Literature Review

Ascension president addresses UN on cyberattacks Becker's Hospital Review; by Kristin Kuchno; 11/11/24 Eduardo Conrado, president of St. Louis-based Ascension, discussed the health system's May ransomware attack at a Nov. 8 United Nations Security Council meeting. The council met to discuss strategies for countering cyberattacks in healthcare, according to a Nov. 8 news release from the U.N. Ascension's response to the May 8 ransomware attack cost the health system approximately $130 million. The attack forced its hospitals and clinics off its EHR system and disrupted key diagnostic services, including MRIs and CT scans. ... "Overnight, nurses were unable to quickly look up patient records from the computer stations and were forced to comb through paper back-ups for patient medical history and medications," Mr. Conrado said at the meeting.  ... A comprehensive approach is key, Tedros Adhanom Ghebreyesus, PhD, director-general of the World Health Organization, told the U.N. "Countries should invest not only in technologies for detecting and mitigating cyberattacks but in training staff to respond to them," he added...

A new low? Hacker group targets end-of-life pharmacy provider TechInformed (TI); by Ann-Marie Corvin; 10/28/24 OnePoint Patient Care, an Arizona-based hospice pharmacy serving over 40,000 patients per day, has informed customers about a data breach impacting personal information. OnePoint said it first detected suspicious activity on its network in early August. A later investigation revealed that by this point, the attackers had already obtained files containing personal information from the pharmacy’s systems, including names, residence information, medical records, and prescription and diagnosis information. OPPC told the US Department of Health and Human Services that the data breach impacted over 795,000 people.

CIOs must prepare their organizations today for quantum-safe cryptography IBM; by Mark Hughes, Joachim Schäfer and Arfan Sabar; 10/24/24Quantum computers are emerging from the pure research phase and becoming useful tools. They are used across industries and organizations to explore the frontiers of challenges in healthcare and life sciences, high energy physics, materials development, optimization and sustainability. However, as quantum computers scale, they will also be able to solve certain hard mathematical problems on which today’s public key cryptography relies. A future cryptographically relevant quantum computer (CRQC) might break globally used asymmetric cryptography algorithms that currently help ensure the confidentiality and integrity of data and the authenticity of systems access.The risks imposed by a CRQC are far-reaching: possible data breaches, digital infrastructure disruptions and even widescale global manipulation. These future quantum computers will be among the biggest risks to the digital economy and pose a significant cyber risk to businesses. ... [Click on the title's link to continue reading.]

Ransomware attack at Texas health system spreadsBecker's Health IT; by Giles Bruce; 10/9/24When hackers strike a health system, it can have far-reaching effects beyond just the original target. That's been the case with the Sept. 26 ransomware attack against Lubbock, Texas-based UMC Health System. That event has also ensnared Lubbock-based Texas Tech University Health Sciences Center and Texas Tech Physicians, which share IT systems with UMC Health. The medical school and its affiliated physician group are now in downtime, unable to access their EHR or receive patient portal messages or faxes. Their phone lines are experiencing intermittent outages as well. However, their clinics remain open, as do their pharmacies, albeit with reduced capacity.

77% of health system IT employees eyeing new jobs Becker's Health IT; Naomi Diaz; 9/25/24 Health system IT employees are keeping their options open, with 77% actively seeking new jobs or planning to do so within the next year, according to Bloomforce's "2024 EHR Salary Insights Report." The report, based on an online survey conducted between November and December 2023, gathered responses from 284 healthcare professionals across various roles, including application analysts, team leads, project managers and people managers. It explored areas such as salary, job satisfaction, work-life balance, talent retention and attitudes toward remote work. Here are some key findings from the report: [Click on the title's link to read more.]

CMS teases new cybersecurity policies for third-party vendors Modern Healthcare; by Bridget Early; 9/13/24 The Centers for Medicare and Medicaid Services is planning oversight of third-party healthcare vendors in the wake of the Change Healthcare cyberattack, said Jonathan Blum, the agency's principal deputy administrator. Blum, who also serves as chief operating officer for CMS, said at Modern Healthcare's Leadership Symposium Thursday that the agency is working to determine what levers it can pull to ensure severe disruptions in care like those linked to the cyberattack on the UnitedHealth Group subsidiary aren’t repeated. ... Almost 133 million individuals were affected by healthcare data breaches last year, more than double the number of those affected in 2022 and a number equivalent to about 40% of the U.S. population.

The changing role of chief privacy officers Becker's Health IT; by Giles Bruce; 9/6/24 Chief privacy officers are expanding their roles to take on artificial intelligence and cybersecurity, according to the International Association of Privacy Professionals. Whereas chief privacy officers traditionally focused on being compliant with privacy laws, 69% now have responsibility for AI or data governance, 37% cover cybersecurity regulatory compliance, and 20% have platform liability duties, according to the IAPP survey of 671 professionals released Sept. 6. Some health systems have standalone chief privacy officers, but the hospital industry is more likely to have chief information security officers with privacy duties or a combined role. 

It could happen to you — how to prepare for and mitigate the fallout from a cyberattackMcKnight's Senior Living; by Kimberly Bonvissuto;8/28/24Everyone thinks they know about cybersecurity, but thinking about the effects a cyberattack could have on an organization should be enough to lose sleep over, according to risk management experts. ... Cybersecurity, at its core, is about confidentiality, integrity and availability, according to John P. DiMaggio, co-founder and CEO of Blue Orange Compliance, a risk assessment company. Including senior living in the definition of healthcare, he said that healthcare organizations are targets of cyber criminals because of their relatively weak defenses, the value of the data necessary for operations, and the numerous interfaces and sharing of information that occurs among providers. ... Reasonable security practices — considered the minimum — include risk analysis and management, access control measures, training, incident response planning, physical controls, technical safeguards, third party/vendor management, backup and disaster recovery and patch management. But DiMaggio recommended going above that minimum threshold by using recognized security practices to mitigate penalties and ensure regulatory compliance. Those practices, he said, include email and endpoint protection, access management, data loss prevention, asset and network management, vulnerability management, incident response, medical device security and cybersecurity policies.

Optimizing patient data transfer processes in healthcare settings Healthcare Business Today; by Majed Alhajry; 7/28/24 Managing and transferring large and often sensitive datasets is a routine yet critical task for healthcare organizations. Practitioners and administrators regularly share substantial files containing sensitive personal health information (PHI) that must be sent not only securely and reliably, but also quickly. So how should healthcare organizations send large files? ... 

HHS unveils major revamp to shift health data, AI strategy and policy under ONC Fierce Healthcare; by Emma Beavins; 7/25/24 The Office of the National Coordinator for Health Information Technology (ONC) has been renamed and restructured, the Department of Health and Human Services (HHS) announced [July 25]. The restructuring will affect technology, cybersecurity, data and artificial intelligence strategy and policy functions. The agency will be renamed the Office of the Assistant Secretary for Technology Policy and Office of the National Coordinator for Health Information Technology (ASTP/ONC). Head of ONC, Micky Tripathi, will hold the new title of assistant secretary for technology policy in addition to his title of national coordinator for health IT. ... Under ASTP, there will be an Office of Policy, an Office of Technology, an Office of Standards, Certification and Analysis and an Office of the Chief Operating Officer. 

Keeping staff members safe and sound by optimizing security technology Security; by Paul Sarnese; 7/12/24 Nobody wants to invest in technology, only to have it go the way of the stationary bike that sits unused in the corner of a room. That holds true for healthcare organization leaders who are looking to invest in staff safety alarm systems that can help avert potentially dangerous situations. With workplace violence against caregivers increasing 115% since 2021, many healthcare organizations are, indeed, looking to protect workers from harm — and to shield their organizations from resultant financial distress.Editor's Note: Workplace violence and staff safety continues to trend as a root cause for nursing and other healthcare strikes across the nation. Examine your organization's Incident Reports and QAPI initiatives. What needs to be addressed?

7 of the top tech and IT jobs in demand for the future TechTarget; by David Weldon; 6/24/24 Businesses of the future will rely on workers with IT skills even more than they do today. Find out which jobs might be most in demand and what those roles entail. ... Organizations are having to create new tech roles and redefine existing ones to manage the integration of AI and data into core business functions. Meanwhile, cybersecurity continues to be a top concern, as do digital transformation and cloud computing. These challenges are increasing the demand for job roles that merge technical expertise with strategic business acumen. ... So, what will be some of the hottest IT jobs of the future? ... Roles are listed in alphabetical order. 

Ransomware spikes after Change hack Becker's Health IT; by Naomi Diaz; 6/13/24 Following Change Healthcare's admission that it paid off hackers after its ransomware attack, there has been a spike in healthcare-related cyber incidents, Wired reported June 12. In April, cybersecurity firm Recorded Future identified 44 instances of cybercriminal groups targeting healthcare organizations with ransomware attacks. These attacks involved stealing data, encrypting systems and demanding ransom payments while holding networks hostage. This marks the highest number of healthcare ransomware victims recorded in a single month during Recorded Future's four years of data collection, Allan Liska, a threat intelligence analyst at the company told Wired.