Literature Review

CMS teases new cybersecurity policies for third-party vendors Modern Healthcare; by Bridget Early; 9/13/24 The Centers for Medicare and Medicaid Services is planning oversight of third-party healthcare vendors in the wake of the Change Healthcare cyberattack, said Jonathan Blum, the agency's principal deputy administrator. Blum, who also serves as chief operating officer for CMS, said at Modern Healthcare's Leadership Symposium Thursday that the agency is working to determine what levers it can pull to ensure severe disruptions in care like those linked to the cyberattack on the UnitedHealth Group subsidiary aren’t repeated. ... Almost 133 million individuals were affected by healthcare data breaches last year, more than double the number of those affected in 2022 and a number equivalent to about 40% of the U.S. population.

The changing role of chief privacy officers Becker's Health IT; by Giles Bruce; 9/6/24 Chief privacy officers are expanding their roles to take on artificial intelligence and cybersecurity, according to the International Association of Privacy Professionals. Whereas chief privacy officers traditionally focused on being compliant with privacy laws, 69% now have responsibility for AI or data governance, 37% cover cybersecurity regulatory compliance, and 20% have platform liability duties, according to the IAPP survey of 671 professionals released Sept. 6. Some health systems have standalone chief privacy officers, but the hospital industry is more likely to have chief information security officers with privacy duties or a combined role. 

It could happen to you — how to prepare for and mitigate the fallout from a cyberattackMcKnight's Senior Living; by Kimberly Bonvissuto;8/28/24Everyone thinks they know about cybersecurity, but thinking about the effects a cyberattack could have on an organization should be enough to lose sleep over, according to risk management experts. ... Cybersecurity, at its core, is about confidentiality, integrity and availability, according to John P. DiMaggio, co-founder and CEO of Blue Orange Compliance, a risk assessment company. Including senior living in the definition of healthcare, he said that healthcare organizations are targets of cyber criminals because of their relatively weak defenses, the value of the data necessary for operations, and the numerous interfaces and sharing of information that occurs among providers. ... Reasonable security practices — considered the minimum — include risk analysis and management, access control measures, training, incident response planning, physical controls, technical safeguards, third party/vendor management, backup and disaster recovery and patch management. But DiMaggio recommended going above that minimum threshold by using recognized security practices to mitigate penalties and ensure regulatory compliance. Those practices, he said, include email and endpoint protection, access management, data loss prevention, asset and network management, vulnerability management, incident response, medical device security and cybersecurity policies.

Empowering patient access, protection, and choice: The 21st Century Cures Act eight years on Healthcare Business Today; by David Navarro; 7/26/24 The 21st Century Cures Act, signed into law in December 2016, marked a significant shift in the healthcare landscape by focusing on patient empowerment through enhanced access to medical records, stringent privacy protections, and increased choices in healthcare options. Eight years later, this landmark legislation continues to revolutionize the interaction between patients, providers, and the healthcare system. Recently, The U.S. Department of Health and Human Services (HHS) issued an updated ruling to the Act to establish penalties for healthcare providers who engage in information blocking. This rule, aims to deter practices that prevent or discourage the access, exchange, or use of electronic health information (EHI).

HHS unveils major revamp to shift health data, AI strategy and policy under ONC Fierce Healthcare; by Emma Beavins; 7/25/24 The Office of the National Coordinator for Health Information Technology (ONC) has been renamed and restructured, the Department of Health and Human Services (HHS) announced [July 25]. The restructuring will affect technology, cybersecurity, data and artificial intelligence strategy and policy functions. The agency will be renamed the Office of the Assistant Secretary for Technology Policy and Office of the National Coordinator for Health Information Technology (ASTP/ONC). Head of ONC, Micky Tripathi, will hold the new title of assistant secretary for technology policy in addition to his title of national coordinator for health IT. ... Under ASTP, there will be an Office of Policy, an Office of Technology, an Office of Standards, Certification and Analysis and an Office of the Chief Operating Officer. 

Keeping staff members safe and sound by optimizing security technology Security; by Paul Sarnese; 7/12/24 Nobody wants to invest in technology, only to have it go the way of the stationary bike that sits unused in the corner of a room. That holds true for healthcare organization leaders who are looking to invest in staff safety alarm systems that can help avert potentially dangerous situations. With workplace violence against caregivers increasing 115% since 2021, many healthcare organizations are, indeed, looking to protect workers from harm — and to shield their organizations from resultant financial distress.Editor's Note: Workplace violence and staff safety continues to trend as a root cause for nursing and other healthcare strikes across the nation. Examine your organization's Incident Reports and QAPI initiatives. What needs to be addressed?

7 of the top tech and IT jobs in demand for the future TechTarget; by David Weldon; 6/24/24 Businesses of the future will rely on workers with IT skills even more than they do today. Find out which jobs might be most in demand and what those roles entail. ... Organizations are having to create new tech roles and redefine existing ones to manage the integration of AI and data into core business functions. Meanwhile, cybersecurity continues to be a top concern, as do digital transformation and cloud computing. These challenges are increasing the demand for job roles that merge technical expertise with strategic business acumen. ... So, what will be some of the hottest IT jobs of the future? ... Roles are listed in alphabetical order. 

Ransomware spikes after Change hack Becker's Health IT; by Naomi Diaz; 6/13/24 Following Change Healthcare's admission that it paid off hackers after its ransomware attack, there has been a spike in healthcare-related cyber incidents, Wired reported June 12. In April, cybersecurity firm Recorded Future identified 44 instances of cybercriminal groups targeting healthcare organizations with ransomware attacks. These attacks involved stealing data, encrypting systems and demanding ransom payments while holding networks hostage. This marks the highest number of healthcare ransomware victims recorded in a single month during Recorded Future's four years of data collection, Allan Liska, a threat intelligence analyst at the company told Wired. 

5 things to know about the sorry state of healthcare cybersecurityMedCity News; by Katie Adams; 5/22/24Nitin Natarajan, deputy director at the Cybersecurity and Infrastructure Security Agency (CISA), shared some key ideas that people need to understand about the current state of cybersecurity in the healthcare industry.

Healthcare rethinks cybersecurity staffing as threats rise Modern Healthcare; by Gabriel Perna; 5/28/24... Health systems and insurers are dealing with the aftermath of the industry’s latest large-scale ransomware attacks, ... Conversations are happening over whether organizations should be bringing in outside consultants or hiring more employees, executives say. ... In 2023, a record 133 million individuals were potentially affected by healthcare data breaches, according to the Health and Human Services Department's Office for Civil Rights breach portal. ... One of the biggest challenges healthcare organizations face in dealing with these threats is hiring qualified talent, according to a survey of cybersecurity professionals within the industry the Healthcare Information and Management Systems Society published in March.

HHS puts $50M toward hospitals' ransomware fightBecker's Health IT; by Molly Gamble; 5/20/24A new agency within the National Institutes of Health is launching a $50 million initiative to develop tools for hospital IT teams that enhance their cybersecurity measures and resources to combat ransomware. On May 20, the Advanced Research Projects Agency for Health introduced its Universal PatchinG and Remediation for Autonomous DEfense, or UPGRADE, program. "What if every hospital could autonomously protect itself and patients from cyber threats?" That is the guiding question for the initiative, which aims to develop a tailored and scalable software suite of remediations and patches for hospitals, reducing the patching time for vulnerable healthcare products to days or weeks.

Amazon seeks nonprofit healthcare, EHR expertise Becker's Helath IT; by Laura Dyrda; 5/13/24 Amazon is looking to hire leaders with experience in nonprofit healthcare and EHRs, according to recent job postings on the tech giant's website. Amazon Web Services has a listing for "Senior Solutions Architect, Healthcare, Nonprofit Health, Nonprofit Healthcare" seeking an individual with a passion for helping nonprofit healthcare providers implement cloud computing solutions. ... [Amazon] is also hiring for an account executive focused on nonprofit healthcare and global nonprofit healthcare. The company is searching for a "proven business executive in the NP healthcare sector to lead and continue to expand the business with some of our most important healthcare customers and develop new customers across a targeted greenfield market."