Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Saturday, November 05, 2016

Weekly Overseas Health IT Links – 5th November, 2016.

Note: Each link is followed by a title and few paragraphs. For the full article click on the link above title of the article. Note also that full access to some links may require site registration or subscription payment.
-----

Patients getting e-prescriptions more likely to get them filled

Published October 28 2016, 7:11am EDT
Patients are more likely to pick up and fill their medications if they are given prescriptions in electronic format rather than traditional paper scripts.
That’s the finding of a retrospective review of medical records among a cohort of new patients prescribed dermatologic medications at a Dallas safety-net hospital’s outpatient dermatology clinic.
The study, published in JAMA Dermatology, included a total of 4,318 prescriptions written for 2,496 patients—803 patients received electronic prescriptions, while 1,693 received paper. Researchers found a 16 percent reduction in primary non-adherence when the prescription was electronically prescribed.
-----

Big Data and Healthcare Analytics Forum top takeaways

Health org's trekking deeper into analytics should expect a new information wave, understand that crowdsourcing can pay off, know machine learning is real right now, buckle down on governance. And don’t hold out for perfection. 
October 27, 2016 06:44 AM
We have to make better use of health data.
That was the final sentence spoken at the HIMSS and Healthcare IT News Big Data and Healthcare Analytics Forum this week.
Sree Chaguturu, vice president of population health management at Partners HealthCare spoke those words, which served as something of an ideal, if unplanned, conclusion to the two-day event in Boston.
Indeed, that sentiment permeated through many of the discussions ranging from hype and disappointment to lessons learned and success stories by providers large and small. 
-----

How to ensure OpenNotes is a positive experience for patients

Oct 28, 2016 10:15am
With more than 6 million Americans now with access to their doctor’s notes through a patient portal, one doctor offers several suggestions for using them in a positive way.
Some doctors are apprehensive about patients reading their notes and have become “less candid” in their written assessments, according to a previous article in the Journal of the American Medical Association. However, the OpenNotes initiative aims to make doctor notes available to 50 million patients nationwide over the next three years.
To that end, brevity and clear language are keys to making open notes work for everyone involved, this writes Jared Klein, M.D. of Harborview Medical Center in Seattle in a commentary published in the American Journal of Medicine. He urges doctors to discuss what they write with patients, then write what was discussed.
-----

Predictive analytics fuel Johns Hopkins 'command center'

by Dan Bowman 
Oct 28, 2016 1:03pm
Predictive analytics are at the heart of a control center launched this year by The Johns Hopkins Hospital in Baltimore that aims to improve patient safety and provider efficiency.
The system, housed at The Judy Reitz Capacity Command Center, monitors 14 IT systems at the hospital simultaneously, and receives roughly 500 messages per minute from those tools, according to Johns Hopkins. Twenty-four staffers from disparate departments around the organization man the command center, which was built in collaboration with GE Healthcare Partners.
Since its February launch, the system has helped to drastically improve Johns Hopkins' ability to accept transfer patients with complex medical conditions, as well as the speed of assigning emergency room patients to beds who have been admitted. The hospital also says that delays in transferring patients from operating rooms have plummeted, and that patients increasingly are being discharged in a more timely manner.
-----

How to better prepare for inevitable cyber attacks

Published October 28 2016, 3:48pm EDT
Any healthcare company or provider knows the obvious—hackers are working hard to get into their networks.
The industry has long been in the top 10 for the number of records compromised in data breaches, and now has moved to first place, with more than 100 million records compromised, according to the 2016 IBM X-Force Cyber Security Intelligence Index.
Part of the reason—and perhaps the major driver—is economics. Experts believe that a stolen medical record is worth more than 10 times a stolen credit card.
-----

Cleveland Clinic names top 10 medical innovations 2017

FHIR makes the list. As do other innovations ranging from better treatment for depression to disappearing stents. Read about all ten here. 
October 26, 2016 01:07 PM
CLEVELAND — The Cleveland Clinic today revealed it’s top 10 medical innovations to expect in 2017.
The top 10 innovations were unveiled to more than 1,600 doctors, entrepreneurs and other industry leaders at the 14th annual Cleveland Clinic Medical Innovation Summit here.
Here they are:
1. The microbiome. The microbiome is made up of trillions of helpful bacteria that make a home inside the human gut – to prevent, treat and diagnose disease.
2. Diabetes drugs that reduce heart disease and death. People with diabetes are twice as likely to have heart disease or stroke than someone without the chronic condition, according to the National Institutes of Health. Two new drugs recently approved recently approved to treat diabetes. Novo Nordisk’s liraglutide, sold as Victoza, and Eli Lilly’s empagliflozin, sold as Jardiance, have shown promise in reducing these heart-related complications.
-----

Despite persistent training, Baystate Health suffers a breach

Published October 26 2016, 1:49pm EDT
Regular cybersecurity training and the placement of a button on email to enable employees to report suspicious messages to the IT department for investigation—rather than clicking on the message—helped mitigate a recent phishing attack on five-hospital Baystate Health in Massachusetts.
Baystate has nearly 13,000 employees, and many received the malicious email—designed to look like an internal Baystate memo to employees—but only five of them clicked on it, a spokesperson says. That still put protected health information at risk for 13,112 patients.
-----

End-of-life shared systems face 'immense challenges' - paper

Ben Heather
26 October 2016
Attempts to set-up end-of-life electronic care systems are falling short, with many failing to reach the dying patients that need them, a new paper says.
The paper, published in quarterly BMJ Supportive and Palliative Care, reviewed the development and use of electronic palliative care coordination systems in England.
The government has committed to rolling out EPaCCS or equivalent shared end of life digital records across England by 2020.
The researchers found there was little guidance about what an EPaCCS should look like and weak evidence that the systems that were operating were delivering benefits for patients.
-----

Special Report: VNA and Data Storage

Trusts are starting to find new uses for vendor neutral archives, and the IT architecture for delivering them is evolving in response to new demands, Kim Thomas discovers.
A vendor neutral archive is based on the simple, yet useful, idea of storing all types of unstructured content (for example, image files, video clips and PDF documents) in a single place.
Because a VNA uses the XDS standard, the files can be accessed and used by a range of applications, irrespective of supplier. As demand among NHS trusts for VNAs increases, this simple idea is being put to myriad uses.
From radiology to other ‘ologies’
Three years ago, when the National PACS Programme element of the National Programme for IT ended, many trusts bought VNAs to archive radiology images.
-----

CHIME: Ransomware top concern for health IT, security execs

Oct 27, 2016 12:46pm
Ransomware and malware attacks rank as the top cybersecurity concerns for hospital IT and security executives who responded to a survey jointly unveiled Thursday by the College of Healthcare Information Management Executives (CHIME) and the Association for Executives in Healthcare Information Security (AEHIS).
In particular, survey respondents (.pdf) indicate they worry most about data exposure, but said that poor authentication was the most common vulnerability. Malware and ransomware were listed as the most common exploits, by the 190 CHIME and AEHIS members who participated in the survey.
Most executives said that because security is not looked at as a patient care or quality of care issue, business strategy did not drive security strategy. Still, almost all respondents indicated that compared to last year, their organization was more prepared to handle an attack.
-----

EHRs are legal records that can be used against providers in court

Oct 27, 2016 5:49am
Much of the focus on electronic health records has been about their adoption and the requirements of the Meaningful Use program, but many providers may not realize that EHRs also represent legal records that can impact medical malpractice litigation.
While malpractice involving paper medical records often dealt with illegible clinician notes or confusing abbreviations that lead to errors, EHRs often involve other kinds of mistakes, such as those made by hitting the wrong item on a drop down menu, an article in Healthcare IT News outlines.
Another problem with EHRs in malpractice litigation stems from the inability of providers to prove that they made a clinical decision based on information in front of them in the tool. What's more, according to the article, printouts of an EHR, which can run to thousands of pages, do not look the same as when a clinician actually uses the software.
-----
October 25, 2016

AAP National Conference: Algorithm aids in managing childhood obesity

Carla Kemp, Senior Editor
It’s one thing to tell parents that their child should stop drinking sweetened beverages. It’s another to have the conversation in a way that is practical so parents feel the advice is truly helpful, said Ihuoma Eneli, M.D., FAAP, a member of the AAP Section on Obesity and associate director of the AAP Institute for Healthy Childhood Weight.
When giving families evidence-based messages for healthy living such as to drink more water or eat more fruits and vegetables, “I think the how is really important,” Dr. Eneli said.
She provided examples of how to engage families in such conversations during a session titled “The New AAP Weight Management Algorithm: Evidence-Based Management of Obesity.” Dr. Eneli also introduced the algorithm and explained how pediatricians can use it in everyday practice and determine if they actually made a difference in their patients’ lives.
-----

With hacking on the rise, physician records at risk

October 25, 2016
The numbers are staggering: Nearly one in every three Americans have had their medical records compromised, with more than 112 million healthcare records breached last year alone.
Yet despite those figures, as reported by HHS’ Office of Civil Rights, a majority of doctors surveyed say they are not worried about the security of the patient health information residing in their electronic health record (EHR) systems.
More than half (58%) of physicians say they are not concerned about the security of the data contained in their EHRs, according to Medical Economics’ exclusive 2016 EHR Report.
Medical Economics asked 2,129 physicians: “Are you concerned about the security of the data contained in your EHR system and the potential for a breach?” Of the 2,111 who replied, 879 said yes while the other 1,232 said no.
-----

FDA releases draft guidance on clinical management software

Written by Jessica Kim Cohen | October 26, 2016 |
The FDA has released a new draft guidance that outlines how developers should evaluate software used for the clinical management of patients.
This software, called "software as a medical device," is not part of a hardware medical device and does not come into direct contact with patients; however, it may analyze data used to inform clinical decisions and patient care. The guidance, which was drafted by the International Medical Device Regulators Forum, provides recommendations for how developers can prove the effectiveness, performance and safety of this software.
------

Why patient engagement will only rise in importance

Published October 25 2016, 2:48pm EDT
From massive medical centers in the heart of major urban areas to small hospitals in rural areas well off the Interstate Highway System, there exists, in one form or another, a patient engagement initiative. Reflective of that are the 1,100 job openings that returned when I typed in “patient engagement” in the Jobs search box on LinkedIn.
Finding ways to engage with patients makes all kinds of sense in this day of high deductible health plans. More of the healthcare dollar must now come from what is increasingly someone referred to as a healthcare consumer. And that consumer is involved in healthcare in more ways than financial responsibility.
Since 1990, average life expectancy in the United States has increased from 71.8 to 76.4 years for men, and 77.8 to 81.2 years for women. During that same period, the uninsured rate has dropped from 13.9 percent to 9.1 percent. And the number of physician visits is increasing at a rate faster than this country’s population growth.
-----

Big data: Blind man with the elephant?

Predictive analytics are not going to be perfect. But that’s okay. Experts explain the sweet spot to target today.
October 24, 2016 04:47 PM
BOSTON — Big data means different things to different people. But as providers increasingly apply analytics tools to growing data sets, some realities are at least starting to become clearer. Among them: reasons why the technology need not be perfect to be effective now.
"We’re kind of like the blind man with the elephant," said Richard Finley, director for medical analytics at the University of Mississippi Medical Center, at the HIMSS Big Data and Healthcare Analytics Forum. "We’re all dealing with the same thing but we all see it a little differently."
Indeed, hospitals and networks are investing analytics for similar reasons, including value-based care, risk sharing, improving clinical quality, patient satisfaction, population health and overall performance.
-----

A framework to boost security at healthcare organizations

Published October 26 2016, 2:11pm EDT
The number of patient records breached in healthcare organizations across the United States to date is about 200 million, which is staggeringly close to three-quarters of the entire insured population. The reasons for these breaches range from hacktivism to personal/criminal/political gain to militarism.
The Office of Civil Rights (OCR) at the Department of Health and Human Services (HHS) only started maintaining the breach list in July 2009. At a cost estimate of $400 per breached record in 2015, the total cost estimate of all breaches since 2009 is more than $75 billion. Just within the past 18 months, the total number of breached records has been close to 150 million. Note that only breaches covering more than 500 records per incident had to be reported to OCR until August 2016; we may therefore have been missing a very “long tail” in the breach curve.
In 2015 alone, the number of records breached was 112 million; the numbers for 2016 to date is far below that amount. Patient records used to have much higher financial value than credit card information; they now have much higher military and political value as we warily look to the future of cyber and biological warfare.
-----

Doc groups lobbied against telemedicine expansion in DoD funding bill

Oct 26, 2016 10:22am
Both the American Medical Association (AMA) and the American Academy of Family Physicians (AAFP) have put a lot of effort into urging the Defense Department to kill a section of language in its funding bill expanding telehealth.
The 2017 Defense authorization bill (S. 2943) mandates the availability of real-time virtual visits in its TRICARE healthcare program. However, the medical groups oppose language in Section 705(d) that bases reimbursement, licensure and liability on the location of the doctor, rather than the patient, Politico Morning eHealth reports.
“Allowing physicians with a single license to treat TRICARE beneficiaries in any state via telemedicine would create episodes of medical care that the state in which the patient resides cannot readily regulate, if at all,” AAFP wrote in a letter last month to leaders of the House and Senate Armed Services committees.
-----

Digital health: 3 doc worries

by Dan Bowman 
Oct 26, 2016 2:00pm
Despite the growing use of digital tools in healthcare, not all providers are confident that technology can have a positive impact on their efforts, according to Cedars-Sinai Medical Center’s Brennan Spiegel.
In a recent blog post, Spiegel, who serves as the hospital’s director of health services research in academic affairs and clinical transformation, discusses some of the top “fears” he’s heard over the years from doctors hesitant to embrace IT with open arms. Here are three of those fears, and his response to each:
Fear 1: There is no time to account for all of the data created by digital health tools.
Spiegel says that, perhaps, the answer is training a new specialist--the “digitalist”--who specifically focuses on monitoring and acting on remote patient data. “This provider does not yet exist, just as ‘The Hospitalist’ did not exist prior to 1996, when Robert Wachter and Lee Goldman coined the term to describe a much-needed clinician to fill an unmet need for inpatient care,” he says. “The Digitalist will reside in an e-coordination facility and remotely track data from biosensors, portals apps, and social media, then combine the data with clinical parameters and knowledge about the patients’ medical history.” Such a specialist, he says, would also work to prevent crises and cut avoidable readmissions.
-----
Oct 26, 2016 @ 11:56 AM 403 views The Little Black Book of Billionaire Secrets

The Future Of Health Care Is In Data Analytics

I write about the many issues technology entrepreneurs confront.
Opinions expressed by Forbes Contributors are their own.
Every minute of the day, eCare21, a remote patient-monitoring system, collects thousands of pieces of health data about more than 1,000 senior citizens. The telehealth system uses smartphones, Fitbits, Bluetooth and sensors to collect information about things like blood pressure, physical activity, glucose levels, medication intake and weight. The information is then compiled on a dashboard so that the patients’ doctors, loved ones and caregivers can keep an eye on them and provide proactive care, even from hundreds of miles away.
This is proving to be a valuable service for individuals managing complicated health situations. But Vadim Cherdak, CEO and president of eCare21, says we are only scratching the surface. Once his company partners with a big data analytics service, it will be able to glean even more useful insights from the intense amount of data flowing in.
-----

Information governance, informatics are top priorities for AHIMA

Published October 25 2016, 7:04am EDT
As the healthcare industry transitions from fee-for-service to value-based care, health information professionals are on the frontlines of these momentous changes helping clinicians leverage technology to achieve better patient outcomes while reducing costs.
The American Health Information Management Association’s mission is to advance data analytics, informatics, and information governance in support of these goals. AHIMA, which held its annual national conference last week in Baltimore, is ramping up its resources, tools, and education/accreditation programs to ensure that the more than 100,000 health information professionals it represents are prepared for this unprecedented healthcare transformation.
Health Data Management sat down with AHIMA’s Lynne Thomas Gordon (Chief Executive Officer), Melissa Martin (President/Chair of the 2016 Board of Directors) and Ann Chenoweth (President Elect/Chair of the 2017 Board of Directors) to discuss the state of the industry and the association’s priorities for the coming year.
-----

Data 3.0 is coming to healthcare - experts foretell what that means

Hospitals that haven't started making data actionable, explainable, trusted and contextualized should start now. Why the urgency? In two or three years, finding talented data scientists and other skilled workers is only going to get more difficult.
October 24, 2016 01:10 PM
BOSTON —Health data is now on the verge of a new wave. Call it Data 3.0.
At the core of this new age of healthcare analytics: data that is actionable, explainable, trusted and contextualized.
"Context is everything, especially in data," said Tripp Jennings, chief value and informatics officer at Palmetto Health, speaking Oct. 24 at the HIMSS Big Data and Healthcare Analytics Forum.
To achieve that necessary context, health data has to be explainable so clinicians can understand why it's important, according to Terry Sullivan, chief medical information officer of OnPointe. Ken McCardle, senior director of clinical data and analytics at Mount Sinai Health System, added that the information also has to be trustworthy.
-----

Data governance: Make analytics 'an amazing asset'

Governance isn't always fun. But it is the most important building block for a healthcare analytics strategy. How the University of Mississippi Medical Center and Dartmouth-Hitchcock are turning the tedious work into an indispensable boon to productivity.
October 24, 2016 06:25 AM
Elizabeth Stedina, director of the Dartmouth Analytics Institute, said the system is breaking new ground and no single policy can cover all of its needs. 
There is no glory in governance. There are no sparkling data clusters to admire. There are no dazzling 3D images. There is nothing that makes people step back and say: "That is so cool!"
Instead, governance is decidedly unsexy. It is tedium. It is drudgery. It is painstaking diligence. It is conscientious review. It is checking, double checking and checking one more time for good measure. It is an exercise in patience that challenges even the most imperturbable people. It is a seemingly endless chore.
-----

FDA seeks to intervene in device harm reporting

Oct 25, 2016 12:07pm
In the wake of a series of antibiotic-resistant infection outbreaks caused by contaminated medical devices, the Food and Drug Administration is stepping up its efforts to improve hospital reporting of device-associated deaths or injuries.
Inspections of 17 hospitals found serious deficiencies in adverse event reporting, according to a blog posted on the agency’s website. The inspections uncovered numerous events that were never reported in violation of agency requirements, according to Jeffrey Shuren, M.D., who heads the FDA’s device division. In many cases, failure to report came down to simple ignorance or lack of training in reporting requirements on the part of hospital staff, according to the post.
-----

AHA to ONC: Provide info on readiness of standards for real-world use

Oct 25, 2016 12:37pm
The American Hospital Association wants the Office of the National Coordinator for Health IT to provide more information to healthcare industry stakeholders in its 2017 Interoperability Standards Advisory (ISA) about how it differentiates between the maturity levels of disparate health IT standards.
In a letter sent Tuesday to National Coordinator Vindell Washington, AHA Senior Vice President of Public Policy Analysis and Development Ashley Thompson says that the draft ISA, made public in August, fails to include links to any maturity assessments for standards. AHA also calls on ONC to publicly release feedback received about adoption experiences of standards and implementation specifications.
Additionally, AHA wants ONC to provide information on “the readiness of standards for provider use” in the real world, as opposed to just information on the adoption of standards. “[E]xperience to date indicates that a standard may have a high adoption rate as a result of a health information technology certification requirement, although it does not meet provider needs,” Thompson says.
-----

Global computerized physician order entry systems market to reach $1.5B by 2020: 7 key trends

Written by Anuja Vaidya (Twitter | Google+)  | October 24, 2016 |  Print  | Email
The global computerized physician order entry systems market is anticipated to see strong growth over the next four to five years, according to a Persistence Market Research report.
Here are seven trends:
1. The global CPOE systems market is expected to be valued at $1.5 billion by 2020.
2. The market was valued at $999.4 million in 2014.
3. It is slated to grow at a compound annual growth rate of 6.8 percent from 2014 to 2020.
-----

IT Adapts to MACRA, ONC Final Rules

Scott Mace, October 25, 2016

While providers praise flexibility, work is just beginning on which technology will work best, and whether regulations are too little or too much.

Mari Savikis
As the final days of the Obama administration tick down, a flurry of final rules from CMS and ONC promise to reduce the reporting burden which the meaningful use program imposed on providers.
The final rule on MACRA and Merit-based Incentive Program legislation provide more flexibility on how physicians enter the value-based payment world of CMS' new Quality Payment Program.
John Halamka, MD, chief information officer of Beth Israel Deaconess Medical Center, praised the final outlines of the Merit-based Incentive Payment System and Advanced Alternative Payment Models (APM).
-----

How to raise defenses to defeat phishing attacks

Published October 21 2016, 2:15pm EDT
Phishing attacks are an effective and profitable form of crime. This helps explain why these types of attacks continue to increase according to the recent Anti-Phishing Working Group (APWG) Phishing Activity Trends Report, 2nd Quarter 2016.
The total number of unique phishing sites observed in the second quarter of 2016 was 466,065 which is an all-time high. The second quarter’s total rose 61 percent from the 289,371 phish found in the first quarter of 2016, which was the previous high.
Phishing attacks occur when cybercriminals use false emails or websites to extract confidential information from unsuspecting online users such as Social Security or credit card numbers or account and identity information. Users have a reason to be cautious—phishing attacks undermine the confidence in the authenticity of e-mails and websites.
-----

Apple, Google, IBM Watson, Intel and WalMart are ushering in new era of rapid transformation in healthcare, study finds

Disruption is already starting. Hospital and IT vendor executives should pay close attention to innovations and emerging business and care models, Frost & Sullivan says.
October 21, 2016 07:06 AM 
Healthcare CIOs take note: Prepare now for the onslaught of crowdsourcing, open source, mass customization as well as innovative and disruptive business models that are coming your way.
The ongoing shift toward value-based and customer-centric care delivery will spark innovative solutions and add value for healthcare customers. Such digitization of products, services and commerce models, in fact, are already beginning to democratize healthcare systems in disruptive ways, according to global research firm Frost & Sullivan.
"CEOs should pay attention to developing innovative business models to monetize emerging opportunities,” Frost & Sullivan  analyst Kamaljit Beher wrote in a new report. “Companies such as Apple, Google, IBM Watson and Intel will continue to compete outside their domain, forcing traditional healthcare companies to change their dominant business models.”
-----

ECRI: Be vigilant to prevent copy-and-paste errors

Oct 24, 2016 10:22am
Clinicians and their staff must be vigilant to prevent using copy-and-paste functions in electronic health records in ways that propagate errors, speakers from the ECRI Institute told attendees last week at the American Health Information Management Association's (AHIMA) annual conference in Baltimore.
A doctor might not have a true picture of the progression of an ailment if the initial assessment is copied forward into records of subsequent visits and might consider the record untrustworthy, co-presenters Lorraine Possanza and Robert Giannini told the group, according to coverage of the talk reported in Physicians Practice.
"If I pasted information and it's incorrect and I repeatedly paste that information that is incorrect, I now have errors that are propagated," Possanza said.
-----

How early data governance paves the way for advanced IT efforts

Oct 24, 2016 11:00am
University of Mississippi Medical Center Chief Health Information Officer John Showalter says he gets strange looks when he tells people his organization worked 18 months on data governance without producing a single report.
“You want unsexy? All that time was spent on procedures and protocols with no analytics,” he explains in a Healthcare IT News article.
But in the 14 months since, his organization has produced 40 data visual apps and 1,200 reports with just five report writers because that work so clearly defined the governance rules, he says.
-----

Visual dashboard brings together key clinical data in ICU

Published October 21 2016, 7:06am EDT
Electronic health records bring many benefits to clinicians, but Rondel Albarado, MD, did occasionally miss one benefit of the clipboard hanging at the end of the patient’s hospital bed—a one-glance look at various charted information.
“The clipboard at the base of the bed was where the nurse had trended information overnight,” says Albarado, who works for UT Physicians, part of UTHealth, teaching in a variety of programs and also is a trauma medical director for the intensive care unit at Memorial Hermann.
There, he oversees 23 beds that handles trauma and surgical intensive care, and a variety of physical conditions are monitored in real-time as clinicians work closely to preserve the lives on some of its most critically ill patients.
-----

Survey: Cryptographic issues, information leakage top list of 2016 healthcare security concerns

Written by Jessica Kim Cohen | October 21, 2016 
Cybersecurity concerns vary by industry, according to Veracode's seventh annual "The State of Software Security" report.
While government industries are most vulnerable to information leakage and financial services industries are most vulnerable to code quality issues, the healthcare industry is susceptible to a unique set of cyberattacks.
Here are the industry's top five cybersecurity vulnerabilities, ranked by prevalence:
1. Cryptographic issues
2. Information leakage
-----

Athenahealth, Allscripts websites down amid nationwide hack

By Shelby Livingston  | October 21, 2016
The websites of EHR software providers Athenahealth and Allscripts were down for some parts of the country Friday during the same time hackers launched an attack against the servers of Dyn, a major Domain Name System host.
Twitter, Spotify, Reddit, and Shopify were down most of Friday morning and afternoon, but healthcare companies seemed to be largely unaffected.
Dyn posted on its website Friday that it experienced an attack early that morning but restored services a few hours later. A second attack occurred around 11 a.m. Central time. Dyn is still investigating and mitigating the attacks, it said.
-----

Enjoy!
David.

Friday, November 04, 2016

If Ever There Was A Reminder That Private Information Security Is Vital – This Is it!

This broke late last week:

Australia's biggest data breach sees 1.3m records leaked

By Allie Coyne on Oct 28, 2016 12:00PM

Medical data exposed.

More than one million personal and medical records of Australian citizens donating blood to the Red Cross Blood Service have been exposed online in the country’s biggest and most damaging data breach to date.
A 1.74 GB file containing 1.28 million donor records going back to 2010, published to a publicly-facing website, was discovered by an anonymous source and sent to security expert and operator of haveibeenpwned.com Troy Hunt early on Tuesday morning.
The database was uncovered through a scan of IP address ranges configured to search for publicly exposed web servers that returned directory listings containing .sql files.
The contents of the 'mysqldump' database backup contains everything from personal details (name, gender, physical and email address, phone number, date of birth and occasionally blood type and country of birth) to sensitive medical information, like whether someone has engaged in at-risk sexual behaviour in the last year.
The database collected information submitted when an individual books an appointment - either on paper or online - to donate blood. The process requires donors to enter their personal details and fill out an eligibility questionnaire.
It does not contain data on blood reports or analyses, or responses to the full donor questionnaire all blood bank visitors are required to fill out at the time of their donation.
The database was published on the webserver of a Red Cross Blood Service technology partner that maintains the service's website, not the organisation’s www.donate.blood.com.au site where online bookings are made.
"This is a seriously egregious cock-up - this should never happen," Hunt told iTnews.
More here:
There were more details published here:

Contractor behind Australia's biggest-ever data breach revealed

By Allie Coyne on Oct 28, 2016 4:25PM

Exclusive: How human error exposed 550,000 donors.

Over four frantic days that must have felt like mere minutes, the Red Cross Blood Service has been battling to deal with a data breach that exposed the sensitive personal and medical records of 550,000 of its donors online.
An anonymous individual stumbled across the 1.74GB file containing 1.28 million records while scanning IP address ranges for publicly exposed web servers containing .sql files.
The Red Cross Blood Service became aware of the blunder on Tuesday morning through a chain of communications that included security researcher Troy Hunt and Australia’s computer emergency response team AusCERT.
That was also the day its website maintenance and development contractor, Precedent, found out about the giant breach it had inadvertently caused.
Precedent was engaged by the blood service to redesign and maintain its core website, www.donateblood.com.au, in 2015.
It created a Drupal 7-based responsive site to make it easier for people who have never donated blood to find out more about the process, and to make bookings for donors much simpler.
The new site was launched to the public in November last year.
However, a human error made by one of Precedent’s technical team meant a database backup containing all the information donors enter as part of their booking process was exposed online for almost two months from September 5 this year.
More here:
There is also coverage in all the mainstream press.
It is hard to know what to say – other than to agree with the commentator that said this sort of thing should simply not happen.
There is a warning here for all who hold patient private data!
David.