Education, Tip of the Week

What Can Nurses Do to Optimize Their Role in Health Care?

All across the country, there are thousands of nursing schools offering accelerated nursing programs to students – perhaps too many to choose from.  How can they decide what program will present an innovative approach, yet maintain the original focus of nursing?  Nursing is defined as the “protection, promotion, and optimization of health and abilities, prevention of illness and injury, alleviation of suffering through the diagnosis and treatment of human response, and advocacy in the care of individuals, families, communities, and population” (American Nurses Association, 2014).

KSA
Taking Steps to Focus

The Robert Wood Johnson Foundation (RWJF) was created over 40 years ago to improve health care and address significant health issues in American society.  In 2005, the RWJF turned its focus on the role of nurses in health care. The foundation funded an organization dedicated to supplying future nurses with the knowledge, skills, and attitudes necessary to advance the quality and safety of their work environment.

This organization was known as QSEN – Quality and Safety Education for Nurses.  Between 2005 and the present day, QSEN has continued to improve its bank of resources and practices in a number of phases:

Phase I (2005-2007)

Phase 1

Project initiatives were put into place.  The biggest areas for improvement were narrowed down to:

  • Patient-centered care
  • Teamwork and collaboration
  • Evidence-based practice
  • Quality improvement
  • Safety
  • Informatics

Phase II (2007-2009)

Principal investigator Linda Cronenwett received $1,094,477 from the RWJF to fund Phase II of the QSEN project. Partnership between designated members of organizations that represent advanced practice nurses was instituted to work along with 15 pilot schools committed to actively engage in curricular change to incorporate quality and safety competencies. Phase 2

Phase III (2009-2012)

The University of North Carolina School of Nursing and the American Association of Colleges of Nursing (AACN) collaborated to develop the faculty expertise necessary to teach these competencies in nursing textbooks, licensing accreditation, and certification standards.  Toward the end of Phase III, the UNC School of Nursing designed a QSEN Forum that is implemented annually to attract innovators and nursing faculty leaders to continue improve the process.

Phase 3

Phase IV (2012-present)

The press release for Phase IV revolved around a new Program Supports Institute of Medicine (IOM) placing an emphasis on nurses attaining their advanced degrees to improve patient care and to further develop nursing roles in health care.  According to the Senior Advisor for Nursing for RWJF,

“We are pleased to be able to provide financial support to some of the Action Coalitions working on academic progression. We are confident that the new models they create will be replicable and help achieve our goal to have 80 percent of the nursing workforce be prepared at the baccalaureate level or higher by 2020. Advancing a more highly educated, diverse workforce is essential to achieving the Robert Wood Johnson Foundation’s mission to improve health and health care in this country” (Hassmiller, 2012).

Phase 4Recently, a new QSEN initiative was introduced under the guidance of the faculty at Case Western Reserve University.  Nursing students now have access to QSEN resources and teaching strategies without the need for a creating an account and additional login information.  There are now less steps to take for students to benefit from learning modules and videos with up-to-date strategies for improving their skills.  The benefit of these modules is that nursing students can develop the skills essential for patient safety, for example, while learning the value of technology in a work setting.

What Does the Future of Nursing Look Like?

According to the Bureau of Labor Statistics, there is a need for more than 580,000 new and replacement registered nurses by the year 2018 (AACN, 2013).  It is imperative that these efforts to maintain integrity, quality, and innovation in nursing education are continued to accommodate the needs of our aging population.

 

Sponsored by RISC Management and Consulting, LLC

RWJF video

Quality and Safety Education for nurses video

References

American Association of Colleges of Nursing. (2013). Accelerated Programs: The fast track to careers in nursing. Retrieved from http://www.aacn.nche.edu/publications/issue-bulletin-accelerated-programs

Hassmiller, S. (2012). QSEN press release: Phase IV. Retrieved from http://qsen.org/about-qsen/project-overview/press-release-phase-iv/

Quality and Safety Education for Nurses. (2014). QSEN Institute. Retrieved from http://qsen.org/

Robert Wood Johnson Foundation. (2014). Building a culture of health: Annual president’s message. Retrieved from https://www.youtube.com/watch?v=rs4QSF6mxug

 

 

 

Advertisements
Data Breach, Education, Tip of the Week, Trends & Technology

Part Four of the Practical Security Series: First Hand Story

The following is a first-hand story from one of our business partners. I thought it was worth sharing as we often feel that certain “types” of software programs and utilities are safe because of their nature or purpose. Let the Downloader Beware!

 Proactive PC User

This is a personal experience with the home office PC of a partner of ours. It taught her a lesson to take the same precaution with her own personal computer at home as she does at work. The story refers to a computer virus and having to deal with this unfortunate occurrence. Her home PC was running slower than usual. There were pop-ops; she could not load certain websites; and there were many more operational issues. It took this person two days to figure out what they had done differently. Then she remembered downloading a free eReader application. All of a sudden, she went into panic mode and started reacting instead of being proactive. The “cybercriminals who publish and distribute malware devote significant effort to convincing or tricking Internet users into clicking links that lead to malware, or that download malicious attachments or applications”(Microsoft, 2013, p. 3).

 What is a computer virus?

They are unwanted, sometimes destructive software programs that often times have the ability to spread from one computer to another. Their objective is interfering with the computer’s intended operation. Viruses often have the ability to corrupt, delete, or copy and send “home” important information on your computer.

Important Terminology

  • Adware -Advertising-supported software that plays, displays, or downloads advertising content on your computer. Adware may or may not be destructive, and may or may not jeopardize sensitive or regulated data.
  • Companion Virus – Replicate by exploiting the precedence hierarchy according to which the operating system executes program files based on their filename extensions. A good example of a companion virus is a search order to exploit the DLL files. If the malware replicated itself as a DLL application directory, it would take precedence over the DLL with the same name in the system directory.
  • Exploits – Malicious code that takes advantage of vulnerabilities specific to software. Exploits can infect, disrupt, and even take control of your computer without your knowledge. The usual focus is on the operating system, web browsers, applications, or software components installed on the computer.
  • PUAs- Potentially unwanted applications that contain a broad category of software that has a less threatening intention. It is also referred to as grayware. It still has the capabilities of potentially altering the behavior of your computer. An example would be adware, spyware, various browser toolbars, bundleware, trackware, etc.
  • Ransomware – Type of malware that is specifically designed to render files unusable until the user pays a fee to the attacker via electronic money transfer. The message will have an official look similar to the U.S. Federal Bureau of Investigation (FBI) and Scotland Yard. When the ransom has been paid, a password is then provided or access to the computer is restored. The ransom is usually demanded in untraceable Internet currency.
  • Rogue security software – Common method that attackers implements to make money, also called scareware. The software makes it seem like you are at risk, or that it would be helpful to have to have a secured computer, but in reality there is no real security provided! In fact they are misleading alerts to temp users to spend their hard earned dollar. The software mimics legitimate security software with the scare tactics of non-existent threats and urging the user to pay for the full version to assist with the removal of the threats.

Some samples of those that don’t hurt a PC, but are only an annoyance

Win32 Adware was frustrating, but with the help of SMEs, it can be removed.

Win32/adware.virtumonde virus is an adware that is designed for delivery of unsolicited advertisement and usually comes in a grouping of other malware.

Win32/AdWare.MultiPlug.N is the threat name and it is categorized under riskware. According to eset their detection it was created December 23, 2013. Prevalence map indicated the highest percentage in Asia such as Laos at 2.22 % and one of the lowest in the United States at 0.28%. The world activity peaked at 2.71% in December 23, 2013.  Now in March of 2014, a declining trend is showing to about 0.46% on an average.

Research Examples

DLL files (message will pop up relating to DLL files):

According to Microsoft, DLL is the acronym for Dynamic Link Libraries. A DLL is a library that contains code and data that can be used by more than one program at the same time. For example, in Windows operating systems, the Comdlg32 DLL performs common dialog box related functions. Each program can use the functionality that is contained in this DLL to implement an Open diaglog box. This helps promote code reuse and efficient memory usage. “The use of DLLs helps promote modularization of code, code reuse, efficient memory usage, and reduced disk space. Therefore, the operating system and the programs load faster, run faster, and take less disk space on the computer”

The following list describes some of the files that are implemented as DLLs in Windows operating systems:

  • ActiveX Controls (.ocx) files
    An example of an ActiveX control is a calendar control that lets you select a date from a calendar.
  • Control Panel (.cpl) files
    An example of a .cpl file is an item that is located in Control Panel. Each item is a specialized DLL.
  • Device driver (.drv) files
    An example of a device driver is a printer driver that controls the printing to a printer.

DLL advantages

The following list describes some of the advantages that are provided when a program uses a DLL:

  • Uses fewer resources
    When multiple programs use the same library of functions, a DLL can reduce the duplication of code that is loaded on the disk and in physical memory. This can greatly influence the performance of not just the program that is running in the foreground, but also other programs that are running on the Windows operating system.
  • Promotes modular architecture
    A DLL helps promote developing modular programs. This helps you develop large programs that require multiple language versions or a program that requires modular architecture. An example of a modular program is an accounting program that has many modules that can be dynamically loaded at run time.
  • Eases deployment and installation
    When a function within a DLL needs an update or a fix, the deployment and installation of the DLL does not require the program to be relinked with the DLL. Additionally, if multiple programs use the same DLL, the multiple programs will all benefit from the update or the fix. This issue may more frequently occur when you use a third-party DLL that is regularly updated or fixed.

DLL dependencies

When a program or a DLL uses a DLL function in another DLL, a dependency is created. Therefore, the program is no longer self-contained, and the program may experience problems if the dependency is broken. For example, the program may not run if one of the following actions occurs:

  • A dependent DLL is upgraded to a new version.
  • A dependent DLL is fixed.
  • A dependent DLL is overwritten with an earlier version.
  • A dependent DLL is removed from the computer.

Signs and Symptoms

  • Onslaught of pop-up advertisements
  • Alerts stating your PC has been compromised
  • Alerts will usually include message to help you remove the threats by downloading an additional program or purchasing something
  • You PC is running slower than normal
  • Unable to play a favorite game, or, in their words, “It was acting weird!”
  • Inability to not load certain websites

Real World Example that is beneficial to both the work environment and at home

Scenario X

Scenario X – Work

“A company in a heavily regulated industry (such as banking or health care) may restrict its employees’ use of instant messaging (IM) due to regulatory concerns. To bypass this restriction, a new employee who wishes to chat with friends while at work brings in a USB flash drive with a portable instant messaging (IM) program on it. While free, the program is supported by advertising. It turns out that a criminal bought space on the advertising network used by the program, and uses a maliciously crafted advertisement to inject malware into the new employee’s computer, which then acts as a springboard for stealing the company’s intellectual property.” (Goretsky, 2011, p. 3)

Scenario Y

Scenario Y- Home

“Potentially unwanted applications are not limited to the office. Imagine the following scenario: A child using a family computer downloads a “utility” program in order to add additional features to his or her instant messaging program or Minecraft account. The child clicks through the program’s installation process, ignoring the end user license agreement (EULA), and thus doesn’t realize that installing the program will also install adware that monitors user behavior and displays targeted advertising, and that replaces standard search recommendations with paid search results. The adware may then go on to redirect search results to sites from which additional malicious software can be deployed” (Goretsky, 2011, p. 3).

To remove this annoyance

  • She upgraded her antivirus to the latest version (worth the money) to locate and remove the potential threats.
  • The installed and upgraded antivirus actually found a variant of WIN32/AdWare.MultiPlug.N application, where a message informed the User that it was cleaned by deleting or quarantined.
  • Several others were identified but not recorded, these would be available in the AV log.
  • Performed several rounds of full system scanning.
  • Reconfiguration of the anti-virus software to update itself regularly.
  • The User had to modify behavior and occasionally check that the anti-virus software was the latest version, receiving regular updates, and that they added the license validation/renewal date in their calendar alert to renew my license prior to expiration.

Where it went wrong

The User had forgotten to update her anti-virus because she was too busy at work. She figured it was only her home PC and there’s nothing she needed to keep confidential or safe from prying eyes…Wrong! There were photos of  her family, letters, their family’s home addresses and birth dates, copies of their own school work that was as yet unpublished, and more.

To Date

The User actively checks that their anti-virus is up to date. Behavior was modified to include understanding that “installing security software is the first step toward cybersecurity.” Their extensive research for the best anti-virus product they could afford for their home computer involved several steps. They (family) used several sources online such as PC Mag digital edition, 10 Best Online, and reading AV Comparative’s tests results. AV-Comparatives is an independent not-for profit organization where they test security software and determine if they live up to their promises. Thirdly they educated themselves with how to navigate the Internet with safety in mind. ESET Smart Security 7 provided the User with a training module complete with real life scenarios and tips for protecting their computer. ESET received high marks according to independent testing laboratories or an AAA rating, which is the highest possible from Dennis Technology Labs for example (Rubenking, 2013). However, ESET was not perfect either because in one test of blocking malicious URLs, ESET only blocked 41% of the over 100% URLs tried (Rubenking, 2013). Avast Internet Security 2014 received a better score which blocked 79% in the same category (Rubenking, 2013). The User enjoyed reading the 10 Best Online review because it was easy to see the comparison due to the visual details. They use the popular “5 Star Rating” (10 Best Online, 2014).

However, the bottom line is to find what is more important to you as a User and prioritize your needs.

The User expressed regret and misses playing a video game that their children had introduced to them as it, “Had simply disappeared!” It was probably due to a deleted or corrupted DLL file, or a dependent DLL was upgraded to a new version.

Interesting facts

Either way, the User reported learning their lesson to continue to implement controls similar to their work environment on their home PC. In addition, they reported protecting all of their digital devices including their smartphone, tablet, desktop computer and laptop, even when used only in the home environment.

A few free tips:

In addition, protect your personal email, only use secure and private connections, don’t submit vital information such as your social security number online, check a link’s authenticity, creating a strong password for online accounts, change your password at least every three to six months, enable strict privacy settings on my networking sites, don’t link with anyone you do not know, think twice prior to sharing information or at least limit the details such as not providing your GPS location which will tell others that you are not home and become a target for physical theft for criminals, don’t clink on links in email, even if they are from known individuals, instead re-type important URLs into a fresh browser window after ensuring Real Time Protection is enabled on your PC, and be extremely wary of joke and humor sites, online surveys, and other questionable websites.

For your own organization’s Privacy and Security Training contact RISC Management and Consulting, LLC at Sales@RISCsecurity.com or visit our website http://www.riscsecurity.com/ 

References

ESET. (2014). ESET: Virus radar. Retrieved from http://www.virusradar.com/en/Win32_Adware.MultiPlug/detail

Microsoft.(2014). Microsoft support: What is a DLL. Retrieved from http://support.microsoft.com/kb/815065

Goretsky, A. (2011). Problematic, unloved and argumentative: What is a potentially unwanted application. Retrieved from http://go.eset.com/us/resources/white-papers/Problematic-Unloved-Argumentative.pdf

Rubenking, N. (2013). PC Mag: ESET Smart Security 7. Retrieved from http://www.pcmag.com/article2/0,2817,2428165,00.asp

Ten Best Online. (2014). 10 Best antivirus software comparison for 2014. Retrieved from http://www.10bestonline.com/top_10_best_antivirus_reviews/top_10_best_antivirus_comparison/

Education, Tip of the Week, Upcoming Events

Upcoming Events 2014 QSEN National Forum

The Quality and Safety Education for Nurses (QSEN) National Forum is taking place in Baltimore, Maryland this year.

Photos uploaded from MDSCI- logos-photos & Baltimorecity.gov
Photos uploaded from MDSCI- logos-photos & Baltimorecity.gov

Date: May 27-29, 2014

Location:  Baltimore Marriott Inner Harbor at Camden Yards

Address:

111 S. Eutaw St

Baltimore, Maryland 21201

Purpose: To attract innovators and nurture faculty and nursing leaders for the improvement of quality and safety education through sharing of:

  1. Innovations in curricular design and teaching strategies that accomplish QSEN competency development
  2. Quality Improvement, Evidence-based practice implementation, or safety projects
  3. Research related to quality and safety education in pre-licensure, advanced practice programs, and clinical practice

Registration online, please visit: http://cmetracker.net/CASECME/Login?formname=RegLoginLive&eventID=65104

Agenda for printing: http://qsen.org/wp-content/uploads/2013/09/2014-Final-Agenda2.png

Make your visit complete and see the sights:

National Aquarium in Baltimore, here’s a live  Shark Cam: http://www.ustream.tv/channel/15350297

Maryland Science Center, where a Live Demonstration takes place all day from nanotechnology to liquid nitrogen and Science on a Sphere http://www.mdsci.org/

Requests a Free Official Visitor Guide at http://baltimore.org/request-free-official-visitor-guide

Data Breach, News Events, OpenSSL, Trends & Technology

The Heartbleed Bug

heartbleed_bugThe big news in internet security right now is the Heartbleed Bug. Announced this week, it affects OpenSSL versions 1.0.1 through 1.0.1f and 1.0.2-beta. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the site. A successful intruder could obtain your private information from an affected site and impersonate that site until its operators catch on. Since the bug has been in the wild since OpenSSL released version 1.0.1 in March 2012, it is likely that your organization is vulnerable along with many of the sites you frequent throughout the day.

To address this issue in your organization, you need to create an inventory of any web servers and certs using OpenSSL version 1.0.1 and 1.0.2-beta. Once you have that inventory, you can patch affected sites by upgrading to OpenSSL 1.0.1g, released April 7, 2014. Users unable to immediately upgrade can alternatively recompile OpenSSL with the handshake removed from the code by compile time option -DOPENSSL_NO_HEARTBEATS. Version 1.0.2 will be fixed in 1.0.2-beta2. Link: https://www.openssl.org/source/

Then All User populations that logged in via that site have to change their passwords, and any other encrypted sensitive information that got transmitted across that server, with OpenSSL, must be addressed. This might be notification, changing of account numbers, or that no reasonable action can be taken.

A Web based test to see if your server is vulnerable is here: http://filippo.io/Heartbleed/

There is a test utility/proof of concept available here: https://gist.githubusercontent.com/sh1n0b1/10100394/raw/4f24ff250124a03ad2d3d6010b6402c3a483d2f3/ssltest.py

Snort signatures to look for malicious Heartbleed activity can be found here: http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/

As a consumer, keep an eye open for popular websites updating their security practices and change your passwords once the bug has been fixed.

This recent announcement is just another reminder to be vigilant with your organization’s data and your personal information.

For more information or to inquire about RISC Management’s Risk Mitigation services, visit our website at www.RISCsecurity.com.