Literature Review

'Fast and furious' AI sparks health system refocus Becker's Health IT; by Laura Dyrda; 2/19/25Health systems are beginning to hire chiefs of artificial intelligence and other AI leaders to bring new expertise into the system with the goal of becoming a more sophisticated, data-driven organization. Lisa Stump, executive vice president, chief digital information officer and vice dean of information technology at Mount Sinai Health System and Icahn School of Medicine at Mount Sinai in New York City, participated in the search and hiring process for Girish Nadkarni, MD, Mount Sinai's first chair of artificial intelligence and human health to create a formal department at the Icahn School of Medicine dedicated to AI. She now partners with him and the system's chief clinical officer – calling themselves the "digital and technology partners" group – to structure a center of excellence around AI and digital health, focusing on the patient and consumer experience.

Change Healthcare data breach: Industry 'not fine' 1 year later Modern Healthcare; by Lauren Berryman; 2/19/25 It’s been one year since the unprecedented Change Healthcare cyberattack crippled hospitals, medical groups, payers and pharmacies. For some providers, troubles linger. The industry continues to grapple with the aftermath of the breach of UnitedHealth Group's technology subsidiary, which exposed data on 190 million consumers. Core functions, including claims processing, prescription management, payment, prior authorization and insurance verification froze after UnitedHealth disconnected systems Feb. 21, 2024, following the hack by ransomware group BlackCat.

'It's not about technology or dashboards': What health systems need from IT execs next Becker's Health IT; by Laura Dyrda; 2/4/25 Health system IT leaders are entering a new era of leadership amid transformational technology platform purchases, artificial intelligence integration and cybersecurity advancements. But being the most technically proficient no longer guarantees leaders the top role. ... Healthcare IT leaders can become distracted by the bells and whistles of new technology and move forward without considering the patient experience. ... Staying close to the health system's mission is critical for IT leaders, and [Christopher Hutchins, senior vice president and chief data and analytics officer at Lifepoint Health] ties the technology back to patient care. He prioritizes his teammates and colleagues, listening carefully to what they need. Notable mentions: James Forrester, Chief Technology Officer at University of Rochester (NY) Medical Center; Donna Roach, CIO of University of Utah Health; and Christopher Hutchins, senior vice president and chief data and analytics officer at Lifepoint Health 

Ransomware attack prompts Maryland hospital to take systems offlineBecker's Health IT; by Naomi Diaz; 1/27/25A ransomware attack prompted Frederick (Md.) Health to take its systems offline as a precaution. The incident, according to a Jan. 27 news release, is under investigation and has caused some service delays, though most appointments are continuing as scheduled.Publisher's note: While this impacts a hospital system, they have a hospice, too. How might you prepare for a ransomware attack before it happens?

Cyber Threats 2025 Teleios Collaborative Network (TCN); by Joel Garr; 1/28/25One of the biggest worries hospices face today is the threat of a cyberattack. ... Experts say there are four steps to developing the plan.

Healthcare under siege: Defending hospitals from ransomware threats Cylera; by Maureen Sahualla; 1/22/25 Hospitals today are very concerned about ransomware attacks - and rightly so. A recent research report from Comparitech, Ransomware Roundup: 2024 End-of-Year Report (published on January 9th, 2025) found:

ASTP Rule codifies requirements for TEFCA-Qualified health information networks McDermott Will & Emery, Washington, DC; by James A. Cannatti III, Jennifer S. Geetter, and Nathan Gray; 1/15/25 On December 16, 2024, the US Department of Health and Human Services (HHS) Assistant Secretary for Technology Policy/Office of the NationaTl Coordinator for Health Information Technology (ASTP) published the Health Data, Technology, and Interoperability: Trusted Exchange Framework and Common Agreement (TEFCA) final rule in the Federal Register as part of its continued focus on improving information sharing among healthcare stakeholders. Rather than codifying comprehensive substantive and procedural requirements for entities participating in TEFCA, the final rule provides a flexible framework establishing how such decisions will be made in current and future subregulatory documents. 

Cybersecurity in 2025: Agentic AI to change enterprise security and business operations in year ahead SC Media; by Stephen Weigand; 1/9/25 In 2025, significant advancements in agentic artificial intelligence (AI) systems will drive new AI-based cyber defensives, driving new solutions to help organizations carry out specific goals, making decisions, and taking mitigation action with minimal human intervention. However, as these agentic AI systems become integral to business operations, they will also expose organizations to new risks. Nicole Carignan, VP of strategic cyber AI at Darktrace, highlights that multi-agent AI systems, while offering unparalleled efficiency for complex tasks, will introduce vulnerabilities such as data breaches, prompt injections and data privacy risks.

Ascension Living residents, employees among 6 million affected by data breach McKnights Senior Living; by Kathleen Steele Gaivin; 1/6/24 Senior living and care residents and employees are among the six million people Ascension said Dec. 19 that it was notifying of potential stolen personal information in the wake of a May 8 ransomware attack. The St. Louis-based nonprofit healthcare network, which includes Ascension Living, operator of three dozen senior living and care communities and also a provider of home care and hospice services, announced Dec. 19 that a review by third-party experts of the attack was complete. On that date, Ascension began notifying individuals whose personal information was involved and is providing them with free credit monitoring and identity protection services.

Things CIOs and CTOs need to do differently in 2025 Information Week; by Lisa Morgan; 12/18/24 As CIOs and CTOs head into a new year, they always have priorities. Greater agility is a key theme in 2025. ... “Keep ahead or at least on top of the cybersecurity, artificial intelligence, and data analytics skills that are needed. Acquire talent and develop that talent so your company remains competitive,” says [Loren Margolis, faculty, Stony Brook University]. “Find ways to use [AI and analytics] to become even more agile so you remain competitive. Also embrace them as opportunities to train and develop your workforce. Make sure your organization is a place where great tech talent can come to develop and use their skills.” The following are some other priorities for 2025:

Promoting the resilience of health care information systems—The day hospitals stood stillJAMA Health Forum; Daniel B. Kramer, MD, MPH; Kevin Fu, PhD; 11/24On Friday, July 19, 2024, health care workers woke to emails declaring systemwide information technology (IT) emergencies. Because Crowdstrike had access to the most sensitive core parts of the Windows operating system, the automated process caused an immediate global outage of computer systems using the Crowdstrike Falcon product, which is embedded in many computer systems at health care organizations. Rather than accept this event as inherent to a complex, digitized, and wired health care ecosystem, we urge the US Congress, health care regulators, and the public to insist on proactive preventive methods to avoid future IT catastrophic events rather than simply waiting for the next disruptive crisis requiring an emergent response.

Will AI help improve healthcare security in 2025? Health IT Answers; by Roberta Mullin; 12/10/24 The healthcare sector is particularly vulnerable to cybersecurity risks and the stakes for patient care and safety are particularly high. Healthcare facilities are attractive targets for cyber criminals in light of their size, technological dependence, sensitive data, and unique vulnerability to disruptions. Strengthening our cybersecurity infrastructure and defending against malicious attacks requires vigilance, vision, and collaboration. Can AI help improve healthcare security? We asked our experts what improvements to security we might see in 2025. Here is what they had to say. ... [Click on the title's link to read input from 21 healthcare IT experts.]

PIH Health hospitals targeted in ransomware attack CBS News KCAL, Los Angeles, CA; by Laurie Perez and Dean Fioresi; 12/4/24 PIH Health was targeted in a ransomware attack, forcing officials to completely shut their network offline and leaving millions in the dark when it comes to healthcare. ... Officials say that they were targeted on Sunday by a "criminal act" that "compromised their network." In turn, network services were turned off at their hospitals in Downey, Whittier and downtown LA. ... "Meeting the healthcare needs of our communities remains our highest priority," said a statement from PIH Health. "We continue to provide care during our downtime procedures at all of our facilities, including all three hospitals, medical offices, home health, hospice, outpatient imaging and laboratory."