Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hospitals. Show all posts
ransomware attacks
Cyber Attacks CyberCrime Cyberhackers Cybersecurity Cyberthreats Hospitals ransomware attacks

Cyberattack Impacts Georgia Hospital, Colorado Pathology Services

 


The number of hospitals that have been affected by ransomware, business email compromise, and other cyber threats is increasing across all sectors, from small community hospitals such as Memorial Hospital and Manor in Bainbridge, Georgia, to those with a large number of beds.  In his opening keynote address at the HIMSS Healthcare Cybersecurity Forum last week in Washington, D.C., Greg Garcia, executive director of the Health Sector Coordinating Council Cybersecurity Working Group, indicated that there is now an average of two data breaches conducted every day within the American health care system. 

People who work in hospitals and health systems are often targeted by cyber threat actors exploiting the basic vulnerabilities of their systems and taking advantage of the vulnerabilities. To illustrate these types of breaches, Kaiser Permanente, one of the country's largest health systems, said it had sent a notice Sunday to those in Southern California whose personal health data had been compromised as a result of unauthorized access to two email accounts of employees. 

The bad guys can also be skilled at exploiting their victim's vulnerability, with sophisticated social engineering techniques coupled with phishing attacks that focus on bots. As part of a cyber exploit, originally discovered earlier this month, Summit Pathology, an independent pathology service provider based in Colorado, had patient data associated with more than 1.8 million people exfiltrated from its system. 

In a report issued by Kaiser Permanente, it was reported that an unauthorised third party gained access to the email accounts of two employees and was able to view the health information of patients. As the U.S. grows and grows, ransomware, business email compromise, and other cyber threats are causing disruptions to care for millions of people across the nation, including small community hospitals such as Memorial Hospital and Manor in Bainbridge, Georgia, as well as the largest providers. 

A recent study conducted by the Health Sector Coordinating Council Cybersecurity Working Group found that the United States amounted to two data breaches per day on average, Greg Garcia, executive director of the ASHC Cybersecurity Working Group, said in his opening address at the HIMSS Healthcare Cybersecurity Forum, held in Washington, DC, last week. In many cases, cybercriminals target people who work in hospitals and health systems to exploit weaknesses in the system. A health system in Southern California posted a notice informing its members on Friday there was an issue about the security of health information that was discovered on September 3. 

A notice on the company's website advised that two of its employees' email accounts had been accessed by an unauthorized party, according to the notice. "Immediately following the discovery of this incident, Kaiser Permanente terminated the unauthorized access and immediately began investigating to determine the scope of the access." this statement was made by Kaiser Permanente. It was found that some protected health information about some patients were included in the email's contents after we validated them." 

According to the health system, although Social Security numbers and financial information were not involved, protected health information, such as first and last names, dates of birth, medical records numbers, and medical information, had the potential to be accessed and/or viewed by third parties. As part of Kaiser Permanente's maintenance of health system operations, affected individuals were contacted directly by the company, Kaiser Permanente said. There is evidence out there that on October 18, Summit Pathology of Loveland, Colorado, reported to the Department of HHS that there are 1,813,538, whose data had been breached in a hacking incident, in which their data has been compromised. 

 As outlined in the pathology services company's notice on its website, the impacted systems contained data such as names, addresses, medical billing and insurance information, certain medical information such as diagnosis, demographic information such as dates of birth, social security numbers, and financial information. There was an incident that occurred on or around April 18 when Summit announced it had noticed suspicious activity on its computer network and that it had taken the necessary steps to secure it, including contacting third parties to assist in the investigation. 

The affected healthcare entities have reported that they successfully identified files that unauthorized individuals may have accessed or acquired during the ransomware attack. In response to the incident, Summit conducted a thorough review of its internal policies and procedures. Following this review, they implemented additional administrative and technical safeguards to strengthen security and mitigate the risk of future attacks. 

On October 31, the Murphy Law Firm, based in Oklahoma City, stated its involvement in the case. The firm announced that it is pursuing a class action lawsuit and actively investigating claims related to the breach. According to Murphy Law Firm, Summit’s forensic investigation revealed that cybercriminals were able to infiltrate the organization's inadequately secured network, leading to unauthorized access to sensitive data files. The law firm is now seeking to hold Summit accountable for the potential data security lapses that may have enabled the breach.
Read more »
Technology
Data Privacy data security Healthcare Hospitals IT Technology

Complexity: Research Offers Solution for Healthcare Security Amid Rising Cyberattacks

Complexity: Research Offers Solution for Healthcare Security Amid Rising Cyberattacks

In May, Ascension, a healthcare provider with a network of 140 hospitals across the U.S., suffered a major cyber-attack that disrupted its clinical operations for almost a month. Experts traced the problem to a malicious ransomware that had exploited an employee's computer. 

Healthcare: Juicy Target for Criminals

Threat actors see healthcare systems as lucrative targets for cybercrime because they hold crucial financial, health, and personal data. A 2023 survey research in health and IT professionals revealed that 88% of organizations had suffered around 40% of attacks in the past year. 

Complexity: Flaw in IT System

One major flaw is the rise of complexity in IT systems, says Hüseyin Tanriverdi, associate professor of information, risk, and operations management at Texas McCombs. He believes it's due to years of mergers and acquisitions that have made large-scale multi-hospital systems. 

After mergers, healthcare providers don’t standardize their tech and security operations, which results in causing major complexity in the health systems- different IT systems, different care processes, and different command structures. 

But his new research shows complexity can also offer solutions to these issues. “A good kind of complexity,” Tanriverdi believes can support communication across different systems, governance structures, and care processes, and combat against cyber incidents.

Understanding the Complex vs. Complicated

The research team found two similar-sounding IT terms that link to the problem. In “complicatedness,” an abundance of elements interconnect in a system for sharing info in structured ways. Whereas “complexity” happens when many elements interconnect to share information in unstructured ways- integrating systems following a merger and acquisition. 

Tanrivedi believes complicated structures are better because they are structured, despite being difficult, one can control them. Such is not the case with complex systems as they are unstructured networks. He believes healthcare systems got more vulnerable as they got more complex, 29% were more likely to get hit than average. 

Solution for Better Healthcare Security

Complex systems offer hackers more data transfer points to attack, and a higher risk for human errors, making it a bigger problem.

The solution lies in following a centralized approach for handling the data. “With fewer access points and simplified and hardened cybersecurity controls, unauthorized parties are less likely to gain unauthorized access to patient data,” says Tanrivedi. “Technology reduces cybersecurity risks if it is organized and governed well.”

Read more »
Telecom Industry
Cyberattacks CyberCrime Cyberdata Hospitals Quantum Technology Technology Telecom Industry

European Telecom Industry at the Forefront of Quantum Technology Adoption

 


Even though quantum technologies may sound like something that is decades into the future, a new report released today shows that quantum technology has already come into being - especially in the telecommunications industry - even though most people still imagine something that is decades in the future. While the quantum technology sector has been stagnating for years in research institutions, commercial momentum has begun to gather in recent years. Many other applications for quantum tech are applicable today — as well as those that have been developed for quantum computing and its future promises. The quantum computing domain has been the focus of most of the developments, but there are many other uses for quantum technologies as well. 

There is a growing number of companies and startups across the globe that are commercializing quantum communications, including networks and forms of encryption. Europe also plays an important role in the development of this technology. Currently, 32% of the 100 quantum startups, scale-ups, and small and medium enterprises providing services to the telecom and telecom infrastructure sectors in the country are based in continental Europe. 

This is according to a report released today by Infinity, a branch of Quantum Delta NL that specializes in startup and ecosystem support. In addition to Germany, the Netherlands, France, Switzerland, and Spain, the UK and Ireland also have strong ecosystems with 14% each. There are also Approximately 50% of companies that serve as consumers of quantum technology located in continental Europe and 11 percent in the United Kingdom and Ireland. 

There are already more than 25 quantum networks in Europe today as of today. There are two quantum communications networks in the EU, which are being developed by Deutsche Telekom and two consortia named Petrus and Nostradamus. In London, BT and Toshiba Europe have launched a commercial quantum network, and in France, there is a commercial quantum network being built by BT and Toshiba Europe. In the Netherlands Organization for Applied Scientific Research (TNO), Quantum Lead Teun van der Veen says that telecom companies are becoming an important force in the adoption of quantum technology in real-world applications. 

 For them, integrating quantum into existing infrastructures is all about addressing the needs of the end users, so they are at the forefront of integrating quantum into existing infrastructures. To connect systems and transmit data securely, quantum networks take advantage of unique properties of quantum mechanics, such as superposition and entanglement, as a means of connecting systems and transacting data. Quantum channels can be used to transmit information, but they can also be used to be implemented over optical fibres, free-space optics, or satellite links for this to happen. Many scientists believe quantum networks and quantum encryption are virtually impossible to hack, and thus they will be one of the most secure forms of communication available now. 

Infinity's report states that such quantum-secure links can be used by data centres, satellites and rockets, military and government agencies, railroads, control centres, healthcare centres, hospitals, and many other sites, such as data centres, hospitals, health care centres as well as military and government entities.  Furthermore, quantum networks can also act as the basis for the creation of a global quantum internet, allowing quantum computers to be connected from different locations around the world. The cloud can also offer the possibility of "blind" quantum computing, which can maintain quantum operations' secrecy to those other than the user, allowing them to be used with ease.  

There is an increasing number of companies and governments exploring ways to secure their IT infrastructure and data in the age of global geopolitical tensions and looming cybersecurity threats. It is perhaps unsurprising then that Infinity's report concludes that Quantum Key Distribution (QKD) is the most widely used quantum technology in the telecommunications industry as a result of its popularity. By utilizing quantum mechanics, quantum key distribution (QKD) is an encryption and decryption method which is used by parties to generate a private key which can be used only by them. 

A recent report highlights the advances of European telecom companies in adopting quantum technology, with one notable example being the Delft-based communications security startup, Q*Bird. The company recently secured €2.5 million to advance the development of its Quantum Key Distribution (QKD) product, Falqon, which is currently being trialled at the Port of Rotterdam, the largest port in Europe. Ingrid Romijn, co-founder and CEO of Q*Bird, emphasized the growing interest in quantum communications solutions within the European Union's digital infrastructure. "Together with partners like Cisco, Eurofiber, Intermax, Single Quantum, Portbase, and InnovationQuarter, Q*Bird is already testing quantum-secure communications in the Port of Rotterdam using our novel quantum cryptography (QKD) technology," Romijn stated.

She further remarked that moving forward, more industries and companies could implement scalable solutions to protect data communications by leveraging next-generation QKD technology. Another technology drawing attention is post-quantum cryptography (PQC). While the anticipated "Q-day" – the day when a quantum computer potentially compromises current internet security – is still some time away, many classical cryptography methods will soon be vulnerable to hacking by sufficiently powerful quantum computers. 

PQC algorithms are designed to withstand both classical and quantum attacks. Other quantum technologies with potential applications in the telecom industry include quantum sensors, clocks, simulations, random number generation, and quantum computing. Despite increasing market interest, the report identifies that Europe's quantum technology startups require more support and investment to achieve significant technical and market breakthroughs. Presently, only 42% of quantum tech startups for telecom worldwide have external funding, collectively raising a total of €1.9 billion. Although the European Union has demonstrated a forward-thinking approach, exemplified by the Deutsche Telekom network project, the United States remains ahead in private sector activity and investment. Challenges include raising awareness among business leaders, expanding the skilled workforce, overcoming technical limitations, and building a stronger business narrative. 

These obstacles can be partially addressed through regulatory standardization, increased industry collaboration, and more early-stage support and investment for startups. Key market opportunities for the quantum communications sector lie in government bodies, including military and security services, financial institutions, critical infrastructure departments, and companies in the energy, defence, space, and technology sectors. Pavel Kalinin, Operations and Platforms Lead at Infinity, commented on the growing collaboration between enterprises and startups in telecom. "This signals the industry’s commitment to integrating quantum solutions into commercial applications. Successful implementation of such technologies will depend on coordinated efforts to prepare the workforce, facilitate collaborations, and set industry benchmarks and standards," Kalinin stated.
Read more »
Ransomware attack
Cyber Attacks data security Healthcare Breach Hospitals Ransomware attack

UnitedHealth Group Cyberattack Fallout: Government Intervention and Industry Critique

 

In a recent cybersecurity incident, UnitedHealth Group revealed that its tech unit, Change Healthcare, fell victim to a cyberattack orchestrated by the infamous ransomware gang, Blackcat. The attack, which disrupted healthcare organizations nationwide, targeted electronic pharmacy refills and insurance transactions, prompting urgent responses from both the affected healthcare provider and the U.S. government. 

The attack prompted the U.S. government to announce accelerated Medicaid and Medicare payments to healthcare units impacted by the cyberattack against Change Healthcare. However, this response drew criticism from industry associations such as the American Hospital Association and the American Medical Association. 

The latter expressed concerns that the measures did not adequately protect individual practices and called for more comprehensive financial assistance, including advanced payments for physicians. Facing cash flow concerns resulting from the inability to receive payments for insurance claims, the American Medical Association urged the Department of Health and Human Services to reintroduce widespread accelerated payments, a practice prevalent during the Covid years. 

Hospitals were encouraged to submit payment requests to their healthcare contractors, seeking relief from the financial strain caused by the cyberattack fallout. Change Healthcare responded to the crisis by introducing a new service to help healthcare providers navigate the outage. This online prescription service aims to provide temporary assistance while the company works to restore its pharmacy network, a process expected to take weeks. 

Despite these efforts, the American Hospital Association criticized Change Healthcare's response, with its president and chief executive describing the temporary assistance program as "not even a band-aid" for the problems caused by the cyberattack. The incident highlights the increasing cybersecurity threats faced by the healthcare industry and the ripple effects of such attacks on critical services. 

As healthcare providers grapple with the immediate fallout, the collaboration between the government, industry stakeholders, and affected organizations becomes crucial in addressing both the short-term challenges and implementing long-term cybersecurity resilience measures. 

In conclusion, the UnitedHealth Group cyberattack serves as a stark reminder of the vulnerability of healthcare systems to malicious cyber activities. The ongoing efforts to mitigate the impact, coupled with the industry's critique of the government's response and Change Healthcare's actions, underscore the need for a unified and proactive approach to cybersecurity in the healthcare sector.
Read more »
Websites
Attack Blackcat hackers Change Healthcare critical infrastructure providers Data Breach digital decryption keys Extortion Hospitals International law enforcement seizure Websites

Notorious Hacker Group Strikes US Pharmacies

In December, international law enforcement targeted a gang, leading to the seizure of various websites and digital decryption keys, as reported by Reuters. In response to this crackdown, the Blackcat hackers threatened to extort critical infrastructure providers and hospitals.

A recent attack on Change Healthcare, resulting in its parent company UnitedHealth Group disconnecting its systems to prevent further impact, has caused disruptions in prescription insurance claims, according to the American Pharmacists Association. This outage, which has persisted through Tuesday, is attributed to a notorious hacker group, as per a new report.

The outage at Change Healthcare, which handles payment management for UnitedHealth Group, was caused by a ransomware attack by hackers associated with Blackcat, also known as ALPHV, according to Reuters, citing anonymous sources. Blackcat has been involved in several recent high-profile data breaches, including attacks on Reddit, Caesars Entertainment, and MGM Resorts.

As a result of the breach, pharmacies nationwide are facing significant delays in processing customer prescriptions. Change Healthcare stated they are actively working to restore the affected environment and ensure system security.

UnitedHealth Group mentioned that most pharmacies have implemented workarounds to mitigate the impact of the outage on claim processing. The company expressed confidence that other data systems in its healthcare portfolio were unaffected by the breach.

While last week's breach was suspected to be "nation-state-associated," according to an SEC filing by UnitedHealth, it's uncertain if the group responsible was sponsored by foreign actors. Cybersecurity firms Mandiant and Palo Alto Networks, appointed by UnitedHealth, will lead the investigation into the breach.
Read more »
Ransomware
Cyber Attacks Cyber Crime Healthcare Security Hospitals Ransomware

Cancer Hospital Suffers Ransomware Attack, Hackers Threaten to Swat Patients

Harm patients if the medical facilities don't pay

Extortionists are now threatening to harm hospital patients if the medical facilities don't pay the thieves' ransom demands. They do this by reporting bomb threats or other fictitious reports to the police, causing heavily armed police to come up at victims' houses.

Criminals vowed to turn on the patients directly after breaking into the IT system of Seattle's Fred Hutchinson Cancer Center in November and taking medical documents, including Social Security numbers, diagnoses, and lab results.


Understanding the reasons

The idea seems to be that the US hospital will be under pressure to pay up and stop the extortion because of those patients and the media coverage of any swatting. Similar tactics are used by other groups targeting IT service providers: in addition to extorting the suppliers, they often threaten or harass the customers of those companies.

"Fred Hutchinson Cancer Center was aware of cyber criminals issuing swatting threats and immediately notified the FBI and Seattle police, who notified the local police," a representative said. "The FBI, as part of its investigation into the cybersecurity incident, also investigated these threats."

The cancer center refuses to respond to further questions regarding the threats. The center has more than ten clinics in the Puget Sound region of Washington.

Patients were informed last month about a similar "cyber event" by Integris Health, another Oklahoman health network that runs a network of 43 clinics and 15 hospitals. During this incident, hackers may have gained access to personal information. Some of these individuals later complained that they received emails from unscrupulous people threatening to sell their personal information on the dark web.

What next?

"As we work with third-party specialists to investigate this matter and determine the scope of affected data and to whom that data relates, we are providing the latest information for patients and the public here," the spokesman for Integris said.

Some corporate types may not find these types of boilerplate responses to be as comforting as they seem. Concerning concerns are raised about how far thieves may go to obtain stolen goods in light of this most recent swatting threat.

According to Emsisoft threat analyst Brett Callow, "ransoms have been allowed to reach lottery jackpot levels, and the predictable upshot is that people are willing to use more and more extreme measures to collect a payout," The Register said.

The security shop demanded earlier this week that ransom payments be outlawed entirely, pointing out that extortion methods were evolving and now included swatting threats.

Read more »
Hospitals
Ardent Health Service Cyber Attacks Cyber Hackers Cyber Siege. Ransomaware Cyber Threats CyberCrime Cybersecurity Emergency Hospital Health Operator Hospitals

Emergency Rooms Hit by Cyber Siege: Patient Diversions Spread Across Three States

 


During the recent ransomware attack on one of the hospitals in the chain of 30 that operates in six states, patients from some of its ERs will be diverted to other hospitals over the coming weeks, while some elective surgeries will be postponed. 

Ardent Health Services owns or partially owns all of the hospitals affected by this scandal, as well as other hospitals in at least five states. The company is based in Tennessee and owns more than twenty dozen hospitals in at least that number of states. 

As of now, several hospitals in East Texas are unable to accept ambulances from other hospitals, along with an Albuquerque hospital that has 263 beds; one hospital in Montclair, New Jersey that has 365 beds; and another hospital network in East Texas that serves thousands of patients each year. 

There is no doubt that the Coronavirus pandemic has been marked by disruptions to healthcare services that are caused by ransomware, which secures computers for hackers to demand a fee in return for unlocking them.

Cybercrime firm Recorded Future, which specialises in cyber security, reports that hospitals are now being targeted - and demands for extortion payments are being made. There have been at least 300 documented ransomware attacks on healthcare facilities every year since 2020, according to an NBC report based on an interview with Ransomware analyst Allan Liska in June. 

An attack that occurred at St Margaret's Health in Spring Valley, Illinois, in June forced the facility to close, in part due to its poorly planned security measures. The Ardent health operator has been identified as the largest health operator to have been hit by this strike so far. NBC reports that although there has not been any case of patients dying as a result of an attack, studies have confirmed that ransomware attack on hospitals is linked to an increase in mortality rates, despite the lack of cases of patients dying as a result of an attack. 

There was no change in the perception of patient care in Ardent's hospital, emergency room, and clinic as the company that started as a psychiatric hospital continued to deliver care "safely and effectively." Despite that, the company also announced that because of the "obvious precautions", some non-emergent, elective procedures have been rescheduled and some emergency room patients have been diverted to hospitals in the area until the systems are back up and running. 

According to Ardent Health Services, the disruption was caused by a ransomware attack and the organization has informed its patients that some emergency room patients have been transferred to other hospitals until the systems are restored. As a result, some non-emergency surgeries had to be rescheduled by hospital facilities. 

Ardent spokesperson Will Roberts told us on Tuesday afternoon that more than half of Ardent's 25 emergency rooms had reopened their doors to accepting ambulances or were fully lifting their “divert” status. In a divert situation, ambulance services are asked to transport emergency patients to nearby hospitals when they need emergency care.

During flu seasons, COVID-19 surges, natural disasters, and large trauma events, hospitals nationwide have used divert status. Roberts said hospitals have used divert status at times. It has been reported that at least 35 Ransomware attacks have disrupted the operations of healthcare providers this year, according to Brett Callow, a cybersecurity analyst at Emsisoft. 

As the cybersecurity company starts to catch more and more infections, it is expected that the number of attacks will increase. In most cases, hackers can commit attacks during holidays when they believe that there are fewer security guards available to protect them. Several law enforcement agencies, including the FBI, are advising victims of ransomware attacks not to agree to ransom demands. 

The emergency rooms at several hospital chains in Oklahoma, New Mexico, and Texas were transferring patients to other hospitals as a result of several hospital transfers. There has been an attack on the computer programs of Ardent that track patients' healthcare records, among others. According to Ardent's statement, the ransomware has taken the company's network offline. 

In addition to reporting the matter to law enforcement and consulting third parties on forensics and threat intelligence, the company also retained an independent forensic and threat intelligence team to handle the matter. The fact that hackers have consistently targeted hospital chains has been one of the major indicators that a growing trend of cybercrime has gained momentum in 2019. 

According to several studies, a significant correlation indeed exists between ransomware attacks on hospitals and increased mortality rates, yet there are no cases that have yet been proven to occur in which a ransomware attack has killed a patient in a healthcare facility. Some medical professionals, however, disagree and believe the cause of death is purely coincidental.
Read more »
Hospitals
California Coronavirus Cyber Attacks CyberCrime data security Healthcare Hospitals

Multi-State Cyberattack Disrupts Health Care Services in Multiple States

 


One of the California organizations faced a cyberattack this week which resulted in some services being shut down at affiliated locations and some patients having to rely solely on paper records. The cyberattack disrupted hospital computer systems in several states on Friday, some emergency rooms were closed and ambulances diverted. Most primary care services remained closed, while security experts investigated that the damage was extensive. 

It was reported Thursday that a "data security incident" had taken place at Prospect Medical Holdings' facilities in this state as well as in Texas, Connecticut, Rhode Island, and Pennsylvania. These facilities are owned and operated by Prospect Medical Holdings, based in Los Angeles. Prospect Medical Holdings is based in Connecticut and operates 16 hospitals and more than 165 clinics and outpatient centres across Connecticut, Pennsylvania, Rhode Island and Southern California. Prospect Medical spokesperson was unable to provide an estimate regarding when services will resume on Saturday. At the moment, there is no indication of the number of sites affected by this system. 

As of now, the company has seven hospitals in California's Los Angeles and Orange counties. Prospect's website says the company has two behavioural health facilities and a 130-bed acute care hospital in Los Angeles. 

Connecticut hospitals, including Manchester Memorial, Rockville General and Thornwood Hospital, closed their emergency departments from Thursday morning to evening. Patients were transferred between nearby facilities. Connecticut's FBI has issued a statement stating that it is working with "all the law enforcement agencies in the state as well as the victims' entities" but was unable to go into further detail regarding the investigation in progress. 

In addition to elective surgeries and outpatient appointments, blood drives and other services, the Eastern Connecticut Health Network, which operates the facilities, also announced that many primary care services were closed on Friday. While the emergency departments reopened late Thursday, many primary care services were also shut. Upon looking at the website for this network, the website indicates that all patients have been contacted individually. 

There were ongoing technical difficulties on Eastern Connecticut Health Network's website on Saturday night, which, among other things, caused the closure of its services like outpatient medical imaging, outpatient blood draw, and others, as it is a part of the Prospect health system. In a report published by the Hartford Courant on Thursday, two hospitals that are part of the network had to divert patients from their emergency rooms.   

As hospitals digitize and upgrade their medical records to cloud-based servers, ransomware is becoming a more common form of attack, including attacks on healthcare systems. The American Hospital Association's cybersecurity adviser, John Riggi, said that cyberattacks on hospitals have become increasingly common over the past few years. 

It has been reported that Waterbury Hospital, in Waterbury, Conn., has been experiencing disruptions throughout the afternoon and evening. Furthermore, the hospital said some of its outpatient imaging, as well as outpatient surgery services, had been unavailable on Friday and Saturday as well. The company said that it will be using paper records from now on. 

On February 24, 2022, One Brooklyn Health, a hospital group that delivers health care to low-income neighbourhoods in New York, was a victim of a cyberattack that forced hospital employees to use paper records to keep track of patient information. The employees at the time of the attack said that they were a little behind on learning the new system, given that most hospitals have been using electronic records since the mid-1990s, and that some diagnostic tests were taking longer to return due to the attack.

NBC reported that commonSpirit Health, which operates over 140 hospitals and more than 700 care sites across the country, was hit by a cyberattack last year, which resulted in cancelled surgeries, cancelled doctor's appointments, and other delays in the delivery of care. In 2020, Russian hackers launched a ransomware attack against United Health Services, which is affiliated with over 400 hospitals, making it one of the largest attacks of its kind in history and one of the largest attacks in the history of cybercrime. 

Despite these alarming facts, the incident clearly illustrates the vulnerability of healthcare systems to cyberattacks. Critical services are being disrupted across several states as a result. Due to the need for robust cybersecurity measures being urgently needed, the reliance on paper records is an indication of the need. 

As a result of the outbreak of the pandemic, the healthcare sector has been exposed to an increased level of cyber threats. Keeping the data of our patients secure and ensuring the uninterrupted delivery of care in a world that is becoming more interconnected is a vital task of healthcare providers and technology partners working together.
Read more »
Technology
COVID-19 Data collection Doctors EMR Hospital Information System Hospitals National Digital Health Mission National Health Stack NITI Aayog Technology

Realising the Potential of EMR Systems in Indian Healthcare

 


A hospital electronic medical record (EMR) serves as a tool for managing hospital orders, handling hospital workflows, and securing healthcare information from unauthorized access. It strives to improve the healthcare delivery process by reducing healthcare costs, optimizing profits, and improving patient outcomes. 

Electronic medical records (EMRs) are individual medical records stored electronically. Medical information is stored in a variety of ways in an EMR. The data set includes a wide range of medical information, including medical history, prescriptions, allergies to drugs, hospital bills, etc. 

A paper-based system is currently in use, which is insufficient and ineffective, requires a lot of maintenance, and is inefficient. In contrast, it has several advantages over EMR, such as its portability, collaboration, and ease of data recovery. 

Doctors can make more efficient healthcare decisions with an EMR because it facilitates their decision-making process. The use of EMRs also enables healthcare providers to collect, maintain, and easily retrieve patient medical records through hospital information systems (HIS), which are web-based applications. EMRs not only assist in managing healthcare data, but they also help in managing hospital orders, managing hospital workflows, and securing medical records. All the processes involved in the delivery of healthcare are optimized to reduce costs and maximize profits for the benefit of the patient. 

The electronic medical record (EMR) market in India is experiencing demand growth driven by several factors, increasing demand for EMRs. As chronic diseases are becoming more prevalent, it is becoming increasingly important to provide high-quality, cost-effective healthcare services to meet the increasing demand. 

Further, the Indian government is encouraging the adoption of electronic medical records (EMRs) through initiatives such as the National Digital Health Mission, which is promoting digital initiatives in the healthcare sector. Fortis Healthcare's 2022 annual report indicates that the implementation of Electronic Medical Records (EMR) has played a significant role in the company's digital transformation efforts and has contributed substantially to its growth in online revenue as a result of digital transformation efforts. 

As the report indicated, online revenue was up by 48% in the second quarter of 2022. This was a result of digital channels' increased adoption. With digital channels, the company may be able to offer more comprehensive healthcare services and increase revenue streams. This is done by automating patient records and providing real-time access to data.  

The National Digital Health Blueprint (NDHB), which was proposed in 2019, intends to set up a system for building and managing the necessary infrastructure and data for the seamless exchange of health data, as well as promote the adoption of open standards and develop several digital health solutions encompassing wellness as well as disease prevention. Interesting to note is that in addition to using existing information systems within the health sector, the NDHB also seeks to unlock new ones from within.

Today, thanks to artificial intelligence and high-end data, healthcare experts and clinicians in India are becoming increasingly aware of the potential of these technologies. Despite this, radiology, billing, or registration will be the only areas where standardized electronic health records are being implemented.  

Doctors can benefit from EMR over traditional note-taking, with enhanced patient care, a reduction in paperwork, and easier access to patient information. Furthermore, it facilitates better coordination between healthcare providers across a wide variety of healthcare settings. Let's take a look at some of the factors that are driving the growth of the Indian economy. 

EMR Implementation in India is Primarily Driven by the Following Factors 

A key driver of electronic medical records adoption in India is a desire to reduce costs. By reducing paper, storage, personnel, and software expenses for medical records, EMR systems can save employers considerable amounts of money. 

EMRs offer many other benefits to the patient, including improved patient care as one of them. As a consequence, physicians can access vital medical information quickly about a patient, such as allergies, medications, and past health history. They are better able to make informed decisions when treating the patient. 

A healthcare provider can ensure the safety and confidentiality of patient data by implementing an EMR system. It is considered that EMRs are more secure than paper databases because they restrict access to only those licensed to view information. The result is that there is a reduced risk of sensitive patient information being accessed by unauthorized persons. 

Healthcare providers can take advantage of the benefits offered by EMRs by increasing their efficiency. The ease of access to digital patient information and the availability to make updates leads to improved patient care as well as fewer delays. 

The National Data Protection Act, which has been recently enacted in India, is one of the rules and regulations that regulate medical data. As long as healthcare providers can comply with the seven principles of the Data Protection Act, they can meet these regulations. They will also be able to ensure compliance with these regulations through EMR.

A top EMR software package will also enable patients to engage in their care in a more meaningful way. A patient's medical records can be accessed, their care and treatments can be reviewed, and they can take an active part in their care by accessing their records. 

As a result of all these factors, the use of Electronic Medical Records has mushroomed in India over the past decade. EMR systems will be adopted by a larger number of healthcare providers in the future. 

Only a few hospitals and clinics have successfully implemented electronic medical records (EMRs) in India, a country where technology is still in its infancy. As awareness about the benefits of EMR software grows in India, it is expected that more and more facilities will start using this system in their facilities as part of their standard of care. 

In the past few years, the Indian healthcare market has seen an increase in hospital admissions and patient visits as a result of the COVID-19 pandemic. As per a report by the Ministry of Health and Family Welfare, Government of India, in 2022, the number of admissions to hospitals will reach 2.92 lacks, with 5,010 admissions for patients staying in hospitals inside. 

There has also been an increase in the need for electronic medical records (EMRs) in the country due to this increase in the demand for healthcare services in the country. No doubt keeping accurate and up-to-date medical records has become even more imperative with more and more patients seeking medical care. A health records management system is a system designed to keep track of the health records of their patients, enabling them to make informed decisions and deliver better healthcare to their patients. 

There is a revolutionary digital framework proposed by the National Institution for Transforming India (NITI Aayog), which aims to create digital health records for all Indian citizens by the year 2022 following the introduction of the "National Health Stack". As part of the National Health Stack initiative, the purpose of creating a unified system is to collect, manage, and share EMRs among actors and stakeholders in the Indian healthcare sector. 

Efforts like these are expected to increase the amount of EMR users in India and accelerate the market's growth in the coming years. Using this technology will ensure the promotion and enhancement of innovation in healthcare, as well as enhance patient access and outcomes. A significant step that China is taking towards improving the health care services provided in the country is the launch of the National Health Stack. 

To improve the delivery of healthcare in all areas of the country, the Indian government has actively promoted the adoption of digital health technologies, including electronic medical record (EMR) systems. A national health and safety network, also known as the NHS, was launched in 2018 as part of a government initiative to build an ecosystem of digital health services. This was to support healthcare delivery. 

A core building block of an NHS program is the development of a unique health ID as well as health registries that will form the foundation of it. A common digital healthcare infrastructure can be created across the country, using these block-level building blocks. Also, the government has launched a scheme called Ayushman Bharat, which aims to provide free medical assistance to all vulnerable populations up to a certain level as a measure of protecting them.
Read more »
Mountain View Hospital Attacks
Cyber Attacks Cyberattacks FBI Hospitals Idoha Falls Mountain View Hospital Attacks

Mountain View Hospital Restores Operations, Two Weeks Following the Cyberattack


Two weeks following a cyberattack on May 29, Idoha Falls’ Mountain View Hospital is apparently still running in order to resolve their issue.

Even while it has been difficult for staff to deal with the situation and for people to make appointments, there is some relief in sight.

The hospital has resorted to work with full force, and is no longer diverting their ambulances back from the emergency rooms. According to the hospital spokesperson Briam Ziel, they are now “working directly with EMS on a case-by-case basis to determine which patients are appropriate to bring to the hospital.”

“Our emergency room remains open and our team is ready to treat community members who come to us directly for care,” he added. Ziel also mentioned that the hospital is now accepting patient transfers from fellow hospitals to their ICU, pediatric and intermediate care floors./ While the Mountain View Redicare clinic is still temporarily shut, it is set to reopen, “in the coming days,” notes Ziel.

Moreover, the Teton Cancer Institute has ‘restored certain key operations,’ the hospital did not yet clarity what those were particularly.

“We are pleased to share that, due to the hard work of our team, Teton Cancer Institute was able to restore certain operations to continue caring for more of their patients each day[…]We continue providing care, including radiation therapy and chemotherapy treatments, to patients,” Ziel said.

When will the Situations be Normal? 

The hospital did not yet confirm as to when their operations and works with its partners be back to normal.

Since the cyberattack disrupted the hospital's routine activities, patients like Monica Layton and her husband have experienced difficulties. At Mountain View's Pain & Spine Specialists, Layton's husband visits a pain specialist.

Apparently the patient was scheduled for his monthly re-checkups. However following the cyberattack, the hospital’s text reminders were out of services, because of which Layton did not receive a reminder for the check-ups that were followed. Once they realized what transpired, they immediately contacted the hospital to get the scheduled, but were unable to.

Although, the hospital could not provide a timelines as to when the issue will be resolved, Ziel cofirmed that, “we are committed to keeping our community updated. We are working as quickly and safely as possible to bring all our departments across our facilities to full operational capacity.”

The hospital has also sought help from the FBI on the matter. While the FBI did acknowledge the incident, they decline any further comment.

When asked about a follow-up, Ziel said, “the investigation is ongoing and in its early stages. To ensure the integrity of the investigation, we are not able to provide additional details at this time.”  

Read more »
User Privacy
Exposed Patient Records Hospitals malware Patient Info ransomware attacks U.S. US Hospital User Information User Privacy

Ransomware Attacks on U.S. Hospitals Causing Deaths

Every day we are witnessing ransomware attacks, and companies worldwide are investing millions to protect their network and systems from digital attacks, however, it is getting increasingly challenging to fight against cyber threats because cyber attackers do not only use traditional methods, they are also inventing advance technologies to fortify their attacks.

Hospitals and clinics are a top target of malicious attackers since reports suggest that the annual number of ransomware attacks against U.S. hospitals has virtually doubled from 2016 to 2021 and is likely to rise in the future given its pace, according to what JAMA Health Forum said in its recent research. 

As per the report, the security breaches exploited the sensitive information of an estimated 42 million patients. “It does seem like ransomware actors have recognized that health care is a sector that has a lot of money and they're willing to pay up to try to resume health care delivery, so it seems to be an area that they're targeting more and more,” lead researcher Hannah Neprash said. 

JAMA Health Forum conducted research over five years on U.S. medical facilities, in which they have discovered that the attackers exposed a large volume of personal health data over time and in coming years the attacks will increase by large.

According to Neprash’s database, clinics were targeted in 58% of attacks, followed by hospitals (22%), outpatient surgical centers (15%), mental health facilities (14%), and dental offices (12%). 

Threat actors exploit open security vulnerabilities by infecting a PC or a network with a phishing attack, or malicious websites and asking for a ransom to be paid. Unlike other cyber attacks, the goal of malicious actors, here, is to disrupt operations rather than to steal data. 

However, it becomes a great threat because it can jeopardize patient outcomes when health organizations are targeted. 

In 2019, a baby died during a ransomware attack at Springhill Medical Center in Mobile, Ala. As per the data, 44% of the attacks disrupted care delivery, sometimes by more than a month. 

“We found that along a number of dimensions, ransomware attacks are getting more severe. It's not a good news story. This is a scary thing for health care providers and patients,” Neprash added. 

Ponemon Institute, an information technology research group published its report in September 2021, in which they found out that one out of four healthcare delivery organizations reported that ransomware attacks are responsible for an increase in deaths. 

“Health care organizations need to think about and drill on — that is practice — these back-up processes and systems, the old-school ways of getting out information and communicating with each other. Unfortunately, that cyber event will happen at one point or another and it will be chaos unless there is a plan,” said Lee Kim, senior principal of cybersecurity and privacy with the Healthcare Information and Management Systems Society, in Chicago.
Read more »
Hospitals
Company Safety Council Cyber Security Hospitals

UK Councils and Hospitals Have Weak Cyber Security, Prone to Cyber Attacks

Weak Cybersecurity Spending

A cybersecurity investigation at UK public services disclosed huge inconsistencies in defense expenditure, hundreds of flaws in websites, and staff e-mail IDs and passwords. All these have been found at one council, and the full details have been posted online. 

The ITV News investigation revealed that a UK council spent a mere amount of €32,000 yearly on its cybersecurity budget. When compared to another council, a relatively smaller one- it had an annual cybersecurity budget of €1m, 30 times more. 

What are the findings

The investigation also disclosed that a hospital had just €10,000 per year for cybersecurity. The investigation hasn't disclosed the names of the public institutions. 

“Realistic funding, along with the right strategies, is vital to safeguard employees and members of the public. Public sector organizations must take steps to not only raise awareness of new and emerging cyber threats but also provide effective security training and support." 

By equipping and empowering employees with the knowledge and know-how to spot and avoid attacks, the UK’s local authorities will be able to remain one step ahead. This isn’t just about technical defenses; it’s about supporting people in their day-to-day lives," said Oz Alashe, CEO and founder CybSafe. 

 According to ITV News, the problems that cyber-attacks have caused are: 

  • Overpriced tax bills 
  • Hospital operations canceled 
  • Incorrect benefit payments 
  • People were forced to vacate their residence 
  • House sales falling 
  • Can't apply for council housing 
  • Private data leaked online 
  • Council houses repair is not done 

The investigation mentioned that experts informed ITV News of their concerns about the lack of understanding and standards for public services related to cybersecurity. In 2021, Gloucester City Council's servers were attacked by Russian threat actors. 

In June, the IT systems of the city council weren't functioning. The authorities had kept €380,000 for fixing and recovering from the incident. In October 2021, the UK council was attacked, leading to 33,645 data breach attacks that happened due to human error in the last five years, the officials say. 

According to InfoSecurity "the data, obtained following a Freedom of Information (FoI) request sent by VPNOverview to 103 county councils in the UK, broke down the number of breaches suffered by each body. The local authority with the worst record for human-caused data breaches was Hampshire County Council, with 3759 incidents since 2016. This included 902 breaches in the year 2018/19. Gloucestershire County Council had the next worst record, suffering 2723 breaches in this period. It also experienced the largest increase from 2016/17 (90) to 2020/21 (1004) of any UK council, a rise of 1016%."

Read more »
Subscribe to: Posts (Atom)