Thursday, October 8, 2015

Accepting Applications: Teaching and Research Scholars!

Last month we announced that applications were open for our MedStar Teaching Scholars program. The deadline for applications are due this Friday, October 9th and you can learn more about the program here

Another opportunity we are excited to announce is our 3rd annual Research Scholar Program (applications due Monday, November 9th). While our teaching scholar program is aimed for faculty/staff interested in medical education and bringing their medical education activities to the ‘next level’ by taking part in AAMC Medical Education Research Certification (MERC), the Research Scholars program is for faculty who want a career that has a substantial portion (at least 30%) in research (clinical or translational) but have not launched yet as an independent investigator. It emphasizes skill sets, mentorship and knowledge/access to resources to conduct research. The goal is to provide a select group of clinicians with the knowledge and skills to develop a major career focus conducting clinical or translational research; to design, conduct and publish clinical research projects and to write and submit grant applications; and to learn to collaborate effectively in multidisciplinary team science.

For more information on both programs, including applications, visit our website, here under the "Advanced Training Resources" heading. 

Tuesday, September 29, 2015

Three Common Attacks of Social Engineers

Guest Blogger: Ray Balut, MedStar Chief Information Security Officer

Through the media we’ve all become familiar with the type of hackers who use their technical expertise to break into computer systems and compromise sensitive data. 

However, there is another type of hacker who can use a different set of skills to get what they want often with just a smile and a few well scripted lines.  They are the social engineers, hackers who specialize in the art of “Hacking People” instead of systems.

The Misplaced flash Drive”.  One tried-and-true trick is “accidentally” dropping a flash drive in a company’s parking lot or inside a building (if publically accessible) and hoping that a curious employee picks it up and plugs it into a company computer — In this case, the bad guy is letting you do the work for them without them ever having to touch a system.

These flash-drives may include more than the files you can see if you install them, they often contain malicious software that the hacker can use to capture passwords or even establish a connection directly back to their computer.
Safeguard: If you find a flash drive, turn it into the IT department; do not plug it into your computer and launch any files.

Phishing scams are probably the most common types of social engineering attacks used today.  Most phishing emails look like legitimate emails but in fact trick you into providing important information and or downloading malicious software all by simply clicking on a link in the email. Some common types of phishing email include:

·      Email from the Help Desk or Email team notifying you that your “email quota has been reached” or “your email account has been disabled” and including a link for you to click. MedStar’s help desk and MedStar IT will never ask for your password in an email or over the phone!

·      Email seeking to obtain personal information, such as username/password, real names, addresses and social security numbers.
     Phony security alerts – via email, pop-ups or social media (Facebook, etc…) warning you that your computer is at risk of being infected, typically with a link to click
·      Requests for money or bank/credit card account information. Often the bad guy poses as someone from another country who needs assistance accessing a large sum of money or even a friend or family member stuck in another country without any money.
Safeguard: To defend against phishing emails, you need to understand that they are typically designed to persuade you to click on a link or submit personal information.  As such, be wary of providing any information based on an email. To learn more, you might want to try this online quiz to test your phish spotting skills:

Sometimes the Social engineer will simply use tried and true old fashioned con-man approaches including:
·      Impersonating repairmen, IT support personnel, managers, etc., either by phone or in person and simply asking for the information they want.           
Safeguard: Challenge the authority or identity of persons unknown to you – ask them to identify themselves.
·       Collecting and analyzing information from discarded trash, aka “dumpster diving”.     
Safeguard: Any confidential, sensitive or personally identifiable information (PII) for patient should be shredded or placed into a designated secure shredding bin for pickup.  Remember, your trash can be a goldmine for a bad guy.
·       “Shoulder surfing”, which is watching to see employees type their passwords.                        Safeguard: Don’t type passwords with anyone else present (and be courteous by not watching other typing in theirs).
·      Searching a work area for passwords or other sensitive information that has been written down.         
Safeguard: Never write down passwords.
·       Using unattended computers that are already logged-in.                                                         Safeguard: Lock offices and lock computers when not in use.

While it’s not the “Hi-Tech” approach we might see on an episode of CSI Cyber, Social engineering is one of the most effective ways for the bad guys to get the access and information they need. This was perhaps best stated by a very prominent security expert, Bruce Schneier, who said “Amateurs hack systems, professionals hack people”

Thursday, September 24, 2015

Georgetown Summer Research Scholars' Capstone

Earlier this week, Georgetown medical students who conducted research last summer between their first and second year gathered at the French Embassy (across the street from Georgetown Medical School) to present their research findings in a capstone event. 

The late afternoon event started with a poster session (with about 60 students across disciplines of research and population health).  There was a lot of energy in the air!

We then gathered to hear some remarks and a few representative presentations.  Dr Steve Evans set the stage sharing how impressed he has been and continues to be with the quality of Georgetown medical students. One of his memorable quotes was 'The future is you.... it is you that we have been waiting for!'
I am proud that MedStar was able to support and fund 22 MedStar Scholarships last summer, including those funded by the Frank S Pellegrini Scholarship and the Pines-Kleinman Mental & Behavioral Health Scholarship.

Congratulations to the Class of 2018 for a job well done!


Monday, September 21, 2015

Sprint 4 the Cure

On Saturday, more than a dozen of your MHRI colleagues woke up early to join hundreds of people from the community at the Four Season's in Georgetown to run a 5K to raise money for cancer research at the Washington Cancer Institute at MedStar Washington Hospital Center. It was a beautiful (even a little too warm) morning and everyone had a good time (as you can see from the picture), even Finn!

MedStar Teaching Scholars Program: Accepting Applications!

The MedStar Teaching Scholars program is a two-year longitudinal program leading to Medical Education Research Certification (MERC) and Leadership Education and Development (LEAD) certification. The program is led by MedStar Health Academic Affairs and MedStar Health Research Institute, in conjunction with the Association of American Medical Colleges, and has been in place since 2009.
When I first heard about medical education research I was skeptical but have learned that it is a great venue for clinical educators to take their career to the next level. The program's goal is to teach clinician educators from across MedStar Health how to apply research principles to medical education and to be effective collaborators in medical education research. By doing this, they discover new ways to teach, present and publish their findings and become a leader in academic medicine. GME program directors, core clinical teaching faculty, clerkship directors and other clinician educators in all specialties and professions are encouraged to apply. 
Six participants will be enrolled each year into the two-year program. Applicants should be clinical teaching faculty who have a career trajectory focused on academic medicine, teaching, and medical education. All professions and disciplines are encouraged to apply.
All applications are due to Academic Affairs no later than October 9, 2015. To get more information and apply, click here

Wednesday, September 16, 2015

Watching History

Guest Blogger, Katie Carlin, Director, Research Development, Planning and Communications

I’m by no means a politician, but there’s something pretty cool about watching one of our own testify live in a senate committee hearing!

I’m currently live streaming Raj Ratwani, PhD and Scientific Director, National Center For Human Factors In Healthcare testify on the topic of “Achieving the Promise of Health Information Technology: Improving Care Through Patient Access to Their Records.” He is joined by the Founder of the Multiple Myeloma Research Foundation as well as the GM for Health and Life Sciences at Intel. The US Senate Committee on Health and Education (comprised of 22 senators) is discussing the current usability state of EHRs and how patient access, safety and understanding of data can be better improved with more uniform guidelines.

It’s a wonderful and proud moment to watch Raj represent MedStar and  our stellar Human Factors Engineering Team so well – and more importantly to know that their great work is informing policy which will directly improve the safety and care of every patient in the nation!

Tuesday, September 15, 2015

MedStar Human Factors Study published in JAMA and Author Testifies in Senate

A study by the MedStar Human Factors team, led by Raj Ratwani, PhD, Senior Human Factors Research Scientist, was published in the Journal of American Medical Association (JAMA) and is quickly gaining national attention. 

The study examined usability of Electronic Health Records (EHRs) for physicians. The findings showed that vendors of EHR systems often fail to meet federal compliance rules and guidelines for user-centered design, with 30% of EHR vendors not attesting to report a user-centered design process.

Tomorrow, Wednesday September 16, Dr. Ratwani will testify in senate committee hearing titled "Achieving the Promise of Health Information Technology: Improving Care Through Patient Access to Their Records". 

If you'd like to tune in tomorrow at 10 am to see Dr. Ratwani and others at the committee hearing, follow this link.