Literature Review

ASTP Rule codifies requirements for TEFCA-Qualified health information networks McDermott Will & Emery, Washington, DC; by James A. Cannatti III, Jennifer S. Geetter, and Nathan Gray; 1/15/25 On December 16, 2024, the US Department of Health and Human Services (HHS) Assistant Secretary for Technology Policy/Office of the NationaTl Coordinator for Health Information Technology (ASTP) published the Health Data, Technology, and Interoperability: Trusted Exchange Framework and Common Agreement (TEFCA) final rule in the Federal Register as part of its continued focus on improving information sharing among healthcare stakeholders. Rather than codifying comprehensive substantive and procedural requirements for entities participating in TEFCA, the final rule provides a flexible framework establishing how such decisions will be made in current and future subregulatory documents. 

Cybersecurity in 2025: Agentic AI to change enterprise security and business operations in year ahead SC Media; by Stephen Weigand; 1/9/25 In 2025, significant advancements in agentic artificial intelligence (AI) systems will drive new AI-based cyber defensives, driving new solutions to help organizations carry out specific goals, making decisions, and taking mitigation action with minimal human intervention. However, as these agentic AI systems become integral to business operations, they will also expose organizations to new risks. Nicole Carignan, VP of strategic cyber AI at Darktrace, highlights that multi-agent AI systems, while offering unparalleled efficiency for complex tasks, will introduce vulnerabilities such as data breaches, prompt injections and data privacy risks.

Patient sues California hospital network over ransomware attack Becker's Hospital Review; by Naomi Diaz; 1/6/24 PIH Health is facing a lawsuit over a ransomware attack that hit the health system on Dec. 1, Pasadena Star-News reported Jan. 5. Ferdinand Rivera has filed a lawsuit against PIH Health, accusing the health system of negligence, invasion of privacy and other violations following the ransomware attack. The cyberattack crippled information technology systems and phone lines across three hospitals — PIH Health Downey Hospital, PIH Health Whittier Hospital and PIH Health Good Samaritan Hospital in Los Angeles — as well as urgent care centers, physicians' offices, and home health and hospice services. Mr. Rivera's lawsuit, the first among more than a dozen filed in Los Angeles Superior Court, seeks unspecified damages, according to the Daily Journal.

Things CIOs and CTOs need to do differently in 2025 Information Week; by Lisa Morgan; 12/18/24 As CIOs and CTOs head into a new year, they always have priorities. Greater agility is a key theme in 2025. ... “Keep ahead or at least on top of the cybersecurity, artificial intelligence, and data analytics skills that are needed. Acquire talent and develop that talent so your company remains competitive,” says [Loren Margolis, faculty, Stony Brook University]. “Find ways to use [AI and analytics] to become even more agile so you remain competitive. Also embrace them as opportunities to train and develop your workforce. Make sure your organization is a place where great tech talent can come to develop and use their skills.” The following are some other priorities for 2025:

Promoting the resilience of health care information systems—The day hospitals stood stillJAMA Health Forum; Daniel B. Kramer, MD, MPH; Kevin Fu, PhD; 11/24On Friday, July 19, 2024, health care workers woke to emails declaring systemwide information technology (IT) emergencies. Because Crowdstrike had access to the most sensitive core parts of the Windows operating system, the automated process caused an immediate global outage of computer systems using the Crowdstrike Falcon product, which is embedded in many computer systems at health care organizations. Rather than accept this event as inherent to a complex, digitized, and wired health care ecosystem, we urge the US Congress, health care regulators, and the public to insist on proactive preventive methods to avoid future IT catastrophic events rather than simply waiting for the next disruptive crisis requiring an emergent response.

Will AI help improve healthcare security in 2025? Health IT Answers; by Roberta Mullin; 12/10/24 The healthcare sector is particularly vulnerable to cybersecurity risks and the stakes for patient care and safety are particularly high. Healthcare facilities are attractive targets for cyber criminals in light of their size, technological dependence, sensitive data, and unique vulnerability to disruptions. Strengthening our cybersecurity infrastructure and defending against malicious attacks requires vigilance, vision, and collaboration. Can AI help improve healthcare security? We asked our experts what improvements to security we might see in 2025. Here is what they had to say. ... [Click on the title's link to read input from 21 healthcare IT experts.]

PIH Health hospitals targeted in ransomware attack CBS News KCAL, Los Angeles, CA; by Laurie Perez and Dean Fioresi; 12/4/24 PIH Health was targeted in a ransomware attack, forcing officials to completely shut their network offline and leaving millions in the dark when it comes to healthcare. ... Officials say that they were targeted on Sunday by a "criminal act" that "compromised their network." In turn, network services were turned off at their hospitals in Downey, Whittier and downtown LA. ... "Meeting the healthcare needs of our communities remains our highest priority," said a statement from PIH Health. "We continue to provide care during our downtime procedures at all of our facilities, including all three hospitals, medical offices, home health, hospice, outpatient imaging and laboratory."

What healthcare CFOs don’t know about cybersecurity — and what they should ask their CISOs Healthcare Finance Technology (HFMA); by Plante Moran; 12/2/24Cybersecurity is a growing concern for all healthcare organizations amid the ongoing rise of ransomware attacks and other threats. In 2023, the number of reported data breaches in the U.S. rose to an all-time high of 3,205, a 78% increase from 2022, while the average cost of a healthcare data breach hit $10.93 million. What’s driving these alarming figures isn’t necessarily a lack of technology or talent. ... By rethinking their approach to collaboration and risk management, healthcare CFOs can more effectively align security with both technology and the business to help their organizations become more resilient. ... How ready is our organization for an attack? ... 

Ascension president addresses UN on cyberattacks Becker's Hospital Review; by Kristin Kuchno; 11/11/24 Eduardo Conrado, president of St. Louis-based Ascension, discussed the health system's May ransomware attack at a Nov. 8 United Nations Security Council meeting. The council met to discuss strategies for countering cyberattacks in healthcare, according to a Nov. 8 news release from the U.N. Ascension's response to the May 8 ransomware attack cost the health system approximately $130 million. The attack forced its hospitals and clinics off its EHR system and disrupted key diagnostic services, including MRIs and CT scans. ... "Overnight, nurses were unable to quickly look up patient records from the computer stations and were forced to comb through paper back-ups for patient medical history and medications," Mr. Conrado said at the meeting.  ... A comprehensive approach is key, Tedros Adhanom Ghebreyesus, PhD, director-general of the World Health Organization, told the U.N. "Countries should invest not only in technologies for detecting and mitigating cyberattacks but in training staff to respond to them," he added...

A new low? Hacker group targets end-of-life pharmacy provider TechInformed (TI); by Ann-Marie Corvin; 10/28/24 OnePoint Patient Care, an Arizona-based hospice pharmacy serving over 40,000 patients per day, has informed customers about a data breach impacting personal information. OnePoint said it first detected suspicious activity on its network in early August. A later investigation revealed that by this point, the attackers had already obtained files containing personal information from the pharmacy’s systems, including names, residence information, medical records, and prescription and diagnosis information. OPPC told the US Department of Health and Human Services that the data breach impacted over 795,000 people.

Change Healthcare cyberattack impacts 100 million people Becker's Health IT; by Naomi Diaz; 10/25/24 The Feb. 21 ransomware attack on UnitedHealth Group subsidiary Change Healthcare has impacted 100 million individuals. The number of impacted individuals was posted on the Office for Civil Rights Breach Portal, which is used for reporting breaches of unsecured protected health information under HIPAA. Previously, UnitedHealth said that the data stolen by hackers likely covered a "substantial proportion of people in America." The cyberattack crippled financial operations for hospitals, insurers, pharmacies and medical groups nationwide. In July, the organization began sending out breach notification letters to individuals affected by the attack.  

Ransomware attack at Texas health system spreadsBecker's Health IT; by Giles Bruce; 10/9/24When hackers strike a health system, it can have far-reaching effects beyond just the original target. That's been the case with the Sept. 26 ransomware attack against Lubbock, Texas-based UMC Health System. That event has also ensnared Lubbock-based Texas Tech University Health Sciences Center and Texas Tech Physicians, which share IT systems with UMC Health. The medical school and its affiliated physician group are now in downtime, unable to access their EHR or receive patient portal messages or faxes. Their phone lines are experiencing intermittent outages as well. However, their clinics remain open, as do their pharmacies, albeit with reduced capacity.

77% of health system IT employees eyeing new jobs Becker's Health IT; Naomi Diaz; 9/25/24 Health system IT employees are keeping their options open, with 77% actively seeking new jobs or planning to do so within the next year, according to Bloomforce's "2024 EHR Salary Insights Report." The report, based on an online survey conducted between November and December 2023, gathered responses from 284 healthcare professionals across various roles, including application analysts, team leads, project managers and people managers. It explored areas such as salary, job satisfaction, work-life balance, talent retention and attitudes toward remote work. Here are some key findings from the report: [Click on the title's link to read more.]