Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Saturday, July 22, 2017

Weekly Overseas Health IT Links – 22nd July, 2017.

Note: Each link is followed by a title and few paragraphs. For the full article click on the link above title of the article. Note also that full access to some links may require site registration or subscription payment.
-----

Mayo Clinic Health System begins $1.5B EHR rollout, moving from Cerner, GE, to Epic system

by Matt Kuhrt 
Jul 14, 2017 10:10am
The Mayo Clinic's $1.5 billion EHR implementation involves technology upgrades and a move to Epic.
The Mayo Clinic has launched its $1.5 billion electronic health records system overhaul, an upgrade that will touch 51,000 employees across the country.
Mayo’s Wisconsin operations began the clinic’s phased consolidation to Epic's EHR from its previous combination of Cerner and General Electric systems. The move extends Epic’s hefty market reach among large healthcare systems, even as the company sets its sights on smaller practices and rural hospitals.
-----

7 ways to improve patient access to medical records

Jul 14, 2017 10:03am
Patients often face hurdles when trying to acquire their medical records, according to a new report.
Patients and caregivers often have a hard time getting access to medical records when they switch doctors or are in the midst of a health crisis, according to a new government report.
Patients are often unaware of the appropriate channels for obtaining their records, and are often in a hurry when they do need them, the Department of Health and Human Services Office of the National Coordinator for Health IT found (PDF).
-----
Errors in Opioid Prescribing for Adult Outpatients Common
Errors in 89 percent of handwritten prescriptions, 0 percent of EHR-computer generated prescriptions
THURSDAY, July 13, 2017 (HealthDay News) -- For adults receiving opioid medication prescriptions, errors are common, and most often occur on handwritten prescriptions, according to research published recently in the Journal of Opioid Management.
Mark C. Bicket, M.D., from the Johns Hopkins University School of Medicine in Baltimore, and colleagues conducted a retrospective review of opioid prescriptions processed at an outpatient pharmacy. They examined 510 consecutive opioid medication prescriptions for adult patients processed in June 2016.
The researchers found that oxycodone was the most commonly prescribed opioid (71 percent), which was not usually combined with acetaminophen. Ninety-two percent of the sample was prescribed tablet formulation, averaging 57 pills. For 42 percent of prescriptions there was at least one error. Nine percent of prescriptions deviated from best practice guidelines, 21 percent did not include two patient identifiers, and 41 percent were not compliant with the Drug Enforcement Agency rules.
-----

Study: Use of EHR-based Clinical Support Tools Improves Concussion Diagnosis

July 13, 2017
by Heather Landi
A study from Children's Hospital of Philadelphia (CHOP) and the Centers for Disease Control and Prevention (CDC) has demonstrated the utility and effectiveness of electronic health record (EHR)-based clinical decision support tools to improve clinician behaviors around concussion diagnosis.
As reported in Clinical Pediatrics, the provision of the tools, coupled with in-person training led to an 85 percent increase in clinicians documenting a vestibular oculomotor exam and a 129 percent increase in their reporting return-to-learn and return-to-play guidelines discussion with patient families, two recommended concussion management strategies.
During the study period, July 1, 2010 to June 30, 2014, researchers identified and followed 14,527 concussion-related primary care office visits for 7,284 unique patients, mostly between the ages of 5 to 19 years old. “EHR-based clinical support tools have the potential to facilitate structured screening and diagnostic assessments, as well as enable systematic documentation across a broad healthcare network,” the researchers wrote.
-----

White House group mulls future of health IT

Published July 14 2017, 3:51pm EDT
In May, a group of federal officials from several agencies released a draft framework describing an idealized future for health information technology, and highlighting where research and development gaps may exist.
The framework came from the Networking and Information Technology Research and Development Program (NITRD), which is an agency under the White House. It included a comment period to solicit input from the healthcare industry.
The importance of this framework cannot be overstated, says Doug Fridsma, president and CEO at the American Medical Informatics Association. “This document is an important signal that the government understands it has a role to play in the ongoing evolution of health IT.”

HIT Think How cloud-based platforms can advance public health research

Published July 14 2017, 4:07pm EDT
Technology is bringing disruptive changes to the way clinical trials are organized today—from the electronic capture of patient data to real-time transmission of collected data.
This evolution in clinical trials is exemplified at the Johns Hopkins Center for Global health, which creates solutions for public health problems around the world. Johns Hopkins executives knew it could use technology to harness the expertise and experience of its dedicated health and medical professionals to drive clinical trials at a global level and address a variety of public health challenges.
The biggest challenge, however, was to create an ecosystem that would enable it to transcend all barriers of disciplines, languages, countries, governments, regulations and more, so it could take a data-driven approach to understanding the various complexities influencing public health.
-----

Patient access to medical records continues to be challenging

Published July 13 2017, 7:16am EDT
Although electronic health records are widely used by providers, patients continue to face challenges in accessing their healthcare information, according to a new study funded by the Office of the National Coordinator for Health IT.
Under the HIPAA Privacy Rule, consumers have the right to inspect, review and receive a copy of their medical records. However, according to ONC, the medical record request process can be confusing for patients to navigate, and the process is not often available electronically.
“Patient portals may not include all the information patients need—and what’s there may be inaccurate or incomplete,” concludes the report. “And often, health data can’t be shared electronically or transferred to other healthcare providers.”
-----

ONC shares human-centered design tips to streamline patient medical record requests

The Office of the National Coordinator for Health IT outlined several actionable steps that hospitals and doctors can take today to improve the process of requesting medical data to the benefit of both patients and providers.
July 12, 2017 12:55 PM
Despite more medical data being stored in EHRs than ever before, patients and caregivers still are struggling to access that information when and how they need it.
“I don’t think patients would say they have free access to the data,” Donald Rucker, MD, head of the Office of the National Coordinator for Health IT said in a press call on Tuesday. “It’s patchy, and I think we can do better with today’s computer science.”
To that end, ONC called for human-centered design methods to improve the process.
-----

House panel slashes ONC funding, maintains OCR’s budget

Jul 13, 2017 11:40am
The House Appropriations Committee sidestepped Trump's overall HHS funding cuts, but kept the 37% cut to ONC.
A draft funding bill released by the House Appropriations Committee on Wednesday included significant budget cuts for the federal government’s health IT agency.   
The bill (PDF) includes a 37% cut to the Office of the National Coordinator for Health IT (ONC), which falls in line with the funding levels outlined in President Donald Trump’s proposed budget. ONC funding would drop almost $22 million to $38.3 million in 2018 under the House bill.
-----

House budget backs Trump's drastic cuts to ONC

The proposal allocates more than the President’s plan to HHS, NIH, CDC and others.
July 13, 2017 01:02 PM
The U.S. House of Representatives revealed its budget funding proposal for 2018 and, among the deep cuts to Health and Human Services, the bill slashed the Office of the National Coordinator by about $22 million.
Page 81 of the 164-page proposal, in fact, states:
“For expenses necessary for the Office of the National Coordinator for Health Information Technology, including 13 grants, contracts, and cooperative agreements for the development and advancement of interoperable health information technology, $38,381,000.”
-----

Forget politics: Here are 3 ways to improve healthcare delivery no matter what happens in Washington

Jul 13, 2017 1:12pm
Beyond 'repeal and replace', the country needs to focus on transforming its healthcare delivery system.
While the focus over the last few months has been on the fight to repeal and replace the Affordable Care Act, improving the country’s healthcare system requires transforming its delivery system, two prominent physician leaders say. 
The battle in Washington over health insurance coverage makes it clear that people want affordable, convenient, technologically enabled, high-quality medical care, write Robert Pearl, M.D., CEO of The Permanente Medical Group, and Norman Chenven, M.D., founding CEO of Austin Regional Clinic, in a Health Affairs blog post.
-----

Nebraska to use state HIE to track all filled prescriptions

Published July 13 2017, 4:00pm EDT
The Nebraska Health Information Initiative, which operates a statewide health information exchange, is ramping up to be the first state to require the tracking of all filled prescriptions, including opioids. The program is expected to go live in January.
The HIE has contracted with electronic prescribing software vendor DrFirst to capture prescription data and deliver it to the state’s Prescription Drug Monitoring Program that launched in January. The goal is to give pharmacists and other providers a more complete picture of a patient’s medication history and aid in identifying opioid abuse issues and intervening. The program also aims to identify the diversion of opioids and other medications to others.
-----

Survey: Lack of Budget & Time Key Obstacles to Healthcare Data Breach Prevention

According to a recent Netwrix 2017 IT Risks Report, 75% of healthcare organizations indicated lack of budget and time as the main obstacles to taking a more efficient approach towards management of healthcare data breach prevention. Additionally, 44% stated appropriate participation of senior management as another key obstacle.
The 2017 IT Risks Report produced by Netwrix Corporation, provider of a visibility platform for data security and risk mitigation in hybrid environments asked IT pros from over 30 industries about their thoughts on:
–  adequacy of existing IT security controls
–  biggest IT risks they face every day
–  readiness to beat these risks
-----

Healthcare pros more suspicious of all EHR vendors after eClinicalWorks scandal

With the Department of Justice expected to widen its false claims probe, 35 percent of healthcare insiders say trust in all electronic health records vendors is waning.
July 12, 2017 02:12 PM
The eClinicalWorks scandal is eroding the trust that healthcare professionals, IT and others have in their electronic health records vendors, a new survey shows.
Thirty-five percent of respondents to a small research study said that they are now “significantly more suspicious of other EHR vendors,” than they were before the U.S. Department of Justice’s landmark $155 million settlement with eClinicalWorks.
What’s more, 27 percent indicated that the deal decreased their confidence in the EHR vendor they are currently using, according to Reaction Data, which polled 113 people. Respondents were comprised primarily of physicians that actually use EHRs, as well as CIOs, CEO, administrators and operations pros. 
-----

HIT Think How providers can improve patient access to medical records

Published July 12 2017, 3:55pm EDT
What is the response when an individual submits a request to receive access to the information that’s in their electronic medical record?
It’s frequently not a good one. In fact, the response can often be one of frustration over the time and effort that will go into compiling the data elements of the record in response to the request. There can also be a desire to recoup costs, or even make a little extra for all the sleuthing through electronic systems that providers might need to do to comply with the request.
Are all individuals in an organization prepared for responding to requests or obtaining necessary information? A lot of questions can arise when a patient makes a request for access to their records that an organization has in its databases.
-----

ONC Set to Address Information Exchange, Compliance Burden

Ken Terry
July 11, 2017
Reducing the burden of electronic health records (EHRs) on physicians and promoting health information sharing will be the major priorities of the Office of the National Coordinator for Health Information Technology (ONC) going forward, Donald Rucker, MD, the new national coordinator, told reporters at a news conference today.
Interoperability between EHR systems has long been at the top of ONC's agenda, but the emphasis on EHR usability and lowering the administrative burden on small practices has not. Dr Rucker noted that, along with interoperability, this goal is very important to Tom Price, MD, Secretary of Health and Human Services (HHS). In introducing John Fleming, MD, deputy assistant secretary for health technology reform, HHS, at the press conference, Dr Rucker also observed that Dr Fleming, a former solo practitioner in Louisiana, is the first senior-level HHS appointee "who represents small practices."
Dr Fleming said that he'd heard many complaints from doctors and patients about physicians' inability to focus properly on patient care because of the administrative requirements they had to meet, including EHR documentation. One reason for this regulatory burden, he said, is Medicare's guidelines for documentation of evaluation and  management (E/M) codes, which were formulated in the 1990s, before most physicians had EHRs.
-----

A data opt-out will reassure patients and improve care

fiona caldicott
Since I was appointed national data guardian nearly three years ago, it has become clear that the health and care system must do more to build public trust in how confidential patient data is used.
In that time we have seen the controversy over the care.data plan to link up GP records, a cyberattack which affected numerous services, and earlier this month the information commissioner ruled, with my backing, that an NHS hospital had not used an appropriate legal basis to share 1.6 million patient records with Google’s DeepMind. It is obvious to me that security around patient data must be strengthened and the public must be engaged in a conversation about how they want their data used.
Yet while past failures to use patient data safely and respectfully have been well-publicised, it remains the case that the data that the health and care system collects has huge potential for good, from researchers making breakthroughs in life-saving medicine to regulators spotting quickly when things go wrong.
-----

Threats to Information Security — Public Health Implications

William J. Gordon, M.D., Adam Fairhall, A.L.M., and Adam Landman, M.D., M.I.S., M.H.S.
July 12, 2017DOI: 10.1056/NEJMp1707212
In health care, information security has classically been regarded as an administrative nuisance, a regulatory hurdle, or a simple privacy matter. But the recent “WannaCry” and “Petya” ransomware attacks have wreaked havoc by disabling organizations worldwide, including parts of England’s National Health Service (NHS) and the Heritage Valley Health System in Pennsylvania. These events are just two examples of a wave of cyberattacks forcing a new conversation about health care information security. With the delivery of health care increasingly dependent on information systems, disruptions to these systems result in disruptions in clinical care that can harm patients. Health care information security has emerged as a public health challenge.
Threats to information security plague many industries, but the threats against health care information systems in particular are growing. Data breaches, generally described as an impermissible use or disclosure of protected health information, are particularly prevalent. Nearly 90% of health care organizations surveyed by the Ponemon Institute (which does independent research on privacy, data protection, and information security policy) suffered a data breach in the past 2 years; meanwhile, 64% of organizations reported a successful attack targeting medical files in 2016 — a 9% increase in just 1 year.1 Multiple causative factors are involved in the uptick in attacks against health care systems, but some reasons cited in that study include low organizational vigilance, inadequate staffing and funding for information technology security, insufficient technology investment, and the underlying value of health care data as compared with data from other industries.
-----

Marion J. Ball talks about why a common language is critical at point of care

Ball discusses technology and natural workflow in a new podcast.
July 10, 2017
Marion J. Ball, a recipient of an inaugural HIMSS Most Influential Women in Health IT Award, has served as senior advisor for healthcare informatics at IBM since 2005. Ball is a member of the Institute of Medicine and serves on the Board of Regents of the National Library of Medicine.
In this HIMSS STEPS to Value Podcast, Ball talks with host Rod Piechowski about why having a common language in healthcare is critical to providing the best care for patients.
“A common language has always been a powerful tool,” Piechowski notes in introducing the topic. “For millennia, it has tied together individuals into tribes, nations, cultures. For millennia, it has helped people together define their world and refine their collective conceptions of what that world’s parameters are.    
-----

How AI could exacerbate existing health disparities

Jul 11, 2017 10:00am
Algorithms are inherently objective, but not if the data is skewed.
Although machines lack the biases humans possess, artificial intelligence could inadvertently aggravate existing health disparities without data that accounts for underrepresented populations. 
Research shows the healthcare industry is already overrun with healthcare inequality. Studies show black Medicare patients are 33% more likely than whites to be readmitted to the hospital after surgery, minorities frequently receive more low-value services than their white counterparts and the perception of the healthcare system varies significantly between high- and low-income patients.
-----

AHA’s 'most wired' hospitals favor data analytics, patient communication tools

Jul 11, 2017 12:29pm
The “most wired” hospitals across the country are using mobile devices, telehealth and data analytics to improve care and communication with patients.
The majority of those hospitals heavily favor analytics, according to survey results published (PDF) by the American Hospital Association which measures IT adoption among hospitals through an annual survey. Nearly 700 organizations responded to the survey, representing 39% of U.S. hospitals.
More than 80% of the “most wired” hospitals use analytics to identify opportunities for quality improvement or cost-containment compared to 67% of all hospitals. Nearly three-quarters use predictive modeling to support clinical decision-making and 69% interface EHR data with population health tools.
-----

Cloud computing grabbing greater share of IT budgets

Published July 11 2017, 3:18pm EDT
Total spending on IT infrastructure products, including servers, enterprise storage systems and Ethernet switches, for deployment in cloud environments will increase 12 percent year over year in 2017 to $40.1 billion, according to a report from International Data Corp.
Public cloud data centers will account for the majority of this spending (61 percent) and will grow at the fastest rate year over year (14 percent). Off-premises private cloud environments will represent 15 percent of overall spending and will grow 12 percent year over year, IDC predicts.
On-premises private clouds will account for 62 percent of spending on private cloud IT infrastructure and will grow 10 percent year over year in 2017, the research firm estimates.
-----

Industry leaders mull mandating use of FHIR for info exchange

Published February 13 2017, 7:01am EST
Health Level Seven International’s Fast Healthcare Interoperability Resources has tremendous potential for the interoperable exchange of health information, but some industry watchers wonder if its use should be required to facilitate widespread information exchange.
The use of FHIR, an application programming interface, is gaining momentum among providers and vendors, but it may be too early to definitively require it as a mandatory part of health IT certification requirements, others contend.
The Office of the National Coordinator for Health Information Technology “or some government body should require the use of FHIR at some point—but not yet,” contends Stan Huff, MD, chief medical informatics officer at Intermountain Healthcare. “It would be premature to mandate it now because it’s just not ready. To do it arbitrarily now would be a big mistake.”
-----

HIT Think Why government interoperability mandates hurt patients and providers

Published July 11 2017, 3:12pm EDT
Many Americans have never heard the term “interoperability,” but the U.S. government has been pushing it as a healthcare reform goal for a while.
While this effort may be well-intentioned, the Department of Health and Human Services’ current activities to achieve interoperability are putting patients’ lives and privacy in jeopardy, and exposing healthcare providers to intolerable levels of risk.
The National Coordinator for Health Information Technology developed a detailed roadmap to define the concept of interoperability and set goals. But simply put, interoperability is the idea that patients and providers nationwide should have seamless access to health information from a variety of sources, including electronic health records at all points of care.
-----

Most Wired Hospitals and Health Systems Driving Efficiency, Improvement

Integration of EHRs and population health still underway

July 10, 2017
Many hospitals and health systems across the country have the technological pieces in place to drive efficiencies and improve both care and the patient experience, but they still have room to further integrate systems and processes and to conduct population health management.
That's the bottom line from the 2017 Health Care's Most Wired survey, conducted by Hospitals & Health Networks and the American Hospital Association with the assistance of several experts from the field.
 “I think we see a shift here from, 'How do I get this tech?' to 'How do I deploy this for our strategic objectives?'“ said Chantal Worzala, vice president, health IT and policy operations at the AHA. 
-----

5 cybersecurity threats to know about right now

Petya is only one of the issues hospital IT, privacy and compliance pros should understand this month.
July 07, 2017 01:13 PM
Hackers and cybercriminals continued tapping into new techniques last month to essentially break into IT networks, if not cripple some of those.
It’s not just Petya following in WannaCry’s footsteps, either. But since that ransomware turned wiper malware certainly grabbed the spotlight, it took the top slot in HIMSS roster of threat, vulnerability and mitigation issues in the June 2017 Healthcare and Cross-Sector Cybersecurity Report.
“While we are getting better at cybersecurity defense, cybercriminals are raising the bar in terms of their attacks,” HIMSS Director of Privacy and Security Lee Kim said.
-----

Remembering Cerner CEO Neal Patterson's health IT legacy

The son of Oklahoma farmers founded Cerner alongside Cliff Illig and Paul Gorup and built the company into one of the largest and leading EHR vendors.
July 11, 2017 01:06 PM
The death of Cerner CEO Neal Patterson due to unexpected complications from soft tissue cancer on Sunday night has colleagues and fellow health IT innovators grieving the loss of who most consider a pioneer in improving healthcare delivery.
As Cerner is the second largest employer in Kansas City with about 12,800 employees in the region, much of the city is also feeling the loss:
The city’s MLS team, Sporting Kansas City, which Patterson co-owned, said the health IT innovator focused on community-driven initiatives, while the Kansas City Manager called Patterson a titan “who helped build this town.”
-----

Cerner CEO Neal Patterson, a ‘legend’ and ‘inspirational visionary,’ dies from cancer at age 67

Jul 10, 2017 10:19am
Neal Patterson, who co-founded Cerner in 1979, died of cancer on Sunday.
Neal Patterson, co-founder and CEO of Cerner, and a recognized leader in the health IT industry, died on Sunday following complications from an ongoing bout with cancer. Patterson was 67.
Patterson announced he was diagnosed with soft tissue cancer last year. According to a statement from Cerner, the health technology mogul died due to “unexpected complications that arose after a recent reoccurrence” of the cancer.
-----

5 key steps for improving a provider’s security posture

Published July 10 2017, 1:58pm EDT
If you’re a small healthcare IT operation, a simple spreadsheet might do the trick. If you’re larger, a not-so-simple spreadsheet might be in order.
Regardless of how you do it, hospitals, clinics and other healthcare organizations must identify and monitor every single instance of computer network access. They’re called endpoints, says Larry Ponemon, founder of the security consulting firm the Ponemon Institute, and for you they exist as vulnerabilities. Your job is to eliminate them through a series of basic security-promoting tasks.
Your IT security staff may have conducted such work in the past related to HIPAA. However, “in the past” is definitely not recent enough for a provider’s robust security program in the hyper-changing technology world, especially if the work was incomplete or conducted more than a year ago. In too many hospitals, security protections have been a one-shot effort conducted years ago with little follow-up. Your hospital may need to undertake the following actions from a blank slate perspective in order to combat today’s sophisticated threats.
-----

Tool enables cystic fibrosis patients to actively engage in their care

Published July 06 2017, 7:29am EDT
A computerized decision-making tool has been shown to be effective in helping cystic fibrosis patients engage with clinicians as active participants in their own care.
Developed by researchers at the University of Cincinnati, the shared decision-making tool takes into account patients’ preferences for measures of lung function and health, as well as evidence-based treatment to assist patients in prioritizing home treatments.
Cystic fibrosis patients must undertake time-consuming and sometimes complex home therapies, says Mark Eckman, MD, Posey Professor of Clinical Medicine and director of the UC Division of General Internal Medicine.
-----

Computer-Simulated Tests Eyed at FDA to Cut Drug Approval Costs

By Anna Edney
July 8, 2017, 12:39 AM GMT+10 July 8, 2017, 1:38 AM GMT+10
  • FDA plans to help speed adoption of trials in virtual patients
  • Research on new drugs, rare diseases could be expedited
Computer simulations may get a role alongside human testing as part of an effort to bring new medications and medical devices to market more quickly and cheaply.
The U.S. Food and Drug Administration outlined a proposal Friday to help integrate computer modeling and virtual testing as part of the regulatory approval process for manufacturers -- a step the agency said could save money while helping find cures for puzzling conditions such as Alzheimer’s disease.
The plan is one step toward President Donald Trump’s goal of lowering drug prices. The average cost of developing a new medication is about $2.56 billion, according to a 2014 estimate from the Tufts Center for the Study of Drug Development, and much of that goes to fulfilling the FDA’s rigorous demands for proving safety and effectiveness. 
-----

Enjoy!
David.

Friday, July 21, 2017

The New England Journal Of Medicine Looks At The Risks To Health And Health Services From IT Issues.

This article appeared last week:

Threats to Information Security — Public Health Implications

William J. Gordon, M.D., Adam Fairhall, A.L.M., and Adam Landman, M.D., M.I.S., M.H.S.
July 12, 2017DOI: 10.1056/NEJMp1707212
In health care, information security has classically been regarded as an administrative nuisance, a regulatory hurdle, or a simple privacy matter. But the recent “WannaCry” and “Petya” ransomware attacks have wreaked havoc by disabling organizations worldwide, including parts of England’s National Health Service (NHS) and the Heritage Valley Health System in Pennsylvania. These events are just two examples of a wave of cyberattacks forcing a new conversation about health care information security. With the delivery of health care increasingly dependent on information systems, disruptions to these systems result in disruptions in clinical care that can harm patients. Health care information security has emerged as a public health challenge.
Threats to information security plague many industries, but the threats against health care information systems in particular are growing. Data breaches, generally described as an impermissible use or disclosure of protected health information, are particularly prevalent. Nearly 90% of health care organizations surveyed by the Ponemon Institute (which does independent research on privacy, data protection, and information security policy) suffered a data breach in the past 2 years; meanwhile, 64% of organizations reported a successful attack targeting medical files in 2016 — a 9% increase in just 1 year.1 Multiple causative factors are involved in the uptick in attacks against health care systems, but some reasons cited in that study include low organizational vigilance, inadequate staffing and funding for information technology security, insufficient technology investment, and the underlying value of health care data as compared with data from other industries.
Attackers use a variety of techniques against health care organizations. Denial of service (DoS) attacks, aimed at disrupting and disabling systems by overwhelming them with large volumes of network traffic, have targeted health care facilities.2 Such attacks can render clinical systems unusable, with negative effects on core hospital operations, such as delays in surgical procedures, lab-result reporting, and bed management. More recently, attacks against health care organizations have taken the form of ransomware. In these attacks, an information system — for example, a database containing patient information — is encrypted in such a way that only the attacker has the “key” to unlock the data. Hospitals are faced with poor options: pay the attacker, usually anonymously in online cryptocurrencies such as Bitcoin, or rely on older backups that may not contain the most recent clinical information; even an organization that backs up every system daily could lose critical data if forced to restore from a backup. The May 2017 WannaCry attack that affected the NHS is an example. Other recent examples include an attack on the Hollywood (California) Presbyterian Medical Center that resulted in the payment of $17,000 to hackers and one on MedStar Health, which caused a temporary but large-scale computer shutdown in its network of hospitals. Payment doesn’t guarantee access to encrypted data — though the ransom price could be worth the risk depending on the severity of potential data loss. More than 50% of hospitals have reported at least one ransomware attack in the past year.3
Although DoS and ransomware attacks disrupt systems and can significantly impair the ability to deliver efficient care, they do not necessarily expose patient information. More worrisome are attacks that result in breaches of protected health information and personally identifiable information. Such information is valuable to attackers for two main reasons. First, it has direct monetary value: attackers can sell these data in anonymous online forums that are part of what’s sometimes referred to as “the dark web.” For example, in June 2016, a hacker posted on the “Real Deal” dark-web marketplace offering for sale more than 600,000 medical records from three different systems, one of which was an entire electronic health record, including screen shots.4 Medical records can be used for various fraudulent activities, including falsified claims, medical device purchasing (and reselling), and credit card identity theft.
The full article is found at the link below and is not behind a fire-wall:
This is a useful contribution as it warns clinicians that as the levels of IT reliance rises we need to be much more careful and be much better educated regarding risks to our systems and data.
Well worth a careful browse.
David.