Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label COVID-19. Show all posts
Technology
COVID-19 Data collection Doctors EMR Hospital Information System Hospitals National Digital Health Mission National Health Stack NITI Aayog Technology

Realising the Potential of EMR Systems in Indian Healthcare

 


A hospital electronic medical record (EMR) serves as a tool for managing hospital orders, handling hospital workflows, and securing healthcare information from unauthorized access. It strives to improve the healthcare delivery process by reducing healthcare costs, optimizing profits, and improving patient outcomes. 

Electronic medical records (EMRs) are individual medical records stored electronically. Medical information is stored in a variety of ways in an EMR. The data set includes a wide range of medical information, including medical history, prescriptions, allergies to drugs, hospital bills, etc. 

A paper-based system is currently in use, which is insufficient and ineffective, requires a lot of maintenance, and is inefficient. In contrast, it has several advantages over EMR, such as its portability, collaboration, and ease of data recovery. 

Doctors can make more efficient healthcare decisions with an EMR because it facilitates their decision-making process. The use of EMRs also enables healthcare providers to collect, maintain, and easily retrieve patient medical records through hospital information systems (HIS), which are web-based applications. EMRs not only assist in managing healthcare data, but they also help in managing hospital orders, managing hospital workflows, and securing medical records. All the processes involved in the delivery of healthcare are optimized to reduce costs and maximize profits for the benefit of the patient. 

The electronic medical record (EMR) market in India is experiencing demand growth driven by several factors, increasing demand for EMRs. As chronic diseases are becoming more prevalent, it is becoming increasingly important to provide high-quality, cost-effective healthcare services to meet the increasing demand. 

Further, the Indian government is encouraging the adoption of electronic medical records (EMRs) through initiatives such as the National Digital Health Mission, which is promoting digital initiatives in the healthcare sector. Fortis Healthcare's 2022 annual report indicates that the implementation of Electronic Medical Records (EMR) has played a significant role in the company's digital transformation efforts and has contributed substantially to its growth in online revenue as a result of digital transformation efforts. 

As the report indicated, online revenue was up by 48% in the second quarter of 2022. This was a result of digital channels' increased adoption. With digital channels, the company may be able to offer more comprehensive healthcare services and increase revenue streams. This is done by automating patient records and providing real-time access to data.  

The National Digital Health Blueprint (NDHB), which was proposed in 2019, intends to set up a system for building and managing the necessary infrastructure and data for the seamless exchange of health data, as well as promote the adoption of open standards and develop several digital health solutions encompassing wellness as well as disease prevention. Interesting to note is that in addition to using existing information systems within the health sector, the NDHB also seeks to unlock new ones from within.

Today, thanks to artificial intelligence and high-end data, healthcare experts and clinicians in India are becoming increasingly aware of the potential of these technologies. Despite this, radiology, billing, or registration will be the only areas where standardized electronic health records are being implemented.  

Doctors can benefit from EMR over traditional note-taking, with enhanced patient care, a reduction in paperwork, and easier access to patient information. Furthermore, it facilitates better coordination between healthcare providers across a wide variety of healthcare settings. Let's take a look at some of the factors that are driving the growth of the Indian economy. 

EMR Implementation in India is Primarily Driven by the Following Factors 

A key driver of electronic medical records adoption in India is a desire to reduce costs. By reducing paper, storage, personnel, and software expenses for medical records, EMR systems can save employers considerable amounts of money. 

EMRs offer many other benefits to the patient, including improved patient care as one of them. As a consequence, physicians can access vital medical information quickly about a patient, such as allergies, medications, and past health history. They are better able to make informed decisions when treating the patient. 

A healthcare provider can ensure the safety and confidentiality of patient data by implementing an EMR system. It is considered that EMRs are more secure than paper databases because they restrict access to only those licensed to view information. The result is that there is a reduced risk of sensitive patient information being accessed by unauthorized persons. 

Healthcare providers can take advantage of the benefits offered by EMRs by increasing their efficiency. The ease of access to digital patient information and the availability to make updates leads to improved patient care as well as fewer delays. 

The National Data Protection Act, which has been recently enacted in India, is one of the rules and regulations that regulate medical data. As long as healthcare providers can comply with the seven principles of the Data Protection Act, they can meet these regulations. They will also be able to ensure compliance with these regulations through EMR.

A top EMR software package will also enable patients to engage in their care in a more meaningful way. A patient's medical records can be accessed, their care and treatments can be reviewed, and they can take an active part in their care by accessing their records. 

As a result of all these factors, the use of Electronic Medical Records has mushroomed in India over the past decade. EMR systems will be adopted by a larger number of healthcare providers in the future. 

Only a few hospitals and clinics have successfully implemented electronic medical records (EMRs) in India, a country where technology is still in its infancy. As awareness about the benefits of EMR software grows in India, it is expected that more and more facilities will start using this system in their facilities as part of their standard of care. 

In the past few years, the Indian healthcare market has seen an increase in hospital admissions and patient visits as a result of the COVID-19 pandemic. As per a report by the Ministry of Health and Family Welfare, Government of India, in 2022, the number of admissions to hospitals will reach 2.92 lacks, with 5,010 admissions for patients staying in hospitals inside. 

There has also been an increase in the need for electronic medical records (EMRs) in the country due to this increase in the demand for healthcare services in the country. No doubt keeping accurate and up-to-date medical records has become even more imperative with more and more patients seeking medical care. A health records management system is a system designed to keep track of the health records of their patients, enabling them to make informed decisions and deliver better healthcare to their patients. 

There is a revolutionary digital framework proposed by the National Institution for Transforming India (NITI Aayog), which aims to create digital health records for all Indian citizens by the year 2022 following the introduction of the "National Health Stack". As part of the National Health Stack initiative, the purpose of creating a unified system is to collect, manage, and share EMRs among actors and stakeholders in the Indian healthcare sector. 

Efforts like these are expected to increase the amount of EMR users in India and accelerate the market's growth in the coming years. Using this technology will ensure the promotion and enhancement of innovation in healthcare, as well as enhance patient access and outcomes. A significant step that China is taking towards improving the health care services provided in the country is the launch of the National Health Stack. 

To improve the delivery of healthcare in all areas of the country, the Indian government has actively promoted the adoption of digital health technologies, including electronic medical record (EMR) systems. A national health and safety network, also known as the NHS, was launched in 2018 as part of a government initiative to build an ecosystem of digital health services. This was to support healthcare delivery. 

A core building block of an NHS program is the development of a unique health ID as well as health registries that will form the foundation of it. A common digital healthcare infrastructure can be created across the country, using these block-level building blocks. Also, the government has launched a scheme called Ayushman Bharat, which aims to provide free medical assistance to all vulnerable populations up to a certain level as a measure of protecting them.
Read more »
Privacy
COVID-19 COVID-19. E-Commerce NCSC Online Shopping Privacy

NCSC Urges Customers to Stay Aware About Scams On E-commerce Platforms

 

National Cyber Security Centre (NCSC) made a final request to customers prior to the busiest weekend before Christmas, to be aware of fraud and data theft attacks. The GCHQ agency requested customers to secure their devices, be informed about unsolicited messages, and reduce the size of information they input into online shopping websites and e-commerce websites. As per the banking body of UK Finance, around €22 bn was spent online on Christmas shopping last year because of the Covid-19 pandemic. 

Currently, with the rise of the Omicron variant, 2021 probably experienced a similar pattern, risking more customers vulnerable online. The attacks may come in many forms, it may include phishing emails having fake shipping details, and fake warnings about hacked accounts or fake gift cards which require the user to share personal details in order to use the offers. Customers may also be contacted through social media messages and emails having "unbelievable" offers for popular discount gift items, like electronics. Once the customer falls for these tricks, he loses his money along with banking details and personal information, which is stolen by the hackers. 

As per NCSC, the urge to buy last moment presents during a festival may be a reason that customers fall victim to such attacks easily. In order to be safe, users can follow some practical steps like having a strong password on websites before placing an order. It is advised to use strong, unique passwords with two-factor authentication for every account, especially banking, email and payment services. Online customers are also advised to avoid unsolicited notifications, particularly messages linked to suspicious websites, and platforms that depend on payment with a credit card. 

Lastly, customers should log in as guests while making a purchase to avoid revealing too much personal information. As per NCSC, "if you think your credit or debit card has been used by someone else, let your bank know straight away so they can block anyone using it. Always contact your bank using the official website or phone number. Don't use the links or contact details in the message you have been sent or given over the phone."
Read more »
UK Firm
Christmas COVID-19 Cyber Fraud Fraud Mails Fraudulent Scheme Scammers Scams Smishing Scam Text Scams UK Firm

Consumers Warned of Rising Delivery Text Scams

 

Consumers are being advised to be wary of delivery scam texts while purchasing online for Christmas and Boxing Day sales. 

New research from cybersecurity firm Proofpoint shows that delivery 'smishing' scams are on the rise during the busiest shopping season of the year, according to UK Finance. So far in Q4, more than half (55.94%) of all reported smishing text messages impersonated parcel and package delivery firms. In Q4 2020, only 16.37 percent of smishing efforts were made. 

In comparison to Q4 2020, Proofpoint saw a considerable decrease in different types of smishing frauds in Q4 2021. Text scams mimicking financial institutions and banks, for example, accounted for 11.73 percent of all smishing attacks in 2021, compared to 44.57 percent in 2020. 

The information comes from Proofpoint's operation of the NCSC's 7726 text message system. Customers can use this method to report suspicious texts. 

Delivery smishing scams typically begin with a fraudster sending a bogus text message to the recipient alerting them that the courier was unable to make a delivery and demanding a charge or other information to rearrange. The consumer will be directed to a fake package delivery company's website, where they will be asked to provide personal and financial information. 

Following the significant development in online shopping during COVID-19, this form of scam has become increasingly common. Over two-thirds (67.4%) of all UK texts were reported as spam to the NCSC's 7726 text messaging system in the 30 days to mid-July 2021, according to Proofpoint. 

Which? revealed a very clever smishing fraud involving an extremely convincing DPD fake website in a recent investigation. 

Katy Worobec, managing director of economic crime at UK Finance, commented: “Scrooge-like criminals are using the festive season to try to trick people out of their cash. Whether you’re shopping online or waiting for deliveries over the festive period, it’s important to be on the lookout for scams. Don’t let fraudsters steal your Christmas – always follow the advice of the Take Five to Stop Fraud campaign and stop and think before parting with your information or money.” 

Steve Bradford, senior vice president EMEA at SailPoint, stated: “The sharp rise in text message scams – or smishing, which has increased tenfold compared to last year, should be a stark warning to the public. With parcel delivery scam texts expected to spike this Christmas, it’s clear cyber-criminals are using every opportunity available to target victims using new methods. This comes as more businesses use SMS to engage with customers, to accommodate the digital-first mindset that now characterizes many consumers. But this also opens the doors to threat actors able to masquerade as popular websites or customer service support."

“Consumers must be extra vigilant and refrain from clicking any links in text messages that they’re unsure about. It’s also crucial they are keeping their data, identities, and banking information safe – for example, by not taking pictures of their credit card and financial information, since photos often get stored in the cloud, which risks potential exposure to malicious actors.”
Read more »
Healthcare Hacking
Brazil COVID-19 Cyber Attacks Healthcare Hacking

Brazil's Ministry of Health has been Subjected to a Second Cyberattack in Less than a Week

 

Brazil's Ministry of Health has been subjected to a second cyberattack in less than a week, compromising a number of internal systems, including the platform that stores COVID-19 vaccination data. The announcement came three days after the department had suffered its first big ransomware attack, from which it was still recuperating. On Monday evening, health minister Marcelo Queiroga confirmed the second attack, saying the latest incident, which occurred in the early hours of the same day, was smaller than the first.

The initial cyberattack, which was discovered on Friday, rendered all Ministry of Health websites inaccessible. According to a message left by the Lapsus$ Group, which has claimed responsibility for the attack, 50TB of data was extracted and then erased from the MoH's systems. Queiroga later stated that the department has a backup of the data that was allegedly obtained during the cyberattack. 

According to the Federal Police, which is investigating the issue, the first attack exposed data on COVID-19 case notifications as well as the broader national vaccination programme, in addition to ConecteSUS. 

According to Queiroga, the department is currently attempting to restore the systems as soon as possible. However, he stated that the second attack meant that ConecteSUS, the platform that issues COVID-19 vaccination certificates, will not be accessible as scheduled. Queiroga stated that while the attempt was unsuccessful and no data was lost, the second incident "caused turmoil" and "got in the way" of restoring systems. The minister did not say when the impacted systems would be operational again. 

The governmental confirmation of the second cyberattack was followed by a statement issued by the Ministry of Health stating that Datasus, the department's IT function, performed a preventive systems maintenance exercise on Monday, resulting in systems being temporarily unavailable. Because of the second attack, civil servants were sent home on Monday because it was impossible to access the health ministry's core systems, such as the platforms that create COVID-19 pandemic reports. 

The Brazilian government's Institutional Security Office (GSI) issued a statement confirming new attacks on cloud-based systems managed by government agencies had taken place. It did not, however, disclose which departments or services were targeted. It went on to say that teams are being instructed to keep evidence and that best practices for incident management are being followed. 

An attack on the Brazilian Health Regulatory Agency (Anvisa) occurred in September; the hack targeted the healthcare declaration for travelers, which is required for visitors entering Brazil through airports. The attack occurred shortly after the cancellation of a World Cup qualification match between Brazil and Argentina, which Anvisa called off after four Argentine players were accused of violating COVID-19 travel guidelines.
Read more »
United Kingdom
COVID-19 Cyber Security Cybersecurity United Kingdom

UK's Failure to Address Cybersecurity Issue Can "Wreak Havoc"

 

Britain's long-term risk planning is running short on power, meaning the nation is exposed to cyber threats from external threats, according to the latest HoL (house of lord) report. The report titled "Preparing for extreme risks: Building a resilient society," was released by the Select Committee on Risk Assessment and Risk Planning (upper chamber) with 85 expert witnesses after the interview. 

According to the HoL report, "the Committee was formed amid the global upheaval of the COVID-19 pandemic. Whilst the Committee never intended to undertake a COVID-19 inquiry, the pandemic has taught us daily lessons about the need for better resilience. The whole of society currently is engaged in a fight against the virus." The report concludes that the government is spending a lot of time responding to emergencies and crises, ignoring the type of long-term plans which would have prepared the UK for the Covid-19 pandemic. The UK's failure to handle the Covid-19 outbreak was evident and clear. 

Besides this, the research analyzing the risk assessment process discovered that the current machinery doesn't have the proper task force to determine and address future problems and threats. But, the pandemic isn't the only risk that the UK is facing. Critical space weather incidents could affect smart technology, most of the users are dependent on it. It includes internet, GPS, power supplies, and communication systems. A cybersecurity attack on UK's national infrastructure can have major repercussions. An AXA report released earlier this year said cybersecurity is the second biggest global problem, after climate change. 

It was listed as the number one business risk in the coming decade by North American and UK survey respondents to WEF (World Economic Forum) report released in 2020. "We consider that generalized resilience is the right response to the threat of increasingly unpredictable risk. The Government’s risk management system should change from attempting to forecast and mitigate discrete risks, towards a more holistic system of preparedness. Reframing risk management through the lens of resilience would produce a risk management system that ties all sectors of society together," reports HoL.
Read more »
Phishing emails
COVID-19 Cyber Crime cybercriminals Login Credentials Phishing emails

Cybercriminals Exploit Omicron as an Enticement to Steal University Credentials

 

Researchers at Proofpoint have discovered an uptick in email threats aimed mostly at North American institutions and aiming to steal university login credentials. COVID-19 themes, such as testing data and the new Omicron variant, are frequently used by threats. Proofpoint observed COVID-19 themes affecting educational institutions throughout the pandemic, but persistent, targeted credential theft attacks against universities began in October 2021. Following the disclosure of the new Omicron variant in late November, threat actors began using it in credential theft campaigns. 

According to Brett Callow, a threat analyst with the cybersecurity firm Emsisoft, fraudsters frequently use news events to dupe their victims. “If there’s a significant event, be it a pandemic or a Super Bowl, it will be used as bait for phishing,” Callow said. 

According to Selena Larson, a senior threat intelligence analyst at Proofpoint and co-author of the blog post, the wave of phishing assaults mentioning the Delta, and now the Omicron, variations was extremely specific in its targeting of universities. She projected that the attacks will rise in the coming two months as colleges conduct more campus testing in response to both holiday travel and the emergence of the Omicron variation. 

The phishing emails utilized in these attacks contain either malicious attachments or URLs to pages designed to capture university account credentials. Although Proofpoint has identified several campaigns that use generic Office 365 login gateways, these counterfeit landing pages often replicate a university's official login portal. The threat actors behind some of these campaigns attempted to steal multifactor authentication (MFA) credentials by impersonating MFA providers such as Duo. An attacker can circumvent the second layer of security designed to keep out threat actors who already have access to a victim's credentials by stealing MFA tokens. 

Although a majority of the mails in these campaigns are transmitted through spoofed senders, Proofpoint has also detected threat actors using actual, compromised university accounts to send Covid-19 related threats. Attackers are most likely stealing credentials from colleges and sending the same threats to other universities via compromised mails. 

 To avoid becoming a victim of these or other email-based threats, university students should carefully check the email addresses of messages they receive, avoid clicking on any links in suspicious emails, and refrain from logging into their school's online portal after clicking on links in emails that appear to have originated from their university or college, said the researchers.
Read more »
Sensitive data
COVID-19 Cyber Attacks Healthcare Hacking Hive Ransomware Ransomware Sensitive data

Ransomware Groups are Escalating Their Attacks on Healthcare Organizations

 

Ransomware groups have shown no signs of declining their attacks on hospitals, apparently intensifying attacks on healthcare institutions as countries all over the world cope with a new wave of COVID-19 virus. 

Two healthcare institutions in California and Arizona have begun sending out breach notification letters to thousands of people after both disclosed that sensitive information — including social security numbers, treatment information, and diagnosis data —, was obtained during recent hacks. 

LifeLong Medical Care, a California health facility, is mailing letters to about 115 000 people informing them of a ransomware attack on November 24, 2020. The letter does not specify which ransomware gang was responsible. Still, it does state that Netgain, a third-party vendor that offers services to LifeLong Medical Care, "discovered anomalous network activity" only then concluded that it was a ransomware assault by February 25, 2021. 

Netgain and LifeLong Medical Care finished their investigation by August 9, 2021. They discovered that full names, Social Security numbers, dates of birth, patient cardholder numbers, treatment, and diagnosis information were accessed and/or obtained during the assaults. 

Credit monitoring services, fraud alerts, or security freezes on credit files, credit reports, and stay attentive when it comes to "financial account statements, credit reports, and explanation of benefits statements for fraudulent or unusual behavior," as per LifeLong Medical Care. 

For further information, anyone with questions can call (855) 851-1278, which is a toll-free number. 

After being struck by a ransomware assault that revealed confidential patient information, Arizona-based Desert Wells Family Medicine was compelled to issue a similar letter to 35 000 patients. 

On May 21, Desert Wells Family Medicine learned it had been hit by ransomware and promptly engaged an incident response team to assist with the recovery. The incident was also reported to law enforcement. 

According to the healthcare institution, the ransomware gang "corrupted the data and patient electronic health records in Desert Wells' possession before May 21". After the malicious actors accessed the healthcare facility's database and backups, it was unrecoverable. 

Desert Wells Family Medicine stated in its letter, "This information in the involved patient electronic health records may have included patients' names in combination with their address, date of birth, Social Security number, driver's license number, patient account number, billing account number, health insurance plan member ID, medical record number, dates of service, provider names, and medical and clinical treatment information." 

The organization stated that it is presently reconstructing its patient electronic health record system and will provide free credit monitoring and identity theft prevention services to victims. 

"Patients should also check statements from their healthcare providers or health insurers and contact them right away if they notice any medical services they did not get," the letter continued. 

These recent assaults, according to Sascha Fahrbach, a cybersecurity evangelist at Fudo Security, indicate that the healthcare business, with its precious personal information, remains an enticing and profitable target for hackers and insiders. 

"There were more than 600 healthcare data breaches last year, with more than 22 million people affected, and unfortunately, this trend shows no sign of slowing down. Healthcare operators need to reassess their security posture, as well as shifting their mindset when it comes to safeguarding their data," Fahrbach added. 

"In particular, third parties remain a security liability which needs to be urgently addressed. Many in the healthcare industry are not taking the proper steps to mitigate third-party remote access and third-party vendor risk." 

After the Hive ransomware knocked down a hospital system in Ohio and West Virginia last month, the FBI issued a notice two weeks ago, adding that the gang frequently corrupts backups as well.

Hive has targeted at least 28 companies so far, including Memorial Health System, which was struck by ransomware on August 15.
Read more »
Indonesia
COVID-19 Covid-19 Vaccinations Data Breach Data Leaked Indonesia

Millions Of Indonesians Personal Information Leaked Over a Data Breach

 

In their COVID-19 test-and-trace application, Indonesia investigated a probable security vulnerability that left 1.3 million individuals' data and health status exposed. 

On Friday 3rd of September, following a week-long cyber-attack, PeduliLindungi became the country's second COVID-19 tracking app following eHAC to suffer a data breach. The PeduliLindungi leak has not been identified yet, but the eHAC violation has impacted 1.3 million users. These 2 data breaches occurred in succession within a week. 

The eHAC Data Breach 

According to a Health Ministery official, the government is suspecting its partner as the likely source of infringement in the eHAC app ( electronic health alert card), which has been disabled since July 02. 

The EHAC is a necessary prerequisite for travelers entering Indonesia, which was launched this year. It maintains the records of the health condition of users, personal information, contact information, COVID-19 test results, and many others. 

Researchers from the vpnMentor encryption provider who perform a web mapping operation have discovered a breach to detect unauthorized data stores with confidential material. 

On 22nd July, researchers informed Indonesia's Emergency Response Team and have revealed their conclusions. The Ministry of Communications and Information Technology published a statement on August 31, more than one month after the disclosure, which stated that the data violation would be investigated according to the Electronic Systems and Transactions Regulations of the country. 

Anas Ma'ruf, a health ministry official said, "The eHAC from the old version is different from the eHAC system that is a part of the new app”. "Right now, we're investigating this suspected breach". 

PeduliLindungi Leak

A data search function on the PeduliLindungi-application enables anybody to search for personal data and information on COVID-19 vaccination for Indonesians, including that from the president, Damar Juniarto, a privacy rights activist who also is the vice president of regional government relations at technology firm Gojek, as per a Twitter thread. 

Zurich-based cybersecurity analyst Marc Ruef has shared a screenshot with the President of a compromised COVID-19 vaccination certificate, as it includes his national identity number. However, Ruef did not specifically mention whether PeduliLindungi's data was disclosed. All this explicates that personal identification data and confidential information is scattered everywhere. 

While the Government admitted the breach of the eHAC data and presented a plan of action for the analysis and restoration of flaws, PeduliLindungi has been exonerated. 

The Ministery of Communications and Information Technology of the state, called Kominfo, states that the data on the president's NIK and vaccination records did not originate in the database of PeduliLindungi.

Experts claim such data violations highlight the inadequate cyber security architecture in Indonesia. In May, the officials also conducted a survey on the alleged violation by the state insurer of the country of social security data.
Read more »
Subscribe to: Posts (Atom)