commonly known by consumers, Kaseya manages IT infrastructure for major companies worldwide. Similar to the attacks on Colonial Pipeline and JBS Foods, this hack had the potential to disrupt key areas of the economy on a large scale.
To carry out the attack, REvil sent out a fake software update through Kaseya’s Virtual System Administrator, which infiltrated both Kaseya’s direct clients as well as their customers. According to REvil, one million systems were encrypted and held for ransom. According to Kayesa, around 50 of their clients and around 1000 businesses in total were impacted. The hacker group demanded $70 million in bitcoin. To illustrate the impact of the cyber attack, Coop, a Swedish supermarket chain, was forced to close 800 stores for a full week. (ZDNet)
Soon after the attack, the FBI gained access to REvil’s servers and obtained the encryption keys to resolve the hack. Fortunately, no ransom was paid and Kaseya was able to restore the IT infrastructure of its clients. Although it started out as one of the biggest ransomware attacks of the year, the situation was salvaged in the end. (ZDNet)
Progress in the Fight Against Ransomware
Although not a state-sponsored organization, the group behind the Kaseya attack is based in Russia. According to the Associated Press, the widespread security event prompted a call between President Biden and President Putin in July. During the call, Biden pressured Putin to take a stronger stance on targeting malicious agents in his country. Although exactly what took place after this phone call is unclear, the FBI gained access to REvil’s servers, and REvil’s website and infrastructure went down soon after. While it’s uncertain whether Biden’s call made a difference, the White House asserts that it will keep up the pressure on Russia to cooperate.
Despite the continued onslaught of ransomware attacks, there have been some hopeful developments. In November, news broke that five suspected associates of the REvil group were arrested by the European law enforcement agency Europol. According to Fortune.com, “the alleged hackers are suspected of involvement in about 5,000 ransomware infections and received about half a million Euros ($579,000) in ransom payments.”
Using wiretapping and other methods, police were able to access group infrastructure and track down the alleged hackers. The two most recent arrests were the result of collaboration between 17 countries, including major world powers like the U.S., U.K. and France.
One of the men, Yaroslav Vasinskyi, 22, was allegedly responsible for the attack against Kaseya. Both of the men arrested in November may face life in prison. Although REvil is still an active player in the world of cybercrime, authorities hope to find and prosecute more hackers and end their operations. (NPR)
A Dire Need for Cybersecurity Experts
There are two key components necessary to address this issue. One is that companies need to take cybersecurity seriously and invest in it with adequate resources. Secondly, there needs to be more highly educated cybersecurity experts ready to address the scourge of ransomware attacks we’re currently facing. As Giordano notes, “So many companies and institutions still have weak security, and strong security requires constant vigilance and updates, not a one-time upgrade. When more organizations start to take cybersecurity seriously and invest the time and resources to combat threats, we’ll start to see these threats diminish.”
Unlike some other STEM fields, you don’t need a master’s to get started in cybersecurity. Completing a graduate certificate program is often one of the best ways to qualify for relevant job opportunities. The Touro College Illinois graduate certificate program in cybersecurity for healthcare addresses the critical needs of the sector. Our hands-on courses build expertise in network security, HIPAA, cloud security, medical device security, and incident response and recovery. For those looking to further their studies, explore the Touro Graduate School of Technology's network administration and security program for additional opportunities in cybersecurity education.
Touro University Illinois
https://illinois.touro.edu/news/the-10-biggest-ransomware-attacks-of-2021.php
https://illinois.touro.edu/media/schools-and-colleges/tcil/images/stories/TCILRansomwarePipe.jpg
November 12, 2021
216549
White House Urges Companies to Prepare for Cyberattacks
Deputy National Security Advisor Responds to Growing National Security Threats
The White House issued a strongly worded memo in 2021 about the need for companies to protect themselves from ransomware. The memo was sent from Anne Neuberger, Deputy Assistant to the President and Deputy National Security Adviser for Cyber and Emerging Technology, and an alumnus of Touro's Lander College of Arts and Sciences (LAS). The document was issued in response to the recent spate of high-profile ransomware hacks and offered some first step best practices for organizations to protect themselves.
“All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” the memo stated. “Under President Biden’s leadership, the Federal Government is stepping up to do its’ part, working with like-minded partners around the world to disrupt and deter ransomware actors. These efforts include disrupting ransomware networks, working with international partners to hold countries that harbor ransomware actors accountable, developing cohesive and consistent policies towards ransom payments and enabling rapid tracing and interdiction of virtual currency proceeds.”
How Neuberger Recommends Preparing for Malicious Activity
More recently, and in light of the potential future cybersecurity issues with a hostile Russia, Neuberger emphasized how important it is to follow these guidelines, and encouraged businesses to follow the same procedures as the federal government when preparing for cyber attacks.
Five Cybersecurity Best Practices
In the 2021 memo, Neuberger highlighted some of the procedures mentioned in the video, and offers additional crucial best practices businesses should follow:
Backing Up Data and Keeping Backups Offline
Keeping backups offline and testing them regularly is vital as ransomware operators typically encrypt or delete backups. In case of a ransomware attack, having an offline backup ensures that your organization can easily bring systems back online.
Update and Patching Systems Promptly
Maintaining and updating the security of operating systems and firmware can prevent many bad actors from accessing unpatched security loopholes. The memo advises the use of a centralized patch management system.
Test Incident Response Plan
“There’s nothing that shows the gap in plans more than testing,” the memo explains. Businesses should ask core questions to complete an incident response plan. Can a business continue without access to certain systems? How long? If a business system was turned offline, what happens to other operations?
Using a Third-Party to Test Security Team’s Work
Having a third party test the security of your system is a surefire way to find your system’s vulnerabilities. “Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors,” the memo states.
Segmenting Networks
The memo notes that recent ransomware operations have shifted from stealing data to operation disruption. By separating business and manufacturing/production operations, companies can limit internet access to networks, identity connections, and develop workarounds in case of a hack, ensuring that if the worst-case scenario ransomware attack occurs, critical functions can continue unimpeded.
A Dire Need for Cybersecurity Efforts
There are two key components necessary to address this issue. One is that companies need to take cybersecurity seriously and invest in it with adequate resources. Secondly, there needs to be more highly educated cybersecurity experts ready to address the scourge of ransomware attacks we’re currently facing.
Unlike some other STEM fields, a cybersecurity bootcamp and certification is sometimes all that’s needed to get started in the field. But of course, completing a graduate certificate program is one of the best ways to qualify for relevant job opportunities. The Touro College Illinois graduate certificate program in cybersecurity for healthcare addresses the critical needs of the sector. We can prepare you with the cybersecurity knowledge that’s relevant today, and help you join this growing field.
Touro University Illinois
https://illinois.touro.edu/news/white-house-urges-companies-to-prepare-for-cyberattacks.php
https://illinois.touro.edu/media/schools-and-colleges/tcil/images/stories/tcil-whitehouse.jpg
March 30, 2022
220725
Guide to the Best Cybersecurity Careers
Looking for a New Career? Touro College Illinois Rounds Up the Best Cybersecurity Jobs
In 2021, no job market is hotter than cybersecurity. Perhaps the COVID-19 pandemic has given you some time to reassess your career trajectories; perhaps you’re a college graduate looking to find a satisfying and financially rewarding career; or perhaps you’re looking to make a switch to a better or different career. Or maybe you’re simply curious.
If you’re interested in starting a cybersecurity career, there’s a job out there for you in this broadening field. As the number of cybersecurity attacks increases—and another company’s failure to protect their clients’ data is spotlighted—the need and demands for qualified cybersecurity professionals increases. This is especially true of cybersecurity in the healthcare sector, where data breaches or ransomware attacks could cost not only money, but human lives.
"Cybersecurity is one of the most important career fields today,” said Touro College Illinois Cybersecurity Program Director Joe Giordano. “There are numerous job openings for a wide variety of positions, ranging from those that are deeply technical to others that, while non-technical, are still critical. Working in the cybersecurity field enables one to work in a crucial and interesting technology area while also contributing to the common good."
To help you start planning what kind of cybersecurity career you envision, we rounded up the top most in-demand professions in the industry. These jobs are exciting, dynamic, and offer new challenges every day. Salaries provided are nation-wide averages.
The Top 8 Best Cybersecurity Jobs
Security Analyst
Like staying on top of the latest trends in security research? This job is for you. Security analysts are the front-line of defense for companies. You are a one-stop shop of security information and know-how. You keep abreast of the latest cyber threats and cyber defense techniques. You are proactive and able to read a threat quickly, formulate a plan, and mount a quick and effective defense.
Average Salary: $98,000 (Glassdoor)
Penetration Tester
Otherwise known as a white-hat hacker, this position sets you up as a member of your company’s red team. Your job is to hack your own company’s software and point out flaws in the company’s security systems. You need to be quick on your feet and enjoy causing a ruckus. You break so your company can build back better.
Average Salary: $100,000 (Glassdoor)
Cybersecurity Sales Engineer
Have the gift of gab and at home reducing complicated topics into digestible and explainable bits? This is the job for you. Cybersecurity sales engineers are vital pieces of the cybersecurity ecosystem. Sales engineers crisscross the globe making the pitch for their company’s software security program and by offering the strongest cyber defenses make the world a safer place for users everywhere. The salary range is quite wide for sales engineers, especially given how much of the salary is commission-based.
Average Salary: $104,000 (Ziprecruiter)
Security Engineer
You were always fascinated with Lego and Minecraft. Engineers are the builders behind the security systems. You’re the wizard behind the curtain. Nothing excites you more than either building the latest threat detection software or creating a way to block an intrusion from a devious malware application. But your job doesn’t just stop with creation of new software. You need to see the big picture: who will attack your company and what they will be searching for.
Average Salary: $110,000 (Glassdoor)
Application Security Engineer
Almost a sister position to security engineers, application security engineers require the same technical know-how but with a caveat: you need to be able to develop your company’s security measures using popular third-party hosting sites like Amazon Web Services and Microsoft Azure. This field has seen exponential growth in the last several years due to the popularity and ease of use of these third-party hosting sites. As an application security engineer, you will need to work with your own team and the teams at these hosting agencies, so being a team-player is a must for success in this position.
Average Salary: $136,000 (ZipRecruiter)
Cryptography
Mix in the talents needed in all of the above positions and a strong love of math and puzzles and you get the ideal cryptographer. So much of what we take for granted on the internet—private messages, online shopping, and encrypted transactions—have all been made through the work of cryptographers. Cryptographers create the ciphers and algorithms that hide the trillions of data points exchanged throughout the internet each day. This position is especially in demand in government agencies.
Average Salary: $149,000 (CyberDegrees)
Earn Your Certificate in Cybersecurity
If you’re looking to learn cybersecurity skills but don’t have time to enroll in a full degree program, the graduate certificate program at Touro College Illinois is a great alternative. With a focus in healthcare cybersecurity, our unique program prepares you for today’s job market. Take the next step for your new career today.
Find Out More
Director of Cybersecurity
This is considered a senior role in most organizations. As the director of cybersecurity, you are the point-person between the IT department and the boardroom. You need to translate the technical cybersecurity needs to the executives in the C-Level suites of the company and then take C-Level concerns back to the engineers. This is the perfect position for someone with both business acumen and a high-level technical knowledge.
Average Salary: $175,000 (Salary.com)
Chief Privacy Officer
The chief privacy officer, also known as chief information security officer, is a senior-level position that is in incredibly high-demand, all the more remarkable since the position basically didn’t exist fifteen years ago. As data became the currency of the internet, companies became responsible for both protecting their own data and their customer’s data. While a formal legal background isn’t necessary, familiarity with state and federal privacy information—like the Health Insurance Portability and Accountability Act (HIPAA), European Union General Data Protection Regulation (GDPR), and California Consumer Privacy Act (CCPA)—is a must.
You need to build a comprehensive privacy program that implements policies to minimize risk and ensure confidentiality. Your policies affect employees across the board from the executives to customer service representatives. You are a leader intent on making your company’s data safe. According to the International Association of Privacy Professionals, chief privacy officers received the greatest compensation of all cyber privacy professionals and have also had the largest pay increases since 2017.
Average Salary: $212,000 (IAPP)
Cybersecurity Careers in Healthcare
In 2020, healthcare cybersecurity came to the forefront with the onset of the COVID-19 crisis. When so many healthcare operations transitioned to remote work, it became increasingly clear that there was a major challenge in keeping patient data safe and safeguarding against cyber attacks. If you’re interested in cybersecurity careers in health care specifically, see our guide to the Top 5 Jobs in Cybersecurity for Healthcare. Healthcare cybersecurity, while similar to corporate security efforts, also involves unique areas like medical device security and HIPAA compliance.
An Urgent Need for Cybersecurity Experts
In the coming years, companies and healthcare organizations need to take cybersecurity seriously and invest in it with adequate resources. Graduate certificate programs, like our graduate certificate in cybersecurity, can train you with the skills employers are looking for in as little as six months. Companies of all sizes will need fully trained experts to implement cybersecurity best practices and protect sensitive data from hackers, ransomware attacks and other threats.
Touro University Illinois
https://illinois.touro.edu/news/guide-to-the-best-cybersecurity-careers.php
https://illinois.touro.edu/media/schools-and-colleges/tcil/images/stories/tcil-cybersecurityjobs.jpg
September 02, 2021
221847
10 Work-From-Home Cybersecurity Tips
How to Protect Your Devices and Data While Working Remotely
Through 2020 and 2021, more Americans have been working remotely than at any other time. And this trend doesn’t seem to be going away any time soon. A recent report by UpWork predicts that around 36 million employees will work remotely by the year 2025. That’s 22% of the American workforce, or an 87% increase from before the COVID-19 crisis began. A recent Mercer study also revealed that 70% of companies are likely to adopt a hybrid approach with employees only coming into the office part time.
Remote work is here to stay, and it’s important to make sure your home set up is secure, that you follow cybersecurity best practices and take the proper precautions. These 10 cybersecurity tips for working from home detail how you can keep your devices and data safe from hackers, scammers and other malicious agents. Whether you’re an employee working remotely at your company, or a business owner who wants to make sure your employees stay safe, these tips can offer some valuable insight.
1. Keep on Top of Your Company’s Security Guidelines
One of the most basic and important remote work security tips is to follow your company’s cybersecurity guidelines and rules. Many organizations, especially larger companies, have precautions in place to protect themselves, their employees, and sensitive data from cyber threats. If you’re uncertain about any security measures or unsure if your equipment is up to date, contact your IT team. If you receive a suspicious email, request or notice unusual activity on your computer, this is also a good time to contact the IT or cybersecurity department. If your company offers a VPN, antivirus software, or other helpful security tools, take advantage of these options and protect your equipment from security breaches.
2. Keep Work Devices and Personal Devices Separate
It’s an important security measure to keep your work devices and personal devices separate. While it might be convenient to log onto a work account on your personal phone or laptop, or log into your social media accounts on your work computer, this isn’t recommended. In the event that your device has a security breach, you don’t want a hacker or virus accessing sensitive information. Keeping all of your devices separate helps to minimize the amount of sensitive data an attacker can access. This is especially important in the healthcare field, as a breached device can potentially expose private patient health data.
This measure also helps to keep your family life separate from your professional life. If you use a shared device for work that your family members have access to, this can potentially lead to problems down the road. For instance, a family member might accidentally install a suspicious app, access company data, or otherwise interfere in your work life. Having secure, separate devices is the easiest way to draw boundaries between these two areas of your life. If you want to take this a step further, you can also establish a home security network for all of your family’s devices and filter out potentially harmful websites or apps.
3. Make Sure Your Wi-Fi is Secure
Making sure your Wi-Fi is secure is an important cybersecurity tip for working from home. By breaching your Wi-Fi network, hackers can potentially gain access to your devices, or use your Wi-Fi network for criminal activity. As a first step, you’ll want to change the default password for your Wi-Fi router to a new, unique password. For greater security, it’s also a good idea to change the wireless network name to something excluding any personal information, like your name or address.
Other steps you can take to keep your wireless network secure include enabling network encryption, and making sure you’re staying updated with recent security updates or patches. Finally, although it might be tempting to work from public Wi-Fi at a cafe or local park, it’s not worth the risk. Public Wi-Fi signals are notorious for being vulnerable to malicious agents, so it’s always better to work from a secure, strongly protected home Wi-Fi network.
4. Watch Out for Phishing Emails
Phishing emails are a common way scammers compromise company security and information. Usually, a scammer will impersonate an executive or employee and ask for confidential information, such as login information to a work account or bank account. Be on the lookout for fake email addresses, grammar errors, or messages that create pressure or a strong sense of urgency.
In a work-from-home situation, employees are even more susceptible to this kind of attack. With more emails and less face-to-face communication, it’s important to be extra vigilant against suspicious requests in your inbox.
5. Keep Your Devices Locked and Tracked
Automatically locking your device after a certain amount of inactivity is a good safeguard to protect your sensitive files and data. This is important in case your device is stolen or accessed when you aren’t present. In addition to enabling automatic locking, you’ll want to enable location tracking so you can find your device if it’s lost or stolen.
6. Keep Your Confidential Files Secure
It’s a smart idea to keep your most sensitive or confidential work files stored securely. One security measure you can take is to lock sensitive folders or files with a password. You can easily encrypt a document with a password in common programs like Microsoft Office and Adobe Acrobat. You can also store and share your confidential work files with an encrypted, cloud-based file sharing company. These platforms are often much more secure than email and have multiple security measures in place.
It’s also a good idea to back up your most important files. This can help protect your data in the event of a ransomware attack or hardware failure. You can store files in a password-protected SSD drive or external hard drive. If you also need to keep physical paper copies of sensitive data, make sure the files are stored in a secure, locked location.
7. Create Strong Passwords for All Logins and Devices
This work from home security tip is also just a general best practice for digital security. Despite the importance of having a strong password, many people still overlook this tip, especially when it comes to work accounts. Many hackers have access to sophisticated password cracking tools and techniques and can easily crack a less than stellar password.
Make sure your chosen password is at least 12 characters long, and includes elements like symbols, numbers and different case letters. It’s best to make your password as complex and unique as possible. Instead of including your birthday or favorite sports team, try a string of words and numbers that don’t make logical sense or follow a clear pattern.
8. Use an Authenticator App / Two-Factor Authentication
In the early days of the internet, a password was all hackers needed to breach an account. Thankfully, today we have additional security measures available to protect our accounts from hackers. Two-factor authentication requires you to offer additional “proof” that you’re the correct person accessing your account, and not a hacker.
The best tool to verify your identity with two-factor authentication is an authenticator app, like Google Authenticator. When attempting to log in to your account, you’ll get a push notification on your device, or a special timed code on your app. If your employer doesn’t currently have two-factor authentication set up, this extra security feature can go a long way in securing company devices from unauthorized access.
9. Make Sure Your Video Conferences Are Secure
One of the potential challenges to work from home security is video conferencing. When the COVID-19 crisis began, “Zoom bombing” attacks were common stories in the news. Uninvited parties and hackers were able to bypass security controls and gain access to private video conferences. Although Zoom and other platforms have since worked on improving their security measures, companies still need to be vigilant and take the proper precautions.
When scheduling video meetings with Zoom or other conferencing tools, prevent unwanted entry with a “waiting room” feature to screen attendees, and a password. To reduce risk, hosts can also make sure each meeting has a unique ID, restrict attendee controls, and keep software up to date.
10. Stay on Top of Software Updates & Your Operating System
Keeping your operating system and software up to date is a crucial part of work from home security. Generally, operating systems like Windows and macOS support at least two releases prior to the current release. It’s important to use a supported system, as your device will have access to the latest security updates. If possible, it’s recommended to always use the latest operating system. If you’re working from a company laptop, check with your IT department first before upgrading to a new operating system.
In addition to your operating system, any software or apps you use, including your web browser, need to stay up to date. Most software will automatically check for and install updates. If you notice the apps on your phone aren’t updating regularly, review your software update settings. If you have outdated or unsupported software on your device, be sure to uninstall these programs. Hackers look for any vulnerabilities they can use to access your devices and data, so take the proper precautions and keep on top of your device security.
Touro University Illinois
https://illinois.touro.edu/news/10-work-from-home-cybersecurity-tips-.php
https://illinois.touro.edu/media/schools-and-colleges/tcil/images/stories/tcil-remotework.jpg
October 20, 2021
223770
Top 5 Future Trends in Data Analytics
Field Posed to Grow with Business Intelligence Adoption and Automation
Like the Greek philosopher Heraclitus said, you can’t step into the same river twice—and the same thing could be said about the world of data analytics. This hot field is always changing as professionals and companies struggle to make sense of the fast-paced nature of the marketplace. We rounded up five trends that we think will become more engrained in 2022 and the future at large. These trends include increased adoption of data analytics, automation, stronger reliance on cloud computing, and finally the ethical implications of data collections.
For this article, we will be using the term business intelligence and data analytics interchangeably. Stitch Data has a great explanation of the differences between the two, but as a primer, data analytics requires a greater mathematical skill set and requires more training since it uses larger data sets and algorithms to make predictive analysis. In contrast, business intelligence uses programs like Tableau and Microsoft Power BI and typically tries to understand what happened in the past. Additionally, business intelligence is focused on what happened—data analytics asks why.
In a way, consider business intelligence data-analytics-lite, diet coke to data analytics classic. Some of Google's platforms are also evolving to follow the emphasis on business intelligence. Google Analytics was originally more focused on data reporting, but now the new GA4 is more focused on data visualizations and business analytics.
1. Increased adoption of Business Intelligence and Data Analytics in industries
Data analytics and business intelligence is here to stay and it’s only getting bigger. According to Dresner’s 2020 Cloud Computing & Business Intelligence Market Report, a whopping 95% of enterprise software vendors believe data analytics and business intelligence are a must-have for their business. More than half of the respondents said that the two were critical for their businesses.
Now when we say data analytics and business intelligence are crucial for businesses, we don’t mean they’re only crucial for businesses with strong digital footprints, like app developers or Amazon sellers. We predict that all businesses, ranging from manufacturing to clothing and trucking companies, will be using some form of data analytics, be it analyzing customer trends or simply using analytics to better understand how to build a better environment for their employees. This in turn leads to our next trend.
2. Bigger Automation
There is too much data. For those of us familiar with the data world, this isn’t a new phenomenon. Way, way back in 2014, while data analytics and business intelligence were still in their relatively formative stage, The New York Times wrote about how big data collectors were mired in data “janitorial work.”
Lots of data might seem to be a good thing, but there is always too much of a good thing. With so much data available it becomes harder and harder for good data analytics and business intelligence professionals to manage data, and sort through the relevant bits and pieces to make strong predictive analyses. There isn’t an easy way to deal with this problem, but there are solutions on the horizon.
More and more basic data is being automated thanks to processes like automated machine learning and embedded analytics; this frees up more time for the data professional to understand the root causes and find the pivotal data that can lead companies in the right direction. This transition is already happening as Adobe’s 2020 Digital Trend Report proved: 64% of large organizations said they used AI to automate data analysis in 2020, up from 55% in 2019.
As Suresh Vittal, chief product officer of Alteryx, a leader in analytic automation, told Forbes: “Automation is essential because, first of all, it frees up the analyst to focus on the high value-add activities, which really drive top-line growth. Secondly, it helps contribute to the bottom line by trading out mundane activities for more efficient processes.”
Or as consultant and thought-leader Pritam Gurumayum put it memorably: “Contrary to its name, artificial intelligence helps humanize data and make it more accessible to all.”
Earn Your Master’s in Healthcare Data Analytics
Looking to start or build your career in data analytics? Our Master’s in Data Analytics for Healthcare explores exciting areas like Big Data and data mining that are playing an increasingly important role in the healthcare space. Our 10-course, 30-credit program can be completed in only one year and prepares you for professional certification in data analytics. Take the next step for your career today.
Find Out More
3. Growth in Data Literacy
As data analytics becomes more prevalent, the need for every employee to understand data basics becomes paramount. More and more employers already ask jobseekers about the basics of data sets and how to understand them. This is a natural reaction to market forces. According to the Data Literacy Index large enterprises that have higher corporate data literacy experience $320-$534 million in higher enterprise value (the total market value of the business).
Consequently, this also increases the need for data analysts, data scientists, and other professionals who can adequately explain how data works to their counterparts. Data professionals are beginning to understand their new role in large companies as not only how to learn from data analytics but how to teach others about data analytics.
4. Stronger Reliance on Multiple Cloud and Hybrid Storage and Service
As more and more companies, both large and small, migrate their data to the cloud and use cloud-based software, we are seeing a growing trend in the use of multi-cloud storage and hybrid systems. This is a natural evolution in the growth of cloud computing. For many companies, a single dedicated cloud platform or infrastructure is no longer enough, and we expect companies to actively seek out multiple vendors for their cloud computing needs.
Using a multi-cloud system-- where cloud services are provided by different vendors-- or a hybrid system --where cloud services are used alongside legacy software, private clouds and on-premises software and hardware-- allows companies to optimize their performances with better scalability and flexibility, while cutting down costs. Using multiple vendors also allows companies to take advantage of the best each cloud vendor has to offer, while avoiding locking in with one particular vendor.
As Ben Gitenstein, VP of product at Qumulo, an unstructured data management platform, told the Datamation site “Cloud solutions are now the name of the game, particularly hybrid cloud solutions for workloads that demand multiple storage environments,” said Gitenstein. “And as data continues to inevitably grow, enterprises require the flexibility and scalability only cloud services currently provide.”
5. Ethical Implications of Data Collection
Whether it’s Apple phones blocking location services in apps, a Facebook data breach, or an academic book about surveillance capitalism topping the best-seller list, data—the why and how it’s collected—has become a sort of ethical minefield for data professionals. This isn’t a bad thing; it’s a sign of how common and prevalent data analytics has become, and it also symbolizes how the profession is moving forward. No longer is data analytics and business intelligence relegated to the back-end of the corporate hierarchy; data analytics is front-and-center for many businesses. Having clear and ethical guidelines about data policy will save companies headaches later on.
Master's in Healthcare Data Analytics
If you’re interested in starting an exciting and dynamic career in healthcare data analytics, earning a master’s is one of the best career moves you can make. At Touro College Illinois, we offer a 30-credit online Master's in Healthcare Data Analytics. You’ll have the opportunity to find an internship in a healthcare data analytics role, and gain real-world experience applying what you’ve learned. As two of the fastest growing industries in the nation today, having a deep understanding of how healthcare and analytics intersect will prepare you for a long-lasting and fulfilling career.
Touro University Illinois
https://illinois.touro.edu/news/top-5-future-trends-in-data-analytics.php
https://illinois.touro.edu/media/schools-and-colleges/tcil/images/stories/tcil-datatrends.jpg
December 15, 2021
232757
Why is Healthcare Data Analytics Important?
Big Data Saves Lives and Allows Hospitals to Prepare for the Worst
For those of you who have been reading our coverage of data in the healthcare world, it’s no surprise that we put a premium on data analytics in healthcare. Healthcare data analytics encompasses both macro and micro trends in the healthcare field, whether it’s using data to gauge the spread of a disease or aiding a clinician in detecting an anomaly in a cancer scan.
Like all data analytics fields, the term refers to the use of large amounts of data to give organizations or professionals actionable insights, applied here to the healthcare field. As healthcare spending continues to ramp up, cost saving measures from healthcare data analytics offer hospitals and healthcare systems an easy way to cut costs while improving outcomes.
Given the trillions spent on healthcare worldwide, it’s no surprise that “by 2025 the market for health-related analytics will increase to about $28 billion” (Healthworld.com).
Types of Data Analytics
Descriptive Analysis: This is the most basic of all analysis. This examines an event that happened in the past. For example, a healthcare data analyst might track data at a hospital over the past five years to look for seasonal patient admission trends.
Diagnostic Analysis: This type of analysis is used to investigate why an event happened. For example, a healthcare provider might ask “Why is there an increase in patient dissatisfaction this month in our post-visit surveys?”
Predictive Analysis: This form of analysis is used to forecast something that will happen in the future. For example, a hospital might predict, based on trends observed over the past decade, that incoming cardiac patients will most likely increase by 20% this year.
Prescriptive Analysis: This is possibly the most important form of analysis in healthcare and the trend that is growing quickest. This form of analysis takes pre-existing data and implements treatment plans. For example, a healthcare provider might use a smart device to automatically analyze a patient’s vital signs, preemptively alert them that they’re at risk for developing a medical condition, and instruct them to visit their healthcare provider.
How Data Analytics is Used in Health Care
Below are three examples of how healthcare data analytics have affected the healthcare industry.
Predicting Hospital Usage
If there’s one thing we learned from the COVID-19 pandemic it’s that there are a finite amount of hospital beds. While the pandemic might be considered a black swan event, being able to predict hospital bed usage is vital for any working healthcare system. In a form of predictive analysis, French hospitals used an analytics program created by Intel to predict emergency room visits and hospital admissions. Using a number of time series analysis algorithms, the team managed to create a browser-based interface that allowed doctors to predict admission rates by considering a variety of factors like flu season and heat waves. “Seeing the prediction application take advantage of all the data and provide useful and actionable insights has allowed our medical staff to imagine the tremendous benefit it will provide to both the staff and our patients,” said Dr. Sébastien Beaune, emergency department director at one of the hospitals. “Having a better understanding of patient flows at our emergency departments—or even predicting these flows—is absolutely key if we want to improve our quality of care.” (Intel.com , DataPine)
Assessing Co-morbidities
Taking inspiration from the famous poem by John Donne, we can say that no disease is an island unto itself. Not only do clinicians have to treat the disease a patient is suffering from, but they need to be aware of other co-morbidities patients may have, especially diseases with wide-ranging effects like type 2 diabetes. Here again, data analytics can be of use.
Adam Wilcox, director of the Center for Applied Clinical Informatics at Washington University School of Medicine and a member of the American Medical Informatics Association, believes that the next frontier for healthcare data analytics will be in this critical juncture. Data analytics allows doctors to find out which patients are most likely to develop severe complications and those that are most at-risk of developing sepsis from longer hospital stays. Plus being able to calculate risks involved in co-morbidities will allow doctors to slow disease progression before things become that much harder to tackle (TechTarget).
Making Sure Patients Show Up
This one might seem like a no-brainer, but you’d be surprised to know how many adverse medical outcomes could be avoided simply if patients made it to their doctor’s appointments. (Not to mention how much money hospital systems lose when a patient doesn’t show up!) The American Journal of Roentgenology reported how one hospital system used a combination of artificial intelligence, predictive analysis and a simple reminder system to fix an alarmingly high MRI no-show rate. After the intervention, the hospital witnessed a 17% increase in attendance (American Journal of Roentgenology).
The Future of Healthcare
There’s no question that data analytics will totally transform the healthcare industry in the decades to come. We’re already seeing the beginning of a new era where analytical tools, IoT devices and AI technology are all helping to make health care more efficient and save lives. If you’re interested in a starting a career in the world of healthcare data analytics, our master’s program at Touro College Illinois is the perfect place to start. The Data Analytics Master's Degree in Healthcare will give you the tools and knowledge to make an impact in the health care industry.
Touro University Illinois
https://illinois.touro.edu/news/why-is-healthcare-data-analytics-important.php
https://illinois.touro.edu/media/schools-and-colleges/tcil/images/stories/healthcaredata.jpg
May 09, 2022
257164
Touro University Illinois Holds Ribbon Cutting for New Chicago Campus
Touro Deans, Donors, Local Community Leaders Gather to Dedicate Touro University Illinois Campus
Touro University Illinois held a ribbon-cutting ceremony last week, dedicating the Rabbi Fabian and Ruth Schonfeld Campus in Skokie, Illinois. More than 200 people attended, including Rabbi Shabsai and Debby Wolfe, who dedicated the campus, Rabbi and Mrs. Yoel Schonfeld, Touro President Dr. Alan Kadish, Hebrew Theological College (HTC) CEO Rabbi Shmuel L. Schuman and Touro University Illinois Associate Provost, Dr. Chani Tessler.
Touro University Illinois offers graduate-level programs in Cybersecurity and Data Analytics for Healthcare as well as Physician Assistant (PA) and Family Nurse Practitioner.
PA students came out to celebrate the momentous occasion, joining Touro deans from around the globe and local community leaders.
Local Chicago officials in attendance included Skokie Mayor George Van Dusen, CEO and President of the Skokie Chamber of Commerce Howard Meyer and State Representative Kevin Olickal, among others.
Touro President Dr. Alan Kadish, himself a former Chicago resident, shared his excitement about the launch of the new Touro school and campus, “We are thrilled to dedicate Touro University Illinois, our newest Touro campus offering top quality graduate programs in high-demand fields.”
During the invocation, Rabbi Shmuel Schuman declared, “The education on this campus should achieve the mission of Touro HTC and the focus of Rabbi Schonfeld to accomplish great things for the Jewish community and society at large."
Touro University Illinois
https://illinois.touro.edu/news/touro-university-illinois-holds-ribbon-cutting-for-new-chicago-campus.php
https://illinois.touro.edu/media/touro-college/communications/images/featured/2023/TCILRibbonCutting.jpg
June 26, 2023
313706
At Home in the ER
Lexi Speer, Member of Touro University Illinois’ PA Inaugural Class, Reflects on Life in the Hospital
In the well-ordered chaos of the emergency room, physician assistant Lexi Speer feels at home. She credits her ability to navigate that environment to her training as a member of Touro University Illinois’ inaugural Physician Assistant class.
Now a physician assistant in the emergency department at Advocate Good Samaritan Hospital, a Level I trauma center in the Chicago suburbs, Speer begins each shift knowing anything can walk through the doors.
“I love the diversity of complaints,” she said. “Every day is different. It’s head to toe medicine. And when someone comes to the ER, it’s a very vulnerable time. No one wants to be there. If I can bring compassion and bedside education into that moment, that’s what matters.”
Speer grew up in Vernon Hills, a suburb north of Chicago, and has always felt connected to the region.
“I love Chicago,” she said. “It has that great Midwest feel to it — the livelihood of the city but the calm of the suburbs.”
She attended the University of Iowa, initially following her older brother, who played tennis there. Frequent visits to campus convinced her to enroll. A human physiology major with a minor in German, Speer gravitated early toward medicine.
Her interest in patient care began even earlier as a lifeguard.
“When someone needs medical attention, it can be a fearful or uncertain time,” she said. “Being able to make an impact, whether small or significant, in that moment is what drew me in.”
After graduating in 2017, Speer returned to Vernon Hills and began working as a certified nurse assistant at Advocate Condell Medical Center. What began as a way to build the patient care hours required for PA school became a seven-year experience that shaped her professional foundation. She worked in the hospital’s float department, rotating through nearly every unit.
“Every day I was floating to a different floor,” she said. “I loved getting a taste of everything.”
A Floating Assistant During Covid
That flexibility became essential in 2020, when COVID-19 reshaped hospital life.
“It was such an unknown time,” Speer recalled. “We had very limited resources. You’d get one N95 mask for the entire day and have to ration it. And at the end of the shift, there was always that uneasy feeling about carrying germs home to family.”
Units across the hospital converted to COVID floors. As a float CNA, Speer moved between them, including the intensive care unit. “You didn’t know what the future held,” she said. “But it united all healthcare team members. We felt like we were in it together.”
The experience strengthened her commitment to becoming a physician assistant. She was drawn to the profession’s medical model and its flexibility. “PAs are trained very similarly to physicians, but there’s something called lateral mobility,” she said. “You don’t have to pick one specialty for the rest of your life.”
For someone who had thrived rotating across departments, the breadth of the PA role was appealing. In January 2023, Speer joined Touro University Illinois as part of its inaugural PA class, graduating in May 2025. The newness of the program offered unexpected opportunities.
“Because it was a new program, there were so many ways to grow as a leader,” she said.
Speer served as class co-president and as a student representative to the Illinois Academy of PAs, attending professional conferences and helping shape the student experience. After graduating with honors achievement, she credits the faculty with creating a supportive environment during an intense program.
Approachable Faculty Make a Difference
“PA school can be intimidating,” she said. “But the faculty were so approachable. I felt very confident when I began practicing.”
The 2.5-year curriculum began with a rigorous didactic year followed by clinical rotations across the Chicago metropolitan area. Students completed seven core rotations — including family medicine, internal medicine, emergency medicine, OB/GYN, psychiatry, pediatrics and surgery — along with three electives.
“I felt very prepared after my rotations,” Speer said. “Our preceptors really took us under their wing. We would see patients ourselves, then report back and discuss treatment plans.” For her electives, she chose an additional emergency medicine rotation and an urgent care rotation, confirming her interest in high-acuity care.
She began working at Advocate Good Samaritan in September 2025. The transition from student to provider came with a steep learning curve.
“No One Teaches You How to Remove a Popcorn Kernel from a Child’s Nose”
“When you start working, it’s real life,” Speer said. “No one teaches you how to remove a popcorn kernel from a child’s nose in school. That’s the beauty of emergency medicine as a new grad; every shift brings something new to learn.”
As a Level I trauma center, more complex cases are part of the daily rhythm. “It’s fast paced, especially during flu season,” she said. “But it’s a team sport. There’s a lot of collaboration.”
Speer typically works day or evening shifts three to four days a week. Under the mentorship of experienced physicians, she says she continues to grow into the role. Looking back, she credits both her years of hands-on patient care and her time at Touro for preparing her.
“When you start PA school, you learn how to succeed academically,” she said. “But the foundation of bedside compassion and strong work ethic often comes from the experiences you had long before.”
Touro University Illinois
https://illinois.touro.edu/news/at-home-in-the-er.php
https://illinois.touro.edu/media/schools-and-colleges/tcil/images/stories/alexis.jpeg
March 04, 2026
Physician Assistant Program
314530
Restoring Blood Flow, Saving Lives
Touro University Illinois PA in Vascular Surgery at Endeavor Health
In vascular surgery, restoring blood flow can mean the difference between saving a limb and losing it. At Endeavor Health’s Cardiovascular Institute, patients with vascular diseases and other complex circulatory conditions are treated by a team that includes Touro University Illinois physician assistant alumna Maheen Kazmi.
“In vascular surgery, you often see patients when they’re facing serious conditions,” said Kazmi, a member of the university’s inaugural PA class. “Being part of a team that can restore circulation and improve a patient’s outcome is incredibly meaningful.”
Kazmi helps manage patients throughout their hospital course, from the floor to the operating room. Her role includes assisting in procedures, monitoring recovery, and coordinating care with surgeons and the care team. Some cases involve traditional open surgery, while others rely on endovascular techniques using catheters and wires to restore blood flow through small incisions.
“We do a lot of endovascular procedures,” Kazmi said. “They’re less invasive and allow patients to recover more quickly while improving outcomes.”
Kazmi first encountered vascular surgery during a cardiothoracic-vascular surgery rotation while she was a student in the Touro University Illinois physician assistant program. The rotation placed her on a vascular surgery team treating patients with complex circulatory diseases.
“There’s a lot of critical thinking involved,” she said. “You’re constantly evaluating what’s happening with the patient and determining the next plan of action.”
In addition, clinical rotations exposed her to several specialties, including internal medicine, family medicine, emergency medicine, behavioral medicine, women’s health, surgery, pediatrics, and various surgical subspecialties. However, the cardiothoracic-vascular surgery rotation stood out the most for its wide range of cases and team-based environment. The mix of high-acuity, critical situations and more complex chronic conditions made it especially exciting and rewarding.
Kazmi, who grew up in the Chicago suburbs, earned a bachelor’s degree in biological sciences with honors from the University of Illinois at Chicago in 2019. She later completed a master’s degree in biomedical sciences from Midwestern University before enrolling in the physician assistant program at Touro University Illinois, graduating in 2025 as part of the program’s inaugural class.
She said the physician assistant profession appealed to her because of its collaborative nature and the role physician assistants can play in expanding access to care.
“Physician assistants help bridge gaps in healthcare,” Kazmi said. “You’re able to work closely with patients while also being part of a larger team.”
Giving back to the community was also an important part of her upbringing. Growing up, Kazmi volunteered with her family at food drives, local kitchens, and other initiatives that supported people in need.
“My parents valued kindness and helping others,” she said. “Volunteering at these events was something we did often as a family.”
Those experiences helped shape her perspective about patient care. “Being able to make an impact on someone’s life during a vulnerable time is what makes the work fulfilling,” Kazmi said.
Patients treated by vascular teams often present with a range of circulatory conditions, including peripheral arterial disease, carotid artery disease, aortic aneurysms, blood clots, and critical limb ischemia.
“You’re wearing a lot of different hats,” Kazmi said. “PA school gives you the foundation, but practicing medicine teaches you how to make decisions in real life and adapt to complex situations.”
While at Touro, Kazmi also took on leadership roles in the inaugural class. She served as co-president of the Class of 2025, participated in the Illinois Academy of Physician Assistants as a student liaison, and served on the School of Health Sciences dean’s advisory board.
Being part of the program’s first class meant working closely with faculty as the program continued to develop.
“We built really strong relationships with the faculty,” Kazmi said. “They were invested in helping us succeed and building a foundation for lifelong learning and collaboration in medicine.”
Kazmi continues to advocate for the profession and mentor future PA students. She participates in events organized by the Illinois Academy of Physician Assistants and returns to Touro to speak with incoming students during orientation.
“PA school is challenging, but also incredibly rewarding,” she tells incoming students. “Stay curious and never stop asking questions.”
She encourages students to fully engage in their clinical rotations and seek insight from all members of the healthcare team.
“Use each rotation to expand your perspective,” Kazmi said. “Everyone around you has something valuable to offer.”
For Kazmi, the work ultimately comes back to the same purpose that led her into medicine.
“Being a PA means combining clinical knowledge with compassion and helping patients feel supported and cared for when they need it the most,” she said. “Every day you have the opportunity to make a difference in someone’s life.”
Touro University Illinois
https://illinois.touro.edu/news/restoring-blood-flow-saving-lives.php
https://illinois.touro.edu/media/schools-and-colleges/tcil/images/stories/Maheen.jpeg
March 26, 2026
Physician Assistant Program