A forensic analysis found that an unauthorized person accessed a server at Baltimore-based LifeBridge Health on Sept. 27, 2016, which was only discovered when malware was found on the health care system's ambulatory EHR and patient registration and billing systems on March 17 of this year. The incident may have compromised the protected health information of about 500,000 patients, including their names, diagnoses, clinical and treatment information, medications, dates of birth, insurance information and addresses, as well as the Social Security numbers of 381,123 patients.
Researchers from the University of California at Los Angeles have developed a novel algorithm named Tree of Predictors that can forecast the survival rates of patients with heart failure who are potential heart transplant recipients. ToPs uses machine learning to collect information based on 53 data points to predict a patient's survival with or without undergoing a transplant.
Cybersecurity firm Imperva polled 102 health IT leaders and found that 77% reported being very concerned about their organization being hit by a cyberattack, while 38% reported experiencing a cyberattack in the previous year and almost 1 in 10 health care organizations paid an extortion fee or ransom after an attack. Barriers to detecting threats include inadequate tools for monitoring employee activities, storing company assets on the cloud or network, and expanding network access to more employees, business partners and contractors.
The ONC launched the Easy EHR Issue Reporting Challenge developer contest with the goal of finding an EHR-agnostic application to help clinicians report and share safety issues related to EHRs. Entries will be accepted until Oct. 15.
Sen. Mark Warner, D-Va., has introduced four bills that seek to expand telehealth use among Medicaid program recipients with substance abuse disorders, including bills that would require the release of reimbursement guidance for treatment via telehealth and publication of comprehensive data on patients with the disorders. Other bills would remove facility fees and originating site requirements from telehealth programs for substance abuse, and would evaluate and reduce barriers to telehealth treatment programs for children with the disorders.
Ransomware attacks against health care organizations rose sharply in the third quarter of 2017 but dropped substantially in the fourth quarter, according to a report by security firm Proofpoint. Researchers identified Locky as both the most popular malware strain overall and the top variant of ransomware, but the health care sector was also targeted by The Trick and Global Imposter malware, the report found.
Design thinking's method of focusing on humans and not just technology could lead to creative ways to protect against cyberattacks, writes Paladion CEO Rajat Mohanty. Mohanty reviews how design thinking principles can be applied to cybersecurity, including empathy for the end user, focusing on the total solution and iterating the process.
Allied Physicians of Michiana in Indiana became aware of a SamSam ransomware attack on Thursday, prompting officials to immediately shut down the system's network and initiate data recovery efforts with the assistance of outside counsel and the system's incident responder. Officials did not confirm whether Allied Physicians paid the hackers' ransom demand and are working to determine if patient data were compromised.
A certification program for the NIST Cybersecurity Framework was launched Tuesday by HITRUST to help security teams report their framework implementation to regulators, business partners and upper management. The certification program includes an assurance certification to verify whether NIST CSF requirements and controls are met and a scorecard that shows how a security program aligns with the core subcategories of the framework.
The House on Tuesday passed the Veterans' Electronic Health Record Modernization Oversight Act, which would require the Department of Veterans Affairs to provide regular updates to Congress on its EHR modernization project. VA officials would also be required to report any changes to the schedule or contract within five days and to alert lawmakers about any bid protests, milestone delays and privacy breaches or data losses within 10 days.
- Page 1