In this episode of the HIPAA Vault Show, we dive into the Reddit community’s take on the evolving support standards of major players like Liquid Web and Rackspace following their recent acquisitions. Join us as we sift through user experiences, dissect the common challenges, and offer expert advice on maintaining HIPAA compliance and top-notch support during such transitions. We’ll also explore broader industry trends and best practices to ensure your hosting service remains reliable and secure. Don’t miss this insightful episode packed with practical tips and expert opinions for anyone in the healthcare hosting industry.
For more information on HIPAA Vault, visit our website!
Do you have any remaining questions, requests, or just want to chat with us? Email us at podcast@hipaavault.com!
Transcript:
Adam
Hello and welcome to the Hipaa Vault show, where we discuss all things HIPAA compliance and the cloud. My name is Adam Zeineddine
Gil
And I’m Gil Vidalis here from HIPAA Vault. Looking forward to getting going with this podcast
Adam
Today we are going to be reviewing some reviews. Okay, so the first one we got here is titled, I can’t believe how terrible Rackspace’s support is. It says, we’re trying to move away from Rackspace as quickly as possible. Their support so bad. I’m pretty easygoing and have worked in custom support, so I’m generally very sympathetic, but this is making me snap. They’ve listed a few points here. They said the email me a chat transcript feature doesn’t work. Agents don’t know which tickets I’ve opened previously. Agents don’t update tickets. Agents don’t know which products we own. Agents give conflicting answers, don’t let you speak to a supervisor. And they don’t speak English very well. So it goes on.
Adam
But, I mean, I think it’s fair that the person’s listed the issues that they have, and they seem to be common issues, right, when it comes to the larger hosting companies, Gil.
Gil
Yeah, I think this is important. And why are we talking about it today? Because a lot of our customers are, 99% of our customers, 99% have patient information that they come to host with HIPAA vault. And the audience may be hosting somewhere else. But the point of the matter is that the patient information has to be accessible according to HIPAA regulation. So what happens in this space is that if you have a tech issue that’s blocking access to your patients or your users, and then you reach out to support, hey, I need some help. Something’s not right. Typically, with a good company, average company, you get some support, you resolve the issue, and you’re on your merry way. But what happens in this space, in the hosting space, is very interesting.
Gil
When a company is acquired, that is, either one company buys the other one, or a venture capital company buys the company where you’re hosted, then things begin to unravel. Typically, it goes poorly. I mean, I guess there’s some cases where maybe it does go well. Most of the time, support goes really awry. It goes way off track. And the reason why is not so hard to comprehend. So a company that bought the one that you’re hosted at, let’s just say for this scenario, you know, they spend millions of dollars, right? So now they have it, and the next thing is, okay, we bought this company. Now, how are we going to make money, right? We just spent millions. So what they do is they’ll take the tech support staff and they will merge it with their own staff.
Gil
So in other words, if they already had a bunch of tech support people, they let them go, or if they’re in the US, they close that down, they move it to India or the Philippines where they can save a lot of money. But when that happens, many times the quality of support goes way down. And that’s part, and there’s several factors why? One factor is that the foreign nationals sometimes have an accent where it’s just difficult to understand. So that’s frustrating. And then other times, they’re very low level, entry level admins. They don’t really have training that can help resolve these higher level issues. And so you’re talking to someone on the phone, it’s difficult to understand. And even if they do you understand them, they understand you. They don’t really have the technical chops to fix the issue. So you’re kind of stuck.
Gil
And then you try to go up to another level. Let me talk to a supervisor or somebody. Then, you know, there’s nobody there really that’s going to take that call. So you’re kind of stuck. And it’s quite unfortunate. I’ve seen it happen many, many times in my career where these are, these acquisitions happen.
Adam
The other one I had was with regards to liquid web on Reddit. Liquid web is not what it used to be. So liquid Web used to be truly famous for its heroic support. I’ve never had such good supports from a company in my life. However, as the years went by, things started to change, continuing a trend that started before COVID Their support team has been replaced by unmotivated people who can’t seem to solve any issues, any problems. Sorry, before, when you called, you would get a brighter, motivated person speaking clear English ready to help you at any time of the day. Nowadays, you get someone with broken English who is barely motivated and who tells you pretty much everything you’re trying to do is impossible. If you ask for a supervisor, they’re usually busy and they’ll get back to you later.
Adam
Meanwhile, your website’s having serious issues and the conversation rolls on for days instead of getting solved in five minutes. And that goes on as well. But seems some similar trends there as well in terms of potentially hiring outsourcing outside of the USA.
Gil
Right? So that’s a big problem. So the question is, well, you know, the purpose of podcasts here is to really help always to help our audience, give you practical advice. What do you do in this case? If you’re with your provider, you’ve got Phi data, you have an important application that the doctors need to reach or your clientele needs to have. And now you’re stuck in this world of, oh, my gosh, something’s slow or it’s inaccessible or it’s not working and you can’t fix it. You know, at some point you’re going to pull your hair out. You’re going to be like, this is crazy. So really the best choice is either for the short term solution is to really complain until you get to an administrator. And the way you do that is you say, look, we’re going to have to cancel.
Gil
And as soon as you say that, they’ll put you into somebody else because they don’t want to lose your revenue. So then that gets you on another call. And then you say, look, unless this gets to be solved today, I’m going to leave. And then it’s unfortunate you have to do that, but it’s the truth, right? If you can’t solve your problem, you can’t stay there. So then you get a supervisor and you’ll get that problem solved. Now, what you need to do after that, though, is you can’t just sit on your laurels. You can’t just say, oh, good, I solved it, I’m done. You know, move on. I’m busy. I’m going to move on with the rest of the day. You have to, you’re going to realize in technology there’s always problems. There’s always going to be problems, always guaranteed.
Gil
And why is that? Because technology fails. Technology is not perfect. There’s always some kind of failure coming along around the corner. So you might as well be prepared and either get an account rep signed to you personally, say, look, if I don’t have an account rep with an email, someone who’s senior, then I’m out of here. Likely they won’t give you one, or even if they say they’re going to give you one, that guy will be too busy. So you should really shop around at that point. Start shopping around for a company that’s going to give you better service. And typically the smaller companies that haven’t been acquired yet give you the best service. So you probably don’t want to find a ginormous company, find one that’s not too small, not a one man band in the garage with his dog.
Gil
I don’t mean that small, but something where I, you know, they’ve been around for five, eight years, and yet they’re, you know, they’re not huge. And then call them, Talk to them on the phone. The best test to do is just call. If you get someone on the phone in sales that actually answers the phone call, that’s the first clue things are going to go pretty well because if sales won’t answer a call, then probably support’s not going to answer one either.
Adam
Yeah.
Gil
So you’re going to have to look around and then Reddit’s a good place to look. You go to Reddit, you say, hey, who’s a good provider? People will respond right away. They’ll say, oh, I’ve had great experience here. And then you can just call them up, see what it’s like, and then start going through the migration process. Now, migrating is a whole other topic, the technical migration. But right now we’re just talking at a high level. What happens when support won’t assist you and it supports change? It used to be great, now it sucks and you need help. You’re desperate, like, you need help and your application suffering, your business suffering, what do you do? And I think that’s probably the best advice I can give. Unfortunately, there’s no way to reverse the company.
Gil
You can’t say, well, I want the support to be the way it used to be. You don’t have control over that. The owner, the new owner, shipping his maitai in Hawaii, he just sold the company for millions. He’s gone. And the new owner is desperate, trying to figure out how to make money now that he spent millions on his company. And so they start eviscerating the tech support team. And I’m not saying this happens 100% of the time, but literally it’s nine times out of ten. Like, I haven’t seen too many cases where this hasn’t happened, where, like, the new owners are even better than the old ones. I haven’t really seen that before. It just seems to be kind of a plague when it comes to being acquired. It’s unfortunate, you know, that’s just the way it is.
Gil
But it’s difficult to acquire another company and get everything to work smoothly.
Adam
Yeah. And it’s particularly important when it comes to HIPAA data. Right. Because you preferably, you don’t want to switch, but if you do want to switch, you want to make sure that company, at least you can still get your data from them when you need it, because you need to keep hold of the Phi, right?
Gil
Yeah, the phi makes it makes it more, in some sense, it makes it more severe. I mean, the stress is higher because in other applications, sure, it’s important for the business, dollar wise, still important. But with the Phi, you know, I’ve had conversations with owners who said, hey, we have a surgical app that the surgeons use to schedule their surgeries and look up data. And if that abs down, they can’t get the surgeries queued up and patients can’t go into surgery. That’s usually pretty bad. So you have that kind of pressure. Right. It’s not just money and business. It’s also people’s lives that are the on the line here, or at least their health is on the line. So that makes it kind of tough. But I think it’s something that’s prevalent in the environment.
Gil
There seems to be a lot of what’s called roll ups where a bigger company will try to buy not just one or two companies, they try to buy ten companies, 15 companies, and they do what’s called a roll up. They roll them all up into one. And the reason they’re so keen on rolling them up is because a $10 million company might sell for, you know, $10 million, say one times revenue, 10 million. So. And if you have ten $10 million companies, you know, that’s 100 million. But, but once you get to $100 million company, you know, that might sell for a lot more than just one time revenue. My sale, it might sell for 200 million, like double. So in other words, you get double the price. If you have a hundred million dollar business, you’re selling.
Gil
If you get a $10 million business, you’re not going to get near as much as 100. So just roll them all up into a bowl and then they take that whole bowl like, okay, who wants to buy this? Hurry up and buy it before all the technology collapses, before all the customers go away. So they quickly then try to sell it to somebody else who’s interested in buying a hundred million dollar company. Yeah, yeah.
Adam
So it’s, you’re not having to then go out and buy ten companies and spend on finding those ten companies. You’ve got it all in one. So I guess it’s more valuable, right?
Gil
Yeah, that, and just the Revenue itself. There’s called a multiplier in that business. They have a multiplier that they multiply by your revenue. So if you’re 10 million, the multiplier is two. But if you’re 100 million dollar company, the multiplier might be five. So just, it’s just the fact that you have a bigger company, you’re going to get more money. So the venture capitalists, they know exactly how to play that game. They roll them up into a big bundle, a giant burrito full of these little companies.
Adam
Yeah.
Gil
And then that burrito is worth a lot more. So they’re in a hurry. Right. When they bundle all these together, they’re not going to sit on it for very long. They want to turn around and sell it to the next guy, and that becomes his problem. But in the meantime, all these companies, like our audience here, that are trying to get support, that’s not a priority anymore. That’s not a big priority.
Adam
They just, you know, collecting infinity Stones.
Gil
Yeah. And it’s hard. It’s really hard. I mean, I see when there’s technical issues, it’s really hard because you’ve got some issue that it’s performance based or your site’s not loading or it’s not loading quickly or it’s loading with an error. There’s some problem. And for our audience sake, I’d like to say that even the simple problems that you from, as a user, see, well, this would be simple. You know, it was working yesterday, and today it’s broken, but it’s not simple. I mean, these computers, these servers, you got to log into them and you have to look at the logs, and there might be tens of thousands of lines. And, you know, you’re looking hard. You’re looking, you’re looking, trying to figure out where’s the problem? Where’s the problem?
Gil
And then when you find it, finally you got to say, well, okay, I see the problem. How do I fix it? What’s the solution? So even the small problems can take a pretty good, pretty good, experienced systems administrator, cloud engineer to figure it out. It’s not something that just any old kid from high school can do. It needs to be someone with some real experience. And so these problems aren’t necessarily simple to begin with. And your old company, before they were purchased, you had the staff there that could solve it. They were used to you. You’ve called before, maybe they knew you by name. They’re used to your systems. All that goes away, right? That guy that you like, and it is soon he’s gone.
Gil
And then now you’ve got some other guy overseas that doesn’t have a clothing clue about you or your business or your system. And even if he does learn it, he just doesn’t have the experience and.
Adam
The knowledge, not to mention HIPAA knowledge.
Gil
Yeah, yeah. They’re not going to have the HIPAA training, probably. But that’s a concern, another concern from a HIPAA point of view, because a lot of the companies we deal with, the HIPAA vault, they tell us, Gilheze, no foreign nationals on my server. This, by HIPAA regulations, they say it can only be us citizens. So that’s very common practice among the middle and top tier companies that there’s no foreign nationals on their production servers. Development servers, that’s another story. Maybe the indian team can handle that. But they don’t want any foreign nationals touching production. So you call on the phone, you say, hey, my production service gone and some guy in the Philippines is logging into your production server. That should be a red flag right there. Right there. You should say, wait a minute, what’s happening? Who is this guy?
Gil
Where are you located?
Adam
Or you also get the. I’ve seen on some of these Reddit articles that the tier one support aren’t allowed to access the production. So then you’ve got to wait for it to be escalated to someone that is allowed to look into it directly. And then that’s a whole problem in itself. Right. Because it’s taken time for it to get answer.
Gil
Yeah, it might take a day or two, but. Yeah, and I understand that problem. I mean, a plug for Hipaa vault is that we have only us citizens that work for the company. And so that’s good. We did that on purpose because again, most of our customers are HIPAA based. Right. They all have HiPaa or Phi data that we have to protect. So we have to be mindful of that.
Adam
Yeah. Gets tough to staff on 4 July, but we manage it somehow.
Gil
Yeah, well, that too holiday.
Adam
Right.
Gil
That’s another, that’s another dimension. But hopefully that helps the audience. Again, just to summarize, if you have that condition where, you know, you’re suspicious, now you have Phi data, patient information, you’re on a server or your server’s having issues. And then the guy logging in, you ask him, where are you from? Oh, I’m located in the Philippines. Right away you’re like, okay, I need to talk to your supervisor. You’re not supposed to do that. But the main issue, I mean, you’re not really calling about that. That’s not why you call to find out where he’s from. You call because you have a technical issue you’re trying to resolve, but that’s not getting resolved either. So again, your solution is to find a new vendor and hopefully have a smooth migration path.
Gil
And that’s we’ve done other podcasts on migrations, how to migrate from one environment to the other, and some tips on that, but that’s that, unfortunately, is fraught with challenges. It can be done, it’s done all the time, but it’s definitely not super quick or simple.
Adam
Yeah, be sure to check those out on our YouTube and Spotify. And also, while you’re at it, give us a a like on this video and subscribe. Really helps with the algorithm. One last thing before we leave you is our HIPAA breach of the week. And this week the HIPAA breach is Teknas, Texas brother Texas Retina associates cyber attack affects 312,000 patients this is through HIPAA journal Steve Aldera a cyber attack on Texas Retina Associates has affected more than 312,000 patients. Human Technology, Inc. Has confirmed that patient data has been compromised in a cyber attack and the monty ransomware group has claimed responsibility for a cyber attack on Wayne Memorial Hospital. Texas Retina Associates, the largest ophthalmology practice in Texas, has announced that there has been unauthorized access to its internal systems and the potential theft of sensitive patient data.
Adam
Suspicious network activity was identified March 27, and third party cybersecurity specialists were engaged to investigate the activity. They confirmed that an unauthorized actor gained access to its networks on October 8, 2023, and maintained access until the breach was detected. So October, November, December, that’s like six months. Unauthorized access. Texas Retina Associates said it is unaware of any misuse of patient data and issuing notifications out of an abundance of caution as files have been exposed that contained patient data. The file review confirmed that the exposed data included first and last names, addresses, phone number, email addresses, birthdate, gender, Social Security numbers, medical record numbers, clinical information, prescription information, medical information, health information, and health insurance information.
Adam
The breach has recently been reported to HHS as affecting up to 312,867 current and former patients, and Texas Retina association confirmed that its systems have been secured since additional cybersecurity safeguards have been implemented, policies and procedures have been enhanced, and additional cybersecurity training has been provided to its workforce. It also provides a helpline which has been established for individuals that obtain further information about the breach 884-98-3901 and that is available from 08:00 a.m. To 08:00 p.m. Central time every day. So yeah, fairly large breach there, Gil, and they just keep coming and it seems to be unauthorized access. I think maybe the key takeaways that you might want touch on is this new ransomware group, Monty. And then also the access being. Yeah, I mean, they had access for six months unauthorized until it was the detected.
Gil
Yeah, that’s a long time, Edmonton. That’s something that we’ve read in other cases where the abusers, the infiltrators don’t just come in and take and leave. They stay in there. They’re stealthy.
Adam
Right.
Gil
They’re not going to just come in and, you know, leave. They sit there for a long time and they are observing. What? And why do they sit there for a long time? Because they’re observing. They’re wandering. Hey, does this network have access yet to another network? Is this richer than I thought? So they’re investigating, they’re checking, they’re testing, they’re doing surveillance, they’re surveilling the system to see what’s the benefit. Where are the goodies here that the gold that I’m looking for? And so once they’re ready, they take what they want. And sometimes if it’s ransomware, they encrypt everything so that the owner of the data cannot access it unless they pay a ransom. In this case, it didn’t mention ransom, did it? It just said that they were no.
Adam
Ransom yet, although there was ransom. A ransomware group has claimed responsibility for the cyber attack.
Gil
Yeah.
Adam
And you mentioned more details will come out.
Gil
Yeah, you mentioned this before, that ransomware as a service is now available. So that means that anyone, any group that wants to make money by attacking systems can now rent the software. You don’t even have to be an expert anymore. You can just rent the software that will attack a system, infiltrate the system and you can make money doing that. So this ransomware as a service is out there and it seems like the prevalence of this is growing, getting worse, not better. So everyone has to be on their toes. That’s what I say, be on your toes.
Adam
Yeah, absolutely. And keep a lookout for more info from us. Check out hipaavault.com where we have a blog and a newsletter that you can sign up for with the latest information. I think that’s it for this time. Stay safe and stay secure. And thanks for stopping by.