Healthcare organizations under siege from cyber attacks, study says
Add this to the list of things to freak you out: Healthcare organizations of all kinds are being routinely attacked and compromised by increasingly sophisticated cyber attacks.
A new study set to be officially released Wednesday found that networks and Internet-connected devices in places such as hospitals, insurance companies and pharmaceutical companies are under siege and in many cases have been infiltrated without their knowledge.
The study was conducted by Norse, a Silicon Valley cyber security firm, and SANS, a security research institute. In the report, the groups found from September 2012 to October 2013 that 375 healthcare organizations in the U.S. had been compromised, and in many cases are still compromised because they have not yet detected the attacks.
In addition to getting access to patient files and information, the attackers managed to infiltrate devices such as radiology imaging software, conferencing systems, printers, firewalls, Web cameras and mail servers.
"What's concerning to us is the sheer lack of basic blocking and tackling within these organizations," said Sam Glines, chief executive of Norse. "Firewalls were on default settings. They used very simple passwords for devices. In some cases, an organization used the same password for everything.
"A decent percentage of these firms could have been eliminated from the data set if basic network and security protocol had been followed," he added.
The surge in attacks comes as hospitals and doctors across the country are using more and more medical devices that are connected to the Internet in some fashion. It's part of the broader trend known as the "Internet of Things" in which a growing range of devices are being fitted with sensors and Internet connections.
In addition, more patient information is being placed online, in part through the growing network of federal and state health insurance exchanges.
"The pace at which technology has allowed our devices to be connected for ease of use has allowed for a larger attack surface," Glines said. "More vigilance is required."
But as the report found, there are often not enough security measures taken to protect these connected devices.
As a result, patient information and privacy can be compromised.
But another troubling aspect is that once attackers gain access to these devices, they can use them to launch attacks on other devices.
Indeed, the report tracked the origin of some of the malicious traffic coming out of medical sites that had been hacked:
"The findings of this study indicate that 7% of traffic was coming from radiology imaging software, another 7% of malicious traffic originated from video conferencing systems, and another 3% came from digital video systems that are most likely used for consults and remote procedures."
In following the trails of this malicious traffic, Norse found detailed information about the layouts of hospitals and specifications of various lifesaving equipment.
Glines said the vulnerability can be addressed in many cases. But still, he's worried that healthcare providers may not move quickly enough.
"It's going to accelerate as we have more and more connected devices," Glines said. "With more healthcare information coming online, it becomes more valuable and therefore a richer target. We expect to see an uptick of breaches related to healthcare. It’s sort of a perfect storm."
Read the full LA Times story here
Return to the table of contents
Group says tax on medical device makers has cost jobs
The medical device industry’s major trade group says that a new tax on revenue cost the industry 33,000 med-tech jobs in 2013.
The Advanced Medical Technology Association — AdvaMed — based its conclusion on a survey of members conducted late last year. Thirty-eight companies — about 15 percent of AdvaMed’s membership — responded to the survey, and AdvaMed “generalized” those results across the entire industry to determine that approximately 14,000 industry jobs were cut and companies deferred hiring of another 19,000 workers.
A dozen companies that responded to the survey said they had cut spending on research and development as a result of the new 2.3 percent tax on gross revenue, and four said they had expanded overseas operations as a result of the tax.
Congress approved the tax to help pay for national health care reform. It is expected to raise $29 billion over the next decade, but device makers were projected to recoup part of the tax in the form of increased business generated by patients who are newly insured by the Affordable Care Act.
Not everyone agrees with the industry that the tax will have ugly effects. A survey of 3,800 managers of medical device companies worldwide by the consulting firm Emergo Group, for example, concluded that the device tax’s impact was “not as severe as predicted.” Half of those responding said they “did not make significant changes” in response to the medical device tax.
Paul Van de Water, a senior fellow at the Center on Budget and Policy Priorities who spent 18 years at the Congressional Budget Office, said the AdvaMed survey has a relatively small sample size.
“We know that the medical device industry is going through turmoil,” Van de Water noted. “But there’s a tendency to blame all the industry’s problems on the tax.”
Repealing the device tax is the U.S. medical device industry’s No. 1 priority, AdvaMed officials said during a press call to release their survey.
“The tax is bad for patients and innovation,” AdvaMed’s CEO Stephen Ubl said.
“Companies are not able to pass this tax on, and they aren’t experiencing a windfall from expanded coverage.”
Members of the U.S. House and Senate from medical technology-rich Minnesota made repeal a centerpiece in budget talks and legislation last year. But the tax remains on the books.
Newly installed Senate Finance Committee Chairman Ron Wyden, D-Ore., offers fresh hope to the device industry. Unlike his predecessor, recently retired Sen. Max Baucus, D-Mont., Wyden voted to kill the device tax during last year’s budget negotiations.
A majority of House members have signed on to a bill to kill the tax, sponsored by Republican Rep. Erik Paulsen of Minnesota’s Third Congressional District, home to several of the state’s med-tech companies.
But finding an alternative funding source to replace money lost in the device tax’s repeal has proved elusive.
AdvaMed officials said Tuesday that they don’t believe finding another revenue source is their job.
“In the first and last instance, it’s something policymakers should be able to address,” said AdvaMed board chairman David Dvorak, who is president and CEO of devicemaker Zimmer Holdings Inc.
Read the full article from The Star Tribune here
Return to the table of contents
Voalte and Motorola Solutions to offer Android-based mobile communication to hospital caregivers
Voalte the leader in healthcare communication technology, today announced a strategic relationship with Motorola Solutions, Inc. (NYSE: MSI) to support the Android version of Voalte One, the company’s mobile communication platform for hospital caregivers.
Voalte will offer customers the Motorola MC40-HC, the first multi-purpose mobile computer for healthcare. The device improves care coordination while incorporating inventory management capabilities in a touch-based, consumer-like device running on the Android operating system. Voalte chose Motorola’s MC40-HC healthcare-grade mobile computer for its stability, enterprise durability and built-in barcode scanner. The device provides a sustainable platform for the healthcare environment, including robust Wi-Fi connections that keep staff connected, security features that help meet patient privacy requirements, and remote management of devices and applications. The MC40-HC will support the Voalte One application, which combines voice calls, alarm and alert integration, and secure text messaging.
“Our strategic relationship with Motorola Solutions and expansion to the Android client are a testament to the growing demand for secure communication in healthcare,” said Trey Lauderdale, Founder and President of Voalte. “We’re thrilled to take the next step with Motorola to continue improving care coordination and enhancing the overall patient experience.”
In addition to an increasing demand for smartphones, hospitals are adopting barcode medication administration (BCMA) in an effort to reduce medical errors, improve patient safety and comply with government regulations. The MC40-HC is equipped with a 2D barcode scanner for point-and-scan simplicity when administering medication, eliminating the need for multiple devices.
Read the full PR Web news release here
Return to the table of contents
UM startup AlertWatch gains FDA clearance to sell patient monitoring software
AlertWatch Inc., a University of Michigan startup, has gained U.S. Food and Drug Administration clearance to sell its patient monitoring software to hospitals.
AlertWatch helps anesthesia providers monitor patients in the operating room. The software aggregates data from physiological monitors, anesthesia records, lab results and medical history to produce a dynamic real-time display of a patient's condition.
The system continually analyzes the data and helps determine whether things are normal, marginal or abnormal (green, yellow and red colored icons).
"We've had a lot of interest from clinicians who have seen the demo. Now that we're over the FDA hurdle, it'll be great to get the product into their hands " said AlertWatch CEO Justin Adams. The company gained clearance this month.
Adams said preliminary data from analyzing more than 17,000 surgeries at U-M Health System comparing operations using AlertWatch with those not using it was presented at the recent meeting of the Society of Technology in Anesthesia. The initial data show promising results for the AlertWatch system.
Ann Arbor-based AlertWatch was founded in 2012 by U-M professor and anesthesiologist Dr. Kevin Tremper, chair of the Department of Anesthesiology.
"Forty years ago, we used the familiar wavy lines—EKG, heart rate and blood pressure—to monitor our patients," Tremper said. "Today, we're still using the same wavy lines, but we have all of this other patient information digitized and available. I wanted a tool that helped put all of that background patient information in context with everything else going on live in the operating room."
The founding team also includes Dr. James Bagian, a veteran astronaut and faculty member in both industrial engineering and anesthesiology. His research has focused on patient safety, including as the founding director of the National Center for Patient Safety and the first chief patient safety officer for the Veterans Health Administration.
"The problem is pretty straightforward," Bagian said. "The amount of data being produced for each patient is increasing, the complexity of care is increasing and the number of people involved in that care keeps going up, but the practitioner's ability to process all of the data remains fairly constant."
In addition to pilots running at the University of Tennessee and University of Vermont, Adams said the company hopes to kick off installations at several large U.S. hospitals. AlertWatch also hopes to raise venture funding in 2014 to support sales and further R&D.
"AlertWatch has made impressive progress in their regulatory requirements and is a great example of the digital health opportunities from the university," said Ken Nisbet, associate vice president of U-M Tech Transfer. "Congratulations to the entire team."
Read the full AlertWatch news release here
Return to the table of contents
Apple looking at cars, medical devices for growth
Apple Inc is looking at cars and medical devices to diversify its sources of revenue as growth from iPhones and iPads slow, according to a San Francisco Chronicle report.
Apple's head of mergers and acquisitions, Adrian Perica, met with Tesla Motors Inc founder Elon Musk at the company's headquarters last year around the same time analysts suggested that Apple acquire the Model S electric car maker, the newspaper reported on Sunday, citing a source.
The company is also exploring medical devices and sensors that can help predict heart attacks by studying sound blood makes at it flows through arteries.
The company's senior vice president of operations, Jeff Williams, has met with U.S. Food and Drug Administration chief Dr. Margaret Hamburg and Dr. Jeffrey Shuren, who oversees the agency's approval for medical devices, to discuss "mobile medical applications," the paper reported, citing FDA records.
Apple could not be reached for comment.
Rival Google Inc recently bought thermostat maker Nest Labs for $3.2 billion, robot maker Boston Dynamic and artificial intelligence startup DeepMind Technologies Ltd. The company has also been working on projects including Google Glass and self-driving cars.
Investors hope that Apple, which last came out with a new device - the iPad - in 2010, has something up its sleeve for 2014. Speculation currently revolves around a smartwatch or even a long-rumored TV product.
Apple is expected to launch the iPhone 6, a mid-range smartphone, and may also launch wearable devices such as iWatch, in the second half of the year.
Others say Apple can use its huge iPhone and iTunes base to get into mobile payments or advertising.
Apple reported lower-than-expected iPhone sales for the holiday shopping quarter and gave a weaker-than-expected revenue forecast. The company has been ceding ground to Samsung Electronics Co and other rivals in China, its No. 2 market.
Read the full report from Reuters
Return to the table of contents
Last few days to register for HIMSS pre-conference The Linking Technology and Supply Chain: Cost, Quality, and Outcomes
Don't miss the opportunity to attend the HIMSS and AHRMM associations co-sponsored pre-conference on "The Linking Technology and Supply Chain: Cost, Quality, and Outcomes". The pre-conference symposium is being held Sunday, February 23, 2014, 8 AM to 4 PM, at the HIMSS14 conference at the Orlando Convention Center.
This session is important for any healthcare professionals working in healthcare IT, supply chain, revenue cycle management. Including medical device UDI's in EMR's is essential to patient safety. The sessions by industry experts will give you and your IT and supply chain staff the information your organization needs to move forward.
By attending you can earn 7 CMRP Credit/Contact Hours. The pre-conference symposium will explain the potential for the supply chain to provide the data necessary to achieve better costs, quality and outcomes. Visit here for the brochure.
The symposium includes a series of in-depth sessions led by industry experts. As healthcare moves from a fee-for-service to a fee-for-value environment, the supply chain can provide the critical needed data to help healthcare systems meet the requirements and objectives of healthcare reform: better quality at a more affordable cost.
In this day-long symposium, attendees will participate not only in a critical dialogue to gain a greater understanding of the data supply chain can provide around care delivery performance and outcomes but also identify ways to align these key functions in supporting overall organizational objectives in this era of change.
Speakers include -
Opening Keynote: The Healthcare IT Imperative
John Glaser, PhD, CEO, Health Services, Siemens Healthcare
Tapping the Supply for Better Cost, Quality and Outcomes
Christopher J. O’Connor, President, GNYHA Ventures, President, Nexera, Inc., Chair, AHRMM
Kathy Schwartz, Product Manager, Craneware
Dee Donatelli, SVP Provider Services, Hayes, Inc., President, AHVAP
The Health IT-Supply Chain Link
Paul Helmering, Vice President, Technology, Information & Business Solutions, Roi
Terrie Reed, Medical Device Safety Consultant, Office of Chief Medical Officer, Office of the National Coordinator for Health IT
The Supply-Chain IT Connection in a Value-based Environment
Mary Beth Briscoe, CFO, UAB Health System
The IT Connection: Health IT as the Connector Across the Enterprise
Paul Helmering, Vice President Technology, Information & Business Solutions, Roi
Lana Makhanik, Vice President Business Development, VUEMED
Suzanne Alexander-Vaughan, Director, Product Management, Implantable Supply Chain, GHX
Moderator: Nancy Pakieser, Director, Product Marketing and Business Development, TECSYS
Closing Keynote: The Accountable IT Professional:
Ensuring Supply Chain Best Practices
Leigh Anderson, COO, Premier, Inc. ITS
As a source of essential data, the supply chain is well-positioned to help hospitals and health systems understand the analytical aspects of outcomes reporting that leads to its ability to deliver better quality at a more affordable price. The C-suite and healthcare IT team need to collaborate with supply chain in order to get valuable data into electronic medical records.
Stay for the whole HIMSS14 conference and save $300 today as an AHRMM Member- But this discount expires today, Monday, January 27th so register now. Don't miss this opportunity to see latest developments in healthcare technology in one location.
Also at HIMSS14 - Don't miss the Special Interest Group (SIG) Supply Chain annual meeting onTuesday, February 25, at 7:00AM - 8:30 AM in Room 209B at the Orange County Convention Center. We will be discussing the latest information on the UDI Legislation recently learned from Terrie Reed, associate director, informatics, FDA Center for Devices and Radiological Health, who is currently on temporary detail as medical device safety consultant to the Chief Medical Officer, Office of the National Coordinator for Health IT.
This meeting will explore potential requirements to document UDIs in electronic health records as part of meaningful use stage 3, as well as other applications including: Point of Use/Care Capture; Charge Capture and Reimbursement; Purchasing; Contracting; Payment;Inventory Management; Adverse Event Reporting and Recall Management; Comparative Effectiveness; and more.
Return to the table of contents