Importance The United States spends more on health care than any other country, with costs approaching 18% of the gross domestic product (GDP). Prior studies estimated that approximately 30% of health care spending may be considered waste. Despite efforts to reduce overtreatment, improve care, and address overpayment, it is likely that substantial waste in US health care spending remains.
Objectives To estimate current levels of waste in the US health care system in 6 previously developed domains and to report estimates of potential savings for each domain.
Evidence A search of peer-reviewed and “gray” literature from January 2012 to May 2019 focused on the 6 waste domains previously identified by the Institute of Medicine and Berwick and Hackbarth: failure of care delivery, failure of care coordination, overtreatment or low-value care, pricing failure, fraud and abuse, and administrative complexity. For each domain, available estimates of waste-related costs and data from interventions shown to reduce waste-related costs were recorded, converted to annual estimates in 2019 dollars for national populations when necessary, and combined into ranges or summed as appropriate.
Findings The review yielded 71 estimates from 54 unique peer-reviewed publications, government-based reports, and reports from the gray literature. Computations yielded the following estimated ranges of total annual cost of waste: failure of care delivery, $102.4 billion to $165.7 billion; failure of care coordination, $27.2 billion to $78.2 billion; overtreatment or low-value care, $75.7 billion to $101.2 billion; pricing failure, $230.7 billion to $240.5 billion; fraud and abuse, $58.5 billion to $83.9 billion; and administrative complexity, $265.6 billion. The estimated annual savings from measures to eliminate waste were as follows: failure of care delivery, $44.4 billion to $93.3 billion; failure of care coordination, $29.6 billion to $38.2 billion; overtreatment or low-value care, $12.8 billion to $28.6 billion; pricing failure, $81.4 billion to $91.2 billion; and fraud and abuse, $22.8 billion to $30.8 billion. No studies were identified that focused on interventions targeting administrative complexity. The estimated total annual costs of waste were $760 billion to $935 billion and savings from interventions that address waste were $191 billion to $282 billion.
Conclusions and Relevance In this review based on 6 previously identified domains of health care waste, the estimated cost of waste in the US health care system ranged from $760 billion to $935 billion, accounting for approximately 25% of total health care spending, and the projected potential savings from interventions that reduce waste, excluding savings from administrative complexity, ranged from $191 billion to $282 billion, representing a potential 25% reduction in the total cost of waste. Implementation of effective measures to eliminate waste represents an opportunity reduce the continued increases in US health care expenditures.
“Our review found the diagnostic performance of deep learning models to be equivalent to that of healthcare professionals,” write Livia Faes, MD, of Cantonal Hospital Lucerne in Switzerland, and colleagues.
Diagnosis of disease using deep-learning algorithms “holds enormous potential,” they conclude. “From this exploratory meta-analysis, we cautiously state that the accuracy of deep-learning algorithms is equivalent to healthcare professionals while acknowledging that more studies considering the integration of such algorithms in real-world settings are needed.”
Social engineering is a technique hacker’s use to take over an account by persuading or psychologically manipulating people to divulge confidential information. This is usually the first step within a more complex scheme. Social engineering uses “confidence building” techniques to set the victim at ease and convince him or her that the attacker is legitimate and presenting a valid scenario.
Social engineering is very common and occurs regularly; it is so pervasive, in fact, that two prominent internet companies, GoDaddy and PayPal, recently fell for a carefully crafted social engineering attack. This attack enabled unauthorized parties to hijack the account of a significant user and, through that breach, to access other confidential accounts. Cases like this “should have thrown up red flags for any Internet company dealing in identity,” reports techcrunch.com. “These are not new tactics and they should be guarded against as a very basic precaution.”
More alarming than the frequency of social engineering attacks is the relatively low risk for the attacker, who can disengage at any time simply by hanging up the phone or deleting the address used to send fraudulent emails. When this low risk is combined with the inviting ratio of success to failure, social engineering becomes an attractive alternative to much riskier fraud that requires facing your victim.
The means to defeat social engineering, however, are relatively simple if you understand what social engineering is: social engineering is a con. It relies on the victim’s reluctance or inability to question the authenticity of the attacker. Once that authenticity is questioned, the attacker must deviate from their “script” and flounder to avoid being discovered. The more you drive the attacker off the script, the more information you can gain; proportionally, this increases the risk to the attacker. Five simple steps can help you avoid becoming a victim of social engineering:
Question the authenticity of every communication. This is especially true if you are asked for information such as usernames, passwords, or other sensitive data.
Do not be afraid to validate the caller. Advanced social engineers will set up “bounce” numbers; these are phone numbers that are answered by co-conspirators who serve to falsely validate the authenticity of the caller. You can avoid this trap by instead calling a number you know to be legitimate, such as the published number for a company or the internal extension for the employee’s supervisor.
Insist on two-way validation. If someone asks you for your information, ask them for their information about you. For example, if a caller identifying himself as an IT technician asks for your information, ask what equipment his database reports for you. Then request from him his supervisor’s name, which you can validate in an employee directory, and call that supervisor to validate his request.
If you have identified a social engineering attempt, be sure to communicate your finding to management; news of this attempt should then be shared companywide to limit the attacker’s possible success.
Validate through testing. Every organization should, as one component of a thorough penetration test, evaluate employee readiness for social engineering attempts. A firm well versed in social engineering testing will go beyond mere phone calls, employing a multitude of techniques to perform extensive tests in this discipline.
Originally released in part by VIMRO, Larry Boettger and Michael Horsch Fizz