Eye clinic cyberattack may have exposed info from 500K patients


A cybersecurity incident at an Iowa group eye clinic could have exposed the personal information of nearly 500,000 current former patients.  

According to a press release this week, back in February Wolfe Eye Clinic was the target of a deliberate cyberattack.  

Because of the complexity scale of the incident, said the company, the full scope of potentially affected data was not realized until May 28.  

“We take our responsibility to protect personal information in our control very seriously apologize for any concern or inconvenience this may cause,” said Luke Bland, chief financial officer at Wolfe Eye Clinic, in a statement.  

“We continue to closely monitor the situation are committed to notifying past present patients about what happened what they can do to protect their information,” said Bland.  


Wolfe Eye Clinic runs 11 main clinics across the state, in addition to nine family vision centers, a surgical center more than 25 outreach locations.   

According to the company, on February 8 an unauthorized third party tried to gain access to the company’s computer network then blocked access to some systems information.  

After detecting the incident, said the organization, Wolfe Eye Clinic “responded immediately,” contracting the assistance of independent IT specialists forensic investigators to investigate.

The hackers demanded a ransom, according to the organization, which was not paid. Although it’s not clear how long the hackers had access to the information, the clinic said the full breadth of possibly exposed data was not realized until May 28. The investigation concluded on June 8.  

This week, Wolfe began notifying the approximately 500,000 current former patients that their personal information may have been inappropriately accessed.  

For some, that data may include their name, mailing address, date of birth Social Security number; for others, it may also include protected medical health information, said the company.

Wolfe Eye Clinic said it is taking steps to prevent a similar event from reoccurring by implementing additional safeguards security measures. It is also offering identity monitoring at no cost for a year to affected individuals.

The company said that to date there have not been reports of identity theft, but that it is notifying all potentially affected individuals “out of an abundance of caution.”  

The news about the incident came on the heels of comments from U.S. Federal Bureau of Investigation Director Chris Wray to Senate appropriators about how to persuade ransomware attack victims to cooperate with law enforcement.   

“If we don’t solve the riddle of how to get the private sector promptly transparently working with us – more more companies, I should say, are doing that all the time – but if we don’t make that sort of the norm, we’re going to have a heck of a time winning this conflict,” Wray said, according to reports.  


Unfortunately, the Wolfe Eye Clinic is far from alone in dealing with cybersecurity incidents.   

A report this month from Moody’s Investors Service found that cyber risk will likely remain high for the healthcare sector, leading to the potential for lost revenue, increased expenses elevated scrutiny.  

But the federal government is flexing its enforcement muscles – or preparing to, anyway.

Earlier this month, Reuters reported that the U.S. Department of Justice would elevate ransomware investigations to a priority level similar to that of terrorism.   

The Biden administration said it could even consider military action in response to cyber threats enabled by foreign nation-states.   


“Unfortunately, these types of cyber incidents have become all-too-common for health care providers of all sizes nationwide,” said Wolfe clinic’s Blin a statement. “We recognize the significance of this incident moved quickly to address it once we became aware of its occurrence.”  


Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: [email protected]
Healthcare IT News is a HIMSS Media publication.


Source link

22 states changed telemedicine laws during the pandemic


The Commonwealth Fund released an issue brief this week reviewing state actions to expindividual group health insurance coverage of telemedicine between March 2020 March 2021.  

It found that 22 states changed laws or policies during that time period to require more robust insurance coverage of telemedicine.

“If telemedicine proves to be a less costly way to deliver care, payers consumers may benefit from expanding coverage of telemedicine after the pandemic,” wrote report authors.  


In March 2020, federal regulators temporarily relaxed restrictions for telemedicine visits for Medicare patients, raising payments to the same level as in-person visits reducing cost-sharing, among other changes.  

Officials encouraged states insurers to provide similar flexibility under private insurance – many took that encouragement to heart.  

Of the 22 states that expanded access to telemedicine during the pandemic, the report found that most pursued changes via administrative action.  

“Use of executive authority allowed states to move relatively quickly during the crisis, though it has meant that the new telemedicine coverage requirements are temporary,” wrote the researchers. They noted, for example, that seven governors included specific telemedicine coverage requirements in executive orders, which will expire after the public health emergency.  

Some states used bulletins, notices, or executive orders from the department of insurance or a similar agency to enhance coverage.  

New legislation, which takes more time, but is necessary for permanent changes, passed in eight states.

Utah, Illinois, West Virginia, New Hampshire Massachusetts – which had not previously required coverage – changed their policies during the pandemic. At this point, 40 states require coverage.

These policies do not all carry equal impact. Eighteen states required coverage of audio-only services for the first time during the pandemic, bringing the total number up to 21. Four states eliminated cost-sharing for telemedicine services, three added a requirement that cost sharing not exceed in-person identical services. And 10 states newly required insurers to pay providers the same for telemedicine in-person visits.  

Report authors noted that insurers were cooperative with these changes, but longer-term adoption of policies like reimbursement parity “would likely be contentious.” They pointed out the states will need data to inform debates on how best to regulate telemedicine.  

In 2021, at least 30 states have weighed legislation that would revise telemedicine coverage standards, found the Commonwealth Fund.

Despite the known benefits of telemedicine, researchers also cautioned that it has not been equally beneficial to all patients.  

“Research shows telemedicine use is lower in communities with higher rates of poverty among patients with limited English proficiency, potentially undermining goals of expanding access to underserved communities exacerbating health inequities,” read the report.  


As the report notes, multiple states have implemented pro-telehealth policies to enable access during beyond the COVID-19 public health emergency. 

But a major question remains regarding federal legislation, which could fill in many state-by-state gaps prevent a so-called “telehealth cliff.”  

“If Congress does not act before the public health emergency ends, regulatory flexibilities that now ensure all Medicare beneficiaries maintain access to telehealth will go away,” said Kyle Zebley, director of public policy at the American Telemedicine Association, during a conference panel earlier this month.  


“Whether telemedicine reduces overall healthcare costs depends on how services are reimbursed if virtual visits reduce other services or simply add to utilization,” said Commonwealth researchers. “Having access to data can help stakeholders understhow longer-term expansion of telemedicine affects access, cost, quality of care.”


Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: [email protected]
Healthcare IT News is a HIMSS Media publication.


Source link

Using the cloud data life cycle to protect patient privacy


In an ideal world, technology would maximize individual benefits while also protecting privacy.   

But in practice, the pivot to digital-first healthcare has sometimes left personal information vulnerable to attack – as evidenced by the recent spike in targeting of health systems.

One example of this paradigm, says Dr. James Angle, product manager for IT services in information security, at Trinity Health, involves the migration of increased amounts of data to the cloud.  

“Before the use of cloud, PHI was stored either in the [health delivery organization’s] data center or a third-party data center,” noted Angle, who will be presenting on the subject at HIMSS21 in August.   

“With cloud, data is stored in multiple data centers in multiple jurisdictions,” Angle continued. “The increase [in] data storage locations gives attackers more targets.”   

“In addition, having multiple jurisdictions means more, as well as different, requirements. This adds complexity, which is the enemy of privacy security,” he added.  

During his HIMSS21 presentation, Angle will discuss the process of analyzing how an organization collects, uses, shares maintains personal identifying information, as well as how to best protect that information.   

“Ensuring privacy for our patients is a process that starts with privacy engineering includes conducting privacy risk assessments understanding the data life cycle,” he said. “If these processes are followed, we will enhance our ability to protect our patients’ information.”  

Angle will also explain how HIPAA’s privacy rule functions in the context of security information sharing.

“The purpose of the privacy rule is to give patients more control over their health information. The HIPAA Privacy Rule creates national standards to protect individuals’ medical records other protected health information,” he said. 

“Additionally, the privacy rule defines limits the circumstances in which an individual’s PHI can be used or disclosed by a covered entity or its business associates,” he continued.  

Returning to the matter of the cloud, Angle notes that the data life cycle gives the analyst a structured way to look at privacy.

“There are six phases in the cloud data life cycle: create, store, use, share, archive destroy. Each phase has different requirements issues that must be addressed,” he said.  

The “create” phase, which involves the generation or acquisition of new data or the modification of existing data, can be a useful example of this.  

“When personal data is collected, it is important to remember that the individual whose data is being collected has the right to know what data is being collected, what the data will be used for, if it will be shared,” Angle said. “The collector must obtain consent, which means asking users for permission to process their data.   

“Healthcare delivery organizations must explain their data collection practices in clear simple language, then users must explicitly agree to them. Additionally, it defines who can collect PHI/PII data map the data to access rights for everyone who has access,” he added.

Even as the cloud has enabled innovation, Angle notes that it also adds complexity to an organization’s data protection plan.   

“Data must not only be protected inside the HDO’s network but also in transit in the cloud,” he said. “The HDO needs to know where the data will be stored, who has access to the data, what controls are in place to protect the data.”   

“Using the data life cycle, the analyst can look at the requirements for each phase ensure the correct controls are in place to protect the patient’s privacy throughout the entire data life cycle,” he continued.   

“By using the data life cycle, you are answering who, what, when, why, how the data is treated in each phase. This will give you a clear picture of the data and, in turn, how to protect the data.  

“If you don’t have these answers, you cannot be sure you are fully protecting the data,” he said.  

James Angle will explain more in his HIMSS21 session, “Protecting the Privacy of Healthcare Data in the Cloud.” It’s scheduled for Tuesday, August 10, from 11:30 a.m.-12:30 p.m. in Caesars Forum 123.


Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: [email protected]
Healthcare IT News is a HIMSS Media publication.


Source link

AWS looks to digital health with new accelerator


Amazon Web Services (AWS) is creating a new accelerator aimed at the digital health space that will give 10 startups operating in the U.S. a four-week crash course in technical training and business development, includes a mentorship component.

AWS Healthcare Accelerator’s first cohort will be done in partnership with KidsX, a pediatric-focused digital health incubator that launched in September of 2020. However, the new AWS accelerator does not have a pediatric focus, companies in the accelerator program can cater to any patient population.

“The program is tailored to accelerate growth in the cloud, with a focus on solutions like remote patient monitoring, voice technology, analytics, patient engagement virtual care,” Sandy Carter, VP of partners programs for the worldwide public sector at AWS, wrote in a statement.

Carter said the accelerator will be looking for companies that “improve patient care, better health outcomes, lower cost of care.”

Applications are currently open close on July 23.

“Selected startups will receive AWS Promotional Credit, potential proof of concept opportunities with public sector healthcare customers, specialized AWS training, mentoring from healthcare domain technical subject matter experts, business development go-to-market guidance, investment guidance.”

Startups will also have a chance to collaborate with people inside the world of healthcare on everything from clinical validation to EHR integration.


Digital health startups are having their day in the spotlight, in part due to the global COVID-19 pandemic. In 2020, Rock Health reported a whopping $14 billion in digital health venture deals. That momentum has not appeared to have stopped. In April, Rock Health reported a record-breaking $6.7 billion in first-quarter funding for digital health companies.

But it’s not just investors who are turning toward digital, but also big tech companies, like Amazon. Google, Apple, Facebook Amazon have all rolled out new digital health-focused initiatives within the last year.

This new accelerator signals that AWS is looking to work with startups in particular train them to use its web service. In the release, Carter noted that during the pandemic, there was a significant decrease in healthcare utilization rates, which could lead to issues down the pipeline. This issue could create a place for digital tools, she noted.

“This places healthcare startups in the unique position of being able to quickly provide turnkey solutions that can use data analytics to identify high-risk patients, create a platform to remotely engage deliver care for patients, or even pivot from their existing functionality to meet the needs of public sector healthcare,” Carter said.


AWS isn’t new to healthcare. Just two months ago, AWS announced that it would distribute $12 million in computing credits expertise to cloud-powered disease detection diagnostic tools.

In 2019, AWS launched Amazon Transcribe Medical, an automated speech recognition service that lets developers add medical dictation documentation to their apps.

But Amazon isn’t the only software giant that has put resources toward cloud-based healthcare technology. Microsoft Cloud for Healthcare Google Cloud remain big competitors of AWS. Google Cloud has previously launched educational programs including the Healthcare Interoperability Readiness program, which helps providers with interoperability questions.


Source link

‘Strong’ IT teams behind Indonesia’s digital transformation


Indonesia, the world’s fourth populous nation, has been leveraging digital technologies to advance its healthcare system. During the “Building a Successful Digital Transformation Roadmap in Indonesia” webinar on 10 June, three hospital leaders in the country shared their strategies blueprints in implementing digital initiatives.

PT Siloam Hospitals CIO Ryanto Marino Tedjomulja, Mandaya Hospital Group President Director Dr Ben Widaja Dr Fathema Djan Rachmat, president director of Pertamina Bina Medika (Pertamedika) talked about the challenges the insights they gathered in the digital health journey of their hospitals.

Dr Joanna Pang, chief manager for Information Technology Health Informatics at Hong Kong’s Hospital Authority (HA), also contributed to the discussion with her experience in helping develop Hong Kong’s digital health ecosystem.

Dedicated teams to lead digital transformation

The first step in the digital transformation of Siloam Hospitals was the consolidation of data. Tedjomulja said they created a sole department to oversee this process which has led to the connection of all its 40 hospitals through one single system.

During this phase, all available data were brought together, such as those from patients, medications service expenses, in a single database to encourage clinicians staff to use data in decision making. “We use this data to drive culture transformation in Siloam; to be more data-driven,” he said.

A dedicated IT team was behind Pertamedika’s latest integrated hospital service system called One Solution System, according to Dr Rachmat.

She recalled that all 73 state-owned hospitals under the Indonesia Healthcare Corporation (IHC), the network operated by Pertamedika, used to run their own separate apps. Now, they are working with one solution that is user-friendly for doctors includes an end-to-end module from the dashboard to EMRs.

Dr Rachmat said she would not mind having an audience with their IT team to discuss, for instance, the latest software they are developing. She said the hospital leadership would provide the space they need.

In their digital health journey, she underscored the importance of getting everyone on board. “We make sure everyone understands the concept of digitalisation IT as well as the business processes of our hospital services”.

Also lately, the IHC tried out drone technology in delivering remote care evaluating its capacity to do long-distance implementations. In trying out such an innovative practice, not a lot of people were needed, Dr Rachmat said. “We just need to have a strong team making sure that everybody can implement this in their hospitals. We also make sure that a digital mindset is grown in the hospital”.

The trouble with systems integration

The Mandaya Hospital Group is set to open its newest digital hospital in West Jakarta this year. The construction of Mandaya Royal Hospital Puri (MRHP) started in 2018. It will be a 16-floor general hospital with centres of excellence in cardiovascular services, neurology oncology.

According to Dr Widaja, one of the challenges in opening a greenfield hospital is the lack of a base data set. “We have a brand-new team with zero data migration. This means [we] do not have an initial set of data. We need to build a lot of new things, [like] establishing a new database”.

Aside from starting from scratch, it will need multiple software which not a single vendor can all provide, he claimed. MRHP will need 13 software systems – seven for medical use six for non-medical operations. These, including an EMR, had to be sourced from different vendors abroad, such as in Europe, Malaysia Indonesia.

Still, what is important down the line is systems integration. “How do we combine collaborate all 13 software systems down to a single system for patient family experience, making sure that their experience is seamless, making sure that they’re not aware that we have 13 software systems in our system,” Dr Widaja said. The unified system must also be predictive, proactive, personalised, robust useful, he added.

In the case of public hospitals in Hong Kong, Dr Pang also thought that integrating a closed-loop system with clinical workflow was “really a challenging task”. It is one of those areas the HA is focusing on to support the network’s clinical operations. HA manages about 43 hospitals a hundred more clinics that serve 90% of all in-patients in the region.

“Us our IT colleagues, we spent quite a lot of time resources in establishing also expanding the mobile capability, the cloud service, [resolving] data issues because these are all interconnected, such that we can support our clinical operation the administration”.

In choosing the right systems, Dr Widaja said they have to weigh their options especially with vendors whose solutions require the adoption of their standard operating procedures. “Do those procedures match our needs? Can they customise according to our needs, the patients our clinicians’ needs?”

With having multiple systems, issues with communications arise. MRHP has set up a dedicated team to control communication.

Echoing Dr Rachmat, he also said: “We need to have a strong, internal IT team to lead these implementation integration phases”.

‘Mindset of innovation’

Tedjomulja said they had to go “back to the drawing board” during the second phase of Siloam’s digital transformation – the digitalisation phase. In entering this stage, they had to consider patients’ expectations first.

Digital initiatives during this phase include the launch of a mobile application for patients; a new clinical system to streamline administrative tasks; the use of robotics process automation technology to automate routine work, especially in their finance department, as well as analytics to draw insights.

Siloam’s digital transformation does not entirely end at the final stage. “We know that technology is always changing; it’s always updating,” Tedjomulja said. There also lies the challenge of encouraging people to adapt to changes.

That is why a “mindset of innovation” is needed to drive digitalisation, he stressed. “We need to be innovating at all times. We have to make sure that we are not left behind.” Among the present innovations at Siloam Hospitals is the application of remote patient monitoring to assist diabetic patients.

Dr Pang also agreed with Tedjomulja’s call. On its end, the HA has established its own AI lab where projects are made following an AI innovation process. Despite this effort, the hospital network has to deal with clinicians’ considerations, such as medical-legal concerns, safety issues, patient outcomes, in adopting the latest AI-powered solutions. “We [found] that it’s not easy to adopt AI solutions in clinical settings because clinicians will have their own considerations”.

But Dr Pang is certain about one thing: “AI will be one of the areas that we should look into because of the rising demfrom patients, limited resources manpower issues. We have to think about how to properly adopt AI to manage the upcoming healthcare challenges”.

For Dr Rachmat, digitalisation is not just “creating an app”.

“It means, in healthcare, we are changing everything. We are transforming our organisation through innovation, [changing] the culture the people by using technology,” she said.

One of the missions of Pertamedika’s IHC network is digital transformation, which for Dr Rachmat, also meant human transformation. “We don’t change just the media from paper to digital, but we’re actually changing people’s mindset culture how they work,” she said.

In 2019-2020, the IHC made efforts to consolidate its network ensure digital, business cultural transformations. For this year, they are seeking or adjusting existing EMR models across the hospital network so, by 2022 they can have a single EMR.

Dr Rachmat noted that the rate of digital adoption in Indonesia’s healthcare system is 10%, which represents a “large opportunity” for expanding digital transformation in domestic hospitals. COVID-19, she said, is one of those factors driving digital adoption.

Last year, the IHC implemented data integration interoperability to capture logistics data from all hospitals as the network worked to meet the needs of COVID-19 patients. This year, IHC plans to build a data infrastructure ahead of instituting business analytics optimisation in 2022. In 2023, IHC will expits digital ecosystem to include state-owned pharmaceutical firms via API sharing, the following year, it will focus on robotics development.

On his end, Dr Widaja said what is crucial in building a digitally-enabled hospital is the concept leadership, “making sure we have the right concept, how to plan it, we set the deadline target, how do we execute it. And we have to make sure leadership is able to drive implementation”.


Source link

1 1,504 1,505 1,506 1,507 1,508