Literature Review

Ascension health care network disrupted by cyberattack, interrupting clinical operations CBS Chicago News; by Adam Harrington and Matthew Cramer; 5/9/24 The Ascension health care network announced Wednesday that its clinical operations have been disrupted by a cyberattack. In a news release, Ascension said it responded immediately, and access to some systems has been interrupted with remediation efforts in progress. "Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible," Ascension said in a news release. "There has been a disruption to clinical operations, and we continue to assess the impact and duration of the disruption."

Wide-ranging health care bill gets final approval from CT House CT Mirror - Connecticut's Nonprofit Journalism; by Jenna Carlesso; 5/6/24The House gave final passage Monday to a wide-ranging health care bill that would add protections for home care workers, boost preparedness for cyberattacks at medical facilities and establish new regulations for the state’s health information exchange, among other reforms. ... The sections on additional protections for home care workers were prompted by the murder of visiting nurse Joyce Grayson, who was killed in October while working at a halfway house in Willimantic. ... The bill requires home health aide agencies to collect certain client information upon intake and make it available to any employee assigned to the client. Information includes a history of violence against health care workers, domestic abuse, substance use, psychiatric history, any listing on a sex offender registry, the crime rate of the municipality the person lives in, and whether there are any weapons or safety hazards in the home. [Click on the title's link for more important information about this bill's safety measures.]

CIOs' top 15 priorities over next 3 years Becker's Health IT; by Giles Bruce; 5/1/24 CIOs' top priority over the next one to three years will be driving business innovation, according to a recent CIO survey. That differs from their current No. 1 focus, which is cybersecurity, per an April CIO story. Here are the activities CIOs plan to spend more time on in the next one to three years, according to the 2024 survey of 1,126 IT leaders: ... [click on the title's link for the list]. 

AMA responds to UnitedHealth confirmation of stolen data from Change HealthcareAmerican Medical Association; 4/24/24The American Medical Association (AMA) is deeply concerned about the April 22 announcement from UnitedHealth Group (UHG) indicating vast amounts of sensitive medical data might have been stolen from Change Healthcare’s system and in the hands of malicious ransomware groups. “The AMA appreciates UHG’s statement outlining efforts to contain damage and provide support for people who are concerned about their personal data,” said AMA President Jesse M. Ehrenfeld, M.D., M.P.H. “The AMA urges UHG to quickly operationalize and fulfill its promises to help patients and physicians affected by the breach.”

Kaiser notifies 13 million patients of breachBecker's Health IT; by Naomi Diaz; 4/25/24Oakland, CA-based Kaiser Foundation Health Plan is notifying current and former patients that it shared information with third-party advertisers. Kaiser Foundation Health Plan reported to the HHS' data breach portal that 13.4 million current and former patients were affcted by the breach. The cause of the breach, according to an April 25 report from TechCruch, was the use of online technologies on its websites and mobile applications that "may have transmitted personal information to third-party vendors."

Kisco Senior Living data breach could affect more than 26,000 McKnights Senior Living, by Lois A. Bowers; 4/22/24 More than 26,000 Kisco Senior Living residents and others could have been affected by a June hacking incident, legal counsel for the company said last week. The Carlsbad, CA-based operator, which manages 25 senior living communities across eight states and Washington, DC, said in an April 16 letter to those potentially affected that the data breach occurred around June 6. Names and Social Security numbers could have been revealed in the incident, according to counsel.

Healthcare still underprepared for scope of cyber threats, says Kroll reportHealthcare IT News, by Andrea Fox; 4/17/24Healthcare is the industry that's most likely to self-assess as having "very mature security," according to a new cyber readiness report from Kroll. But it's also one of the most-breached sectors – topping the list in 2022 and coming in second this past year. That discrepancy can be traced to many factors – not least the fact that healthcare organizations have long been among the top targets of cybercriminals and bad actors.

New phase of Change Healthcare attack begins as hackers leak data KFF Health News; 4/15/24RansomHub, a hacking group, is sharing pieces of data stolen in the Change Healthcare cyberattack as it seeks ransom payments. The data include hospital bills and company contracts, Axios says. Meanwhile, UnitedHealth took an $872 million profit hit from the February attack. Editor's Note: This post provides links to related articles in Axios, Reuters, The Hill, and Modern Healthcare.

Why home-based healthcare could invite cyberattacks Modern Healthcare, by Diane Eastabrook; 3/29/24 Cybersecurity experts warn that as more healthcare is provided in patients’ homes, the flow of data between those locations, vendors and providers raises the risk for ransomware attacks. In the wake of the Change Healthcare attack, cybersecurity consultants are scrutinizing home-based care — particularly the storage and transfer of data through telehealth, remote patient monitoring and wearable devices. 

Hospital struggles to restore MyChart months after cyberattack Becker's Health IT, by Giles Bruce; 4/1/24 Lurie Children's Hospital of Chicago is still trying to restore its MyChart patient portal two months after a cyberattack took its systems offline. ... The organization was struck by a "known criminal threat actor" and disconnected its IT and phone systems Jan. 31. A hacking group later claimed it sold the hospital's data for $3.4 million. Lurie Children's has since restored its phones, email and EHR, but has been working to reinstate MyChart for weeks.

Disruptions to endure even as Change Healthcare fixes systems Modern Healthcare, by Lauren Berryman; 3/28/24 Providers and health insurance companies see a long road ahead that stretches past whenever UnitedHealth Group declares Change Healthcare is fixed. Full restoration of claims, billing and other processes won't mark the end of the mess that began with a cyberattack last month, which forced UnitedHealth Group to take Change Healthcare systems offline and plunged the healthcare sector into disarray. Healthcare organizations anticipate operational and financial effects even when Change Healthcare is up and running again. 

5 weeks of uncertainty: How the Change breach has unfolded Modern Healthcare, by Tim Broderick; 3/25/24 The healthcare industry is starting to play catch-up following a cyberattack on UnitedHealth Group’s Change Healthcare subsidiary nearly five weeks ago that forced the company to disconnect its vital everyday systems. Change Healthcare processes about 50% of medical claims and manages prior authorization requests and reimbursement processes. The unprecedented network outage has forced hospitals, nursing homes, pharmacies and other providers to scramble as they try to mitigate operational and financial challenges. ... Here's a closer look at the fallout from the Change Healthcare cyberattack.

Lawmakers threaten harsher penalties for negligent providers, CEOs in wake of crippling cyberattack McKnights Home Care; by Adam Healy; 3/20/24 Roughly a month after Change Healthcare fell victim to a cyberattack that debilitated a large section of the healthcare system, Sen. Ron Wyden (D-OR) and Xavier Becerra, secretary of the Department of Health and Human Services, devised a plan to penalize providers that fail to protect their patients’ data.