Category: Uncategorized

The increasingly digitalized world we live in has a lot of benefits in business and in relationships, but with it also comes a whole new host of problems, including a rise in API data breaches.

A number of high-profile companies have been affected by API data breaches in recent years, allowing other businesses to learn from their mistakes in regard to cyber attack prevention. It can be difficult to regain public trust once a breach has occurred, not to mention the legal ramifications of not carefully storing your users’ information properly. Performing a vulnerability test on your system can help identify areas of weakness.

Given the vast variety and differences between potential attacks today, there is no easy solution to data breaches, and the right approach to prevention can depend on numerous factors. API security, in itself, is complex, and before you can come up with a good game plan, you must understand what you’re up against. While today’s cyber attackers are finding new ways to infiltrate networks all over the globe, there are a few common attacks you’ll need to keep an eye out for. Familiarizing yourself with these will help you form an effective plan for prevention.

What Are Some Different Types Of Data Breaches?

Data breaches can be the result of a variety of different attacks. Three of the most common include man-in-the-middle attacks, session cookie tampering, and distributed denial of service attacks. Each of these is unique in the way it is conducted, and which type of information may be at stake. Here, we’ll break down what these are and how you can shield against them.

Man-In-The-Middle Attacks

Man-in-the-middle attacks are common in today’s cyber world. In this scenario, there is the victim, the system they are interacting with, and the “man in the middle”, which refers to a person attempting to intercept a victim’s data. In order for this cyber breach to be successful, the victim must not know about the man in the middle. Some tactics man-in-the-middle attacks utilize include IP spoofing, DNS spoofing, Email hijacking, HTTPS spoofing, Wi-Fi eavesdropping, and stealing browser cookies.

The typical MITM attack requires that the attackers gain access to a poorly secured Wi-Fi router, which is commonplace in public areas that offer free Wi-Fi hotspots for guests. This may also be the case in a person’s home, where a Wi-Fi network may not require a password. Once attackers detect vulnerability in a network, they can intercept a victim’s data using different tools, then insert these tools accordingly to gain access to the different sites a user visits. Once the data is intercepted, the attacker will unencrypt the data to gain access to protected information.

Session Cookie Tampering

Cooking poisoning and cookie tampering are used to describe an attack where cookies, or pieces of data stored in a particular user’s browser to track information from websites, are modified to bypass security in hopes of infiltrating a network. A cyber attacker, who is using cookie tampering, might gain access to a user’s account via false information, such as tricking a particular server into accepting the new version of the intercepted cookie once it’s been modified.

It can be fairly easy to carry out cookie tampering if a web developer of the application didn’t carefully store information prior to the attempted attack. This is especially true when key parameters have been labeled and are therefore simple to identify. A strong web application firewall can help prevent cookie tampering by detecting a cookie’s “set” commands and only accepting them if the information held within is verified.

Distributed Denial Of Service Attacks

DDos, or distributed denial-of-service attacks, are also common in today’s digital realm. This is a type of attack in which more than one compromised system attacks a target, causing the denial of service for other users. This type of attack has been utilized by a variety of groups, including individual hackers, government agencies, and even organized crime rings.

Post-Assessment Tips

Once an assessment of your network and potential vulnerabilities have been conducted, you should take the appropriate steps to alleviate the issues found therein.

To begin, start with the basics. Maintaining a solid inventory of your APIs is the first step you should take to ensure you’re protected against attacks in the future. Once you’ve done this, you can begin to develop and implement an effective set of security policies, which can include authentication and authorization, traffic management, and training on how to detect content threats.

You might even consider an API management gateway to up the ante on protection. It is also a wise idea to evaluate your existing platform vendors. Often, third-party vendors represent a weak security link. Remove sensitive data in your API URL path as well.

As you can see, network security requires a layered approach. There are certain techniques that work better for some businesses. A great IT specialist can help you find the best combination to provide your business with a good line of defense against the wide range of cyber threats.

A recent breach left the protected health information (PHI) of more than 19,000 patients in Orlando, Florida completely exposed online for two months before it was detected. What is more concerning, however, is why it took the group of clinics involved five months to report the breach to the Department of Health and Human Services, and six months to alert the affected patients.

How the Breach Happened

The Orlando Orthopaedic Center in Florida hired a 3rd party vendor to handle their transcriptions, as do many clinics and health centers. When the vendor was updating their software during December 2017, they made a serious mistake that misconfigured access to one of their databases. That configuration issue left their server open to the public and accessible over the internet. Anyone who desired could access the patient data stored on that server, and they could do so without any authorization needed. It was two months before the mistake was discovered.

Impact of the Breach

This breach left 19,101 patient records seriously exposed, which was not only a major HIPAA violation, but a situation that could easily result in identity theft. Once the breach was recognized, investigators discovered that a great deal of information had inadvertently been made publicly available. This included names, insurance details, dates of birth, medical treatments, employers, and, in a limited number of cases, social security numbers. Fortunately, no financial information (debit card numbers, credit card numbers, bank account numbers, or other financial records) were exposed during the breach.

All patients that received treatment from any Orlando Orthopaedic clinic prior to January 2018 would have been affected by the breach. Investigators were not able to determine if anyone had gained access to what should have been PHI, and none of the affected individuals have, as of yet, reported identity theft or misuse of their PHI. However, the investigators were still unable to rule out the possibility of information theft or unauthorized access to patient information.

Aftermath of the Breach

Orlando Orthopaedic did not find out about the breach until February 2018, two months after it occurred. However, it would be almost six months before the affected patients were notified by mail. The clinics involved have yet to provide a reason for the delay in notification.

As a result of the security breach, Orlando Orthopaedic Center employees are receiving cybersecurity training even though they were not directly responsible for the problem. In addition, the affected clinics are taking additional security measures to ensure that PHI stored both on their own servers, as well as accessible through endpoints, are all secured.

The transcription vendor responsible for the breach has offered all the affected patients one year of free credit monitoring and identity theft protection and restoration services. The vendor has also made changes to their security to ensure that information on their servers remains protected from prying eyes.

In addition, all patients involved have been advised to closely monitor their insurance Explanation of Benefits statements, as well as their other accounts for any signs that their PHI is being used fraudulently. In the event that a patient sees unusual activity, they should notify their insurance provider immediately.

Who Is Responsible?

Even if a 3^rd party vendor or business partner is responsible for causing the breach, the healthcare provider is still held legally responsible. In this case, Orlando Orthopaedic is the responsible party even though it was the security of the vendor that was lax, a situation over which they had no direct control. This reinforces the fact that healthcare providers must be thorough in vetting potential vendors.

Concerns about Delays

As already mentioned, it took Orlando Orthopaedic six months to notify their patients of the PHI breach and five months to notify the Department of Health and Human Services Office of Civil Rights (OCR). The OCR should have been notified 60 days after discovery of the breach, according to HIPAA guidelines, not five months. The same deadline applies to notifying patients.

No doubt a fine is to be expected. Presence Health delayed reporting a breach to the affected patients and OCR 40 days past the 60-day deadline. Their fine amounted to $475,000, and was the first case of a HIPAA breach fine for the untimely reporting of a breach of unsecured PHI.

Conclusion

Even if the breach of PHI is caused by the carelessness of a business partner (including 3rd party vendors), the healthcare clinic is still the entity held legally responsible. There is a 60-day deadline for notifying OCR and the affected patients, and failure to meet this deadline will most likely result in a punitive fine. Failure to notify the patients right away can damage the reputation of the healthcare provider. Even offers of credit monitoring and identity theft restoration cannot undo the negative effects of the breach.

Girl Scouts of the USA recently announced the addition of 30 new badges now available for Girl Scouts aged 5-18. The new badges were created to address a number of today’s most important social issues, including environmental advocacy, cybersecurity, robotics, computer science, and space exploration, among others.

Girl Scouts of the USA has long served as a means for young girls to acquire life experience and develop a number of important soft skills, which include perseverance and confidence. The benefits of participating in Girl Scouts are proven. According to one study, Girl Scouts are over twice as likely to demonstrate community problem-solving skills compared to those who do not participate.

The Cybersecurity badge, funded by Palo Alto Networks, will introduce the girls to a variety of age-appropriate internet safety and privacy principles. They will first learn how the internet works, then learn techniques to spot, report, and further investigate cybercrime.

Cybercrime is on the rise, and the Girl Scouts are in a unique position to influence young girls all over the nation. According to the FBI’s 2017 Internet Crime Report, cybercrime resulted in more than 300,000 complaints last year with losses reaching upwards of $1.4 billion. Raising awareness about cybercrime is just one step toward combatting the problem, and with the help of their sponsors, the Girl Scouts are on their way toward arming a new generation of young people with the tools they’ll need to make a difference in internet security.

New Leadership Journeys

In addition to the cybersecurity badge, the new badges include two additional Girl Scout Leadership Journeys to help girls on their path to growth. Girl Scout Leadership Journeys involve hands-on activities to help girls utilize their new skills to tackle problems within their respective communities. These programs prepare girls to achieve success in fields like computer science, robotics, and cybersecurity.

Funded by Raytheon, “Think Like a Programmer” offers girls a valuable foundation in computational thinking, which will serve as the basis for next year’s Cyber Challenge, a first for the organization. The Think Like an Engineer Journey will help girls further understand how engineers approach and solve problems.

Phase one of the national computer science program for middle school and high school-aged girls has been run as a pilot in a small group of geographies since earlier this year. The program is expected to expand nationwide in the fall of this year, with select groups of Girl Scout councils piloting the upcoming Cyber Challenge next year in 2019.

Raytheon & The Girl Scouts: A Partnership

Raytheon Company, headquartered in Waltham, Massachusetts, is a leader in technology and innovation in civil government, defense, and cybersecurity solutions. With a history spanning nearly a century, Raytheon operates in more than 80 countries. The company has a long history of partnership with several Girl Scout Councils. It is the inaugural sponsor of the Girl Scouts’ computational thinking program, which will expose the girls to age-appropriate content across areas such as science, engineering, technology, and math.

Although women made up half of the current college-educated workforce, only 29% work in occupations dealing with science and engineering. The new partnership with Raytheon seeks to increase the number of female STEM leaders by encouraging girls to explore an interest in these fields early on. In fact, the Girl Scout Research Institute, GSRI, compiled a report, the Generation STEM report, which determined that 74% of teen girls demonstrate an interest in STEM fields; however, this interest fades as they get older and move on through middle school and high school. The decreased interest is thought to be the result of a lack of exposure to STEM fields in ways that pique their further interest and inspire ambition.

In 2017, the Millennial Cyber Security Survey, conducted by the National Cyber Security Alliance, NSCA, found that the majority of female Millennials said that more exposure to STEM information, training, and classes during their middle school and high school years would have had an impact on their interest in cybersecurity careers. These new badges will strive to empower young girls to achieve their goals across all industries, particularly those currently dominated by males.

History Of Girl Scouts

The Girl Scouts of the US have been making a difference across the nation for nearly a century. The first Girl Scout troop was established in 1912 in Savannah, Georgia by Juliette Gordon “Daisy” Low. Since then, the organization has grown exponentially, culminating into a membership of more than 2.6 million. Today, they continue to operate under the principles of courage, character, and confidence in hopes of making the world a better place.

 

How Can I Keep My Business Safe From an Email Scam?

Recently, small business owner, Phoebe Bell of Sage and Clare, a popular homeware designer business in Australia, opened up about her company falling prey to email scammers. Sage and Clare lost $10,000 from the hi-tech thieves who Bell says were most likely tracking the company’s emails for months.

As they have done countless times before, Sage and Clare placed a routine stock order with an unnamed supplier. In fact, Bell handled the order herself, emailing back and forth with the supplier about the order for several weeks.

In the midst of negotiating the order, the supplier informed Bell they had a new bank account to pay the money into for the order. Again, this was nothing out of the ordinary, Bell says because suppliers often change bank accounts.

After paying the $10,000 into the supplier’s “new account,” Sage and Clare discovered that their business was the victim of a scam, where a third party posed as the initial supplier. The scammers most likely hacked emails and read through the correspondence between Sage and Clare and the supplier, intercepted the specifics, and then redirected the payment funds.

Fortunately for Sage and Clare, they have the capital to recover from this loss. For some small businesses, losing $10,000 would cripple them.

Ms. Bell said that she was both embarrassed and distressed that this sort of thing could happen to her. She thought that she was smart enough to spot a dirty trick like this. When she opened up about the incident online, she found that many others had gone through a similar experience. She says that if someone had broken into her shop and stolen $10,000, the local police would come out and do a full investigation. But since the incident happened online, there’s nothing the police can do. She did report the theft to her bank, the Australian Federal Police, and the Australian Cybercrime Reporting Network (ACORN).

How Can I Train My Team to Spot Hackers?

How can you keep your business safe from these types of email scams? What kind of safeguards can you put in place to ensure that your business does not fall prey to thieves prowling for businesses who practice naive online transactions?

5 Effective Tools to Keep Your Australian Business Safe from Hackers in 2018

Routinely Train Your Employees

Almost 90% of Cyber Attacks are Caused by an employee’s human error or an honest mistake, according to a cyber consultant, Willis Towers Watson. These circumstances are commonly a result of employees giving sensitive information to hackers who pretend to be clients in need of information.

Routinely scheduling an online security awareness training for all your team will keep your company updated and vigilant to fend off hackers.

 Improve Your Technology

Having anti-virus software in place to protect your company’s site from viruses and malware is the first step in good cybersecurity.

It is essential to have the software updated on a regular basis. We all get the update software notices, and it’s easy to ignore or delay the update to the next day, week or month. Make sure your IT department stays on top of all updates and patches. This will ensure that each computer is up-to-date.

Here are some questions to ask yourself and your team to ensure you are protected from viruses and malware:

• Do we have firewall protection?
• Are our passwords strong?
• Do we use two-factor authentication?

Being able to confidently answer these questions will give you peace of mind that you are doing your best to keep your business safe from cyber-attacks.

Keep a Tight Rein on Internet Access

This key step is often overlooked by employers but is so important. Your IT department can set up your computers so that they cannot access risky sites. Make sure that important company information can only be accessed by a chosen few.

Another good tip is to make it a practice to stay informed about current online data breach scams. Routinely making a habit of following a blog that reports the latest hacking news will help you stay vigilant.

 Don’t Keep Unnecessary Data

It isn’t necessary to store old data or customer information that is outdated or no longer useful for the company. Too often, though, companies don’t take the time to purge old records. Instead, they end up keeping information such as credit card numbers and other sensitive information in their system for customers who are long gone.

When the information is of no further use to your company, have a system in place where it is deleted. This will ensure that you avoid the risk of revealing unnecessary customer information if you are breached.

Adhere to a Phishing Awareness Checklist

Sticking to a protocol of routinely checking off safety practices will keep you aware of potential phishing attacks.

Here are some suggestions of important checklist questions you may want to include:

• Do you recognise who’s sending the email?

If not, hover your mouse over the “From:” field to check for the right domain (i.e., an email from Yum Dog Treats should have a domain name of yumdogtreats.com).

• Can you identify the sender’s email address?

Don’t open anything when their name is not matched up with the email address. If “Katie Jones” from “Yum Dog Treats” sends you an email, her email address should most likely say something like kjones@yumdogtreats.com, not kjones1989@gmail.com.

• Is there an attachment the sender wants you to open?

Be suspicious of all attachments, but especially ones that have two extensions (i.e., file.doc.scr) or small files that are zipped.

• Is there a link from the sender?

If so, does the URL convey the message of the email? You can simply hover your mouse over the link to check the URL to read it.

Conclusion

With the current situation, cyber-attacks are increasing dramatically in Australia and around the world. No one is safe. It’s every person’s duty to remain informed and aware of these scams. Ms. Bell learned her lesson the hard way and it cost her $10,000 to do so. You may not be financially able to learn such an expensive lesson.

As providers are all too well aware, their payments from Medicare are affected by their score in the Merit-based Incentive Payment System (MIPS). MIPS imposes a number of requirements; if these are not met, payments may be reduced or denied.

The MIPS requirements apply to all Medicare claims, even those whose performance is not necessarily affected by a MIPS constraint. Among these universal requirements is the meaningful use of electronic health records (EHRs). Within the EHR requirements, we have the promotion of interoperability with other EHR systems, and within that, we have the security requirements. Among the security requirements is an annual security risk assessment.

What Has Changed?

In the Federal Register of July 27, 2018, the Centers for Medicare and Medicaid Services (CMS) proposes that the current security risk assessment requirement in MIPS be replaced. The suggested replacement will be an attestation to the activities included in the security risk assessment standard that has been performed in the past MIPS year.

This essentially switches the scoring of the security risk requirement from the equivalent of a numeric grade to a pass/fail scoring system. A practice or institution passes if it has done the assessment; how well it has done on the assessment falls by the wayside. The requirements are stated in a bare-bones fashion in the Code of Federal Regulations at 45 CFR 164.308.

CMS states that their rationale is, in part, a result of the realization that a risk assessment is done well, or not at all.

What A Serious Risk Assessment Entails

The thinking behind this can be found in the Office of Civil Rights (OCR) newsletter for April 2018.  This newsletter distinguishes a gap analysis (“find the holes”) from a security risk assessment (“make sure there are no holes”). It is a highly useful guide to discerning the scope and the level of effort required for a serious risk assessment.

An article on the HHS website goes into greater detail explaining what is subject to the security rules and why:

All e-PHI created, received, maintained or transmitted by an organization is subject to the Security Rule. The Security Rule requires entities to evaluate risks and vulnerabilities in their environments and to implement reasonable and appropriate security measures to protect against reasonably anticipated threats or hazards to the security or integrity of e-PHI. Risk analysis is the first step in that process.

The guidance issues from OCR noted that the CFR requirements are divided into two categories: required and addressable.

The addressable requirements are not optional. Rather, if the approach specified in an addressable requirement is not feasible, the provider organization must develop an effective alternative to approach to achieve the same end and document this. The tendency to document-but-not-implement should be firmly resisted.

Did You Really Do A Risk Assessment?

Experts suggest that OCR has significantly underestimated the time required to do a serious risk assessment. Obviously, you have to look at hardware-associated risks. Are the BIOS files in your desktops and laptops updated? Has router firmware been updated?

You must take a hard look at software-associated risks as well. Are operating systems patched? You must strategically assess administrative risks: are you enforcing complex password requirements? Are you using biometric identifiers? Is data access truly on a need-to-know basis?

A Helicopter-Level View Is Not Adequate

The reader may protest that those concerns are nowhere to be found in the guidance. True. The point is that an adequate risk assessment will have revealed these as questions that need to be asked on a day-to-day operational basis. A risk assessment that is not dynamic misses all the critical points of vulnerability.

A risk assessment should point out any unnecessary risks and then offer a solid plan to eliminate them. It’s good to remember that the whole point of the endeavor is to make sure that the government (and all organizations) move toward better Internet and network security. With cyber breaches occurring on almost a daily basis, there’s every need to be more cautious about how we handle, store, and transmit Big Data.

The current cost of a data breach has reached between $1.3 million and $3.5 million. The number one most sought-after data that hackers are vying for is healthcare information. On the Dark Web, 30,000 up-to-date healthcare records will fetch a pretty price.

Conclusion

Under this proposed rule change, you will no longer be given a percent of compliance score on your risk assessment. You will simply be in or out of compliance. The upside is less administrative hassle; all you have to do is carry out the activities and attest that you did this. The downside is that this may lead to a relaxation of vigilance at a time when threats are constantly increasing.

 

 

Azure Stack has commanded plenty of loyal followers since its release, and it’s easy to see why. The platform provides many of the same great benefits users found in Microsoft’s Azure. Chief among them is the impact on multi-cloud environments. Building and deploying applications have become easier than ever before, and users are now able to enjoy the same familiar, tried-and-true tools to streamline their web operations. These factors plus a wide variety of others combine to create a solid case for Azure Stack.

Before you decide if a service like Azure Stack is right for your company’s IT structure, it’s important to know what benefits you’re dealing with. Knowing the basics of Azure Stack and its usage capabilities can help you determine whether it makes sense for your unique business needs.

What is Azure Stack?

It’s an extension of Microsoft’s Azure, and helps companies combine cloud computing with on-premises environments. Consistency is key with this type of platform, as it allows companies to deliver Azure’s unique services from their own unique datacenter for consistent hybrid cloud deployments.

What Are Some Benefits of Azure Stack?

There are many benefits associated with Azure Stack. For instance, users can apply Azure web and mobile services, architectures, and containers to extend legacy applications through the use of consistent processes in the cloud and on-prem. They can also build applications with a consistent set of tools and services, then deploy those applications to the appropriate location by writing code just once.

It allows companies the flexibility to seamlessly transition workloads between private and public environments, bringing a whole new world of potential for those who have long hoped for a turnkey solution to deploying applications. While deploying new cloud applications once took hours or even days, with Azure Stack, users can deploy them in mere minutes with the use of prebuilt solutions from Azure’s Marketplace. Add-on products, such as Commvault Hyperscale, are also integrated easily with Azure Stack.

One other perk users find in Azure Stack is its payment structure. Users pay only for the services they actually use, which can also be found in Azure.

How Can Azure Stack Be Useful For Federal Agencies And Financial Service Providers?

While Azure Stack is beneficial to companies across diverse industries, its capabilities are particularly helpful in the federal agency and financial services realms. Nearly all industries must comply with some sort of financial regulations, required either by internal policies or by customers. Security-wise Azure Stack satisfies requirements that dictate sensitive data must be stored in one tightly managed location.

Among the many benefits of Azure Stack for federal agencies is the ability to provide edge and disconnected computing for remote users, such as military members in a combat zone or other areas where access to the cloud may be difficult to come by. The ability to process big data at the edge and have this data sent to one central location is highly useful to federal agencies.

Additionally, Azure Stack allows large agencies to build out private clouds to serve their internal teams, which provides specialized services both cost-effectively and securely. Azure Stack allows federal customers to remain compliant with governing regulations that call for the security of privileged and classified information, which may later be moved to a public cloud once those security requirements expire.

Adequate security is vital in the financial world, and today’s top financial organizations simply can’t afford a breach. Large financial service providers have the opportunity to host Azure Stack-as-a-service to other business units, resulting in a private cloud that becomes a consumable service. With this, business units are able to avoid the security issues that come from operating outside of a private cloud. Financial service providers are also able to now scale quickly with Azure Stack, given their ability to transition to the public cloud during times of heavy traffic.

What Are Some Azure Stack Storage Options?

When it comes to persistent storage while using Azure, developers are faced with three basic options:

1. Tables
2. Blobs
3. SQL Databases

The latter is a database-as-a-service that offers a variety of the same features found in SQL servers, but without the overhead of one key figure: database administration.

Tables have the capabilities to support upwards of 200TB of basic structured data. This may be a good option for those who prefer a NoSQL database, similar to that of MongoDB, but without the need to manage a data store service.

There is also the option of Blobs, short for binary large objects, which are unstructured storage objects built for the storage of binary data. It can be accessed through API commands or REST, and has about the same storage capacity as Tables.

Wrap Up

All in all, Azure Stack has proven well worth its weight in terms of convenience for developers. If its current state is any indication, there should be plenty of exciting new features to look forward to in the years to come.

Which Tablet Is Best For You: iPad Or Microsoft Surface Go?

Microsoft recently announced a new budget-friendly tablet called the Surface Go with a lower price than previous tablets. This new Surface Go 2-in-1 tablet is Microsoft’s attempt to make it more affordable and accessible for consumers. It doesn’t have the muscle of the Core i7-powered Surface Pro, but it’s half the price. To compete, Apple took a similar approach when it lowered the price of its baseline iPad to $329 ($299 for educators). It’s not as powerful as the iPad Pro, but it’s much less expensive for everyday customers.

Let’s break down what each of these tablets, the Microsoft Surface Go, and the iPad, offer you and find out what is the best tablet for you.

Software

How are they similar?

Both iPad and Microsoft Surface Go are 10-inch tablets with optional keyboards and stylus pens. They also allow you to use a bunch of apps for both work and entertainment similar to a smartphone. Aside from those similarities, Apple and Microsoft obviously are different in just about every aspect of the software hemisphere.

How are they different?

The Surface Go comes with Windows 10 S. This is the scaled-down version of Windows 10 created specifically for tablets. It is similar to Windows 10 Home, but can only use apps from the Microsoft’s Windows Store. Consumers are able, however, to upgrade to Windows 10 Home for free and use their Surface Go like a full Windows system.

The downside of this is that you can’t then revert back to Windows 10 S later. The upgrade, in the long run, seems worth it, because the full Windows experience offers more flexibility than a tablet-only Windows product. While there’s plenty of software available at the Microsoft app store, it pales in comparison to the amount you’ll find from other sources of Windows software, or the Android or iOS app stores.

The iPad uses Apple’s iOS, the same OS used by the iPhone. The iOS App Store features millions of apps of every kind, and you can enjoy the same user experience you do on the iPhone but in a larger version. The downside is that there’s no way to get access to macOS or OS X Mac software that is in the MacBook Pro on the iPad.

Display

How are they similar?

Both tablets have 10-inch screens, and they both are capable of stylus use.

How are they different?

Apple has much better resolution, but Microsoft has an edge in display size. The Surface Go has an 1800×1200 10.6-inch PixelSense display custom-built for the tablet. The iPad’s 9.7-inch Retina display has a narrower aspect ratio and a higher resolution, 2048×1536 pixels. In simpler terms, the iPad’s screen is slightly smaller than the Microsoft Surface Go, but it is crisper, featuring a pixel density of 264ppi as opposed to the Surface Go’s 217ppi.

Processor

Microsoft Surface Go

The Surface Go uses the Pentium Gold 4415Y CPU, which is a significant move down from a Core series chip. Not enough independent tests have been performed to see how exactly it will compare to the other Surface Pro tablets at this time.

iPad

The iPad uses Apple’s A10 Fusion chip, the same one that the iPhone 7 used. It’s a generation behind the A11 Bionic chip that the iPhone 8 and iPhone X uses, but it still does an extraordinary job inside a tablet.

Storage/RAM

The baseline Surface Go boasts 4GB of RAM and 64GB of onboard flash storage, twice as much as the iPad. The baseline $329 iPad features 2GB RAM, 32GB storage. Another edge the Surface Go has in this area is the ability to upgrade. The Surface Go has a microSD card slot, so you can expand storage, unlike the iPad.

Size

The iPad is marginally slimmer and lighter than the Surface Go. Apple’s 9.4-by-6.6-inch tablet is just 0.29 inches thick and weighs 1.05 pounds. The Surface Go is a tad bit thicker (0.33 inches), a little larger in footprint (9.6 by 7 inches) and weighs a tiny bit more (1.15 pounds).

iPad 2018 and Surface Go-Specs Side by Side:

iPad 2018                                                                    Surface Go:

A10 Fusion chip (2.34GHz quad-core) with 64‑bit architecture; embedded M10 coprocessor	1.6GHz Intel Pentium 4415Y processor (7th-gen Kaby Lake)
2GB RAM	4GB or 8GB RAM
32GB or 128GB storage	64GB, 128GB or 256GB storage
9.7in LED-backlit Multi-Touch display with IPS technology; 2048×1536 at 264ppi; 4:3 aspect ratio; supports Apple Pencil	Intel HD 615 integrated graphics 10in IPS screen; 1200×1800 at 217ppi; 3:2 aspect ratio; supports Surface Pen stylus
8Mp rear-facing camera; f/2.4 aperture; Live Photos; Panorama (up to 43Mp); 1080p HD video recording; slo-mo (120fps)	8Mp rear-facing camera
1.2Mp front-facing camera; f/2.2 aperture; Live Photos; Retina Flash; 720p HD video recording	5Mp front-facing camera
802.11a/b/g/n/ac Wi-Fi; Bluetooth 4.2; Lightning port; headphone jack	802.11a/b/g/n/ac Wi-Fi; LTE later in 2018; 1 x USB 3.0 Type C; 1 x Surface Connector; microSD; headphone jack
32.4Wh rechargeable lithium-polymer battery; estimated battery life 10 hours (Wi‑Fi), 9 hours (mobile data)	27Wh rechargeable battery; estimated battery life 9 hours
iOS 11	Windows 10 Home in S Mode
240mm x 169.5mm x 7.5mm; 469g/478g (Wi-Fi/cellular)	245mm x 175mm x 8.3mm; 522g

The Key Benefits and Potential Issues Involving Outsourced Healthcare IT That You Need to Know

Outsourcing refers to finding a third-party to deliver certain services. In the healthcare industry, outsourcing IT functions has been an acceptable alternative to an in-house IT staff for many years. As more and more healthcare providers are turning to managed IT services to meet their technology requirements, it is important to have a good understanding of the benefits and potential issues involved with outsourcing IT.

Time

One of the established benefits of outsourcing healthcare IT functions is that it can significantly reduce the time it takes to implement new technology and industry best practices. IT providers are pressured to stay on top of the latest developments in order to remain competitive with others.

There is another aspect to the pros when it comes to time: 24/7 operation. Many healthcare employees who must interact with IT systems to do their job do not always follow the traditional 9-to-5 work schedule. Outsourcing makes it possible to offer around-the-clock IT staffing and support to respond to user needs anytime they appear. It also makes 24/7 management of IT feasible. In addition, having an outsourced IT staff can have a positive impact by reducing system downtime. You’ll have someone available to work on the system whenever it fails (e.g., midnight on a holiday).

Qualified IT Staff

Smaller healthcare providers and those in more rural geographic areas can’t always compete for the best talent in the IT field. It can sometimes be difficult to recruit qualified IT staff in these situations, but outsourcing IT functions free healthcare providers from this constraint. They can make use of the best talent regardless of geographic location and are able to obtain access to that talent at a lower price.

Focus Onsite Talent

In addition, it makes it possible to have an onsite team that focuses on items that are more critical to the company’s mission, such as improving patient satisfaction. The more boring, repetitive aspects of IT can be outsourced, allowing a healthcare establishment to better optimize their use of talent they have successfully recruited.

Flexibility and Scalability

Another benefit of outsourcing IT is that it’s much easier to scale up IT resources as needed, as well as respond to temporary fluctuations. Many vendors offer burst capacity options that are only paid for when they are needed. You can scale down during low-peak seasons for your business, but the ability to scale up is always there. That’s real flexibility.

Compliance

Compliance is a major issue in healthcare. There are two major compliance-related pros to using a managed IT provider: more up-to-date knowledge of changing compliance landscape and the ability to conduct external audits without as much of a vested interest in the results.

However, there can be drawbacks related to compliance, too. If you outsource to someone outside of your region, they may not be familiar with the compliance regulations that need to be implemented. When the vendor is outside of your geographical boundaries, there can be potential complications with exporting data as well.

Costs

When it comes to costs, there is an abundance of benefits to hiring a healthcare IT managed service provider, including the following:

• Cheaper than having an on-site IT staff
• Reduces the capital investment required for on-site equipment
• Can help reduce costs that are passed on to patients
• Reduces the need for full-time IT employees

In addition, for smaller clinics there may not be funding for the infrastructure and security needed to support an on-site IT staff, making outsourcing an ideal solution.

Managing and Monitoring the Vendor

Without a reliable managed IT provider in the healthcare industry, especially in today’s climate of cybersecurity dangers, outsourcing IT functions could prove disastrous. However, it is still important to monitor the vendor. There is a critical need for someone to be the main resource who is responsible for interacting with each vendor. Failure to do so could have consequences.

Morale

If a healthcare group has an existing IT department, there is a strong probability that any on-site IT employees, whether officially or unofficially part of an IT department, may feel threatened by outsourcing. To minimize this, management needs to be honest and transparent about what is being outsourced and what is not.

Unrealistic Expectations

There is often a gap between what the healthcare business is expecting and what the managed IT professional actually provides. In fact, one of the biggest issues in healthcare IT is unrealistic expectations on behalf of the healthcare leaders. This can result from a poorly defined scope of work that invariably leads to major issues later on. That is why it’s vital that the key performance indicators are established early. Communication is so important when successfully working with any vendor. In addition, a failure to honestly communicate existing problems when evaluating potential vendors will only lead to more unrealistic expectations.

Conclusion

Outsourcing healthcare IT can provide numerous benefits, including faster setup, 24/7 IT operations management, state-of-the-art implementation, and significant cost reduction. However, there are risks to existing IT staff morale, the danger of unrealistic expectations, and potential issues with compliance issues. Do your research and make sure that the company you’re considering understands HIPAA and other regulations now required in the healthcare industry. Make sure you have a clear understanding of the services your managed healthcare IT provider will deliver.