Search Results for data breaches

AliveCor v. Apple latest: Federal court tosses AliveCor suit on heart rate app data monopolization

...the HRPO. The AliveCor argument in the 2021 lawsuit was that Apple should have made the earlier algorithms available, and that Apple violated California’s Unfair Competition Law. Apple’s argument was that the HRNN was more accurate, this was a genuine improvement that provided better data, and that third parties had no right to interfere in Apple’s design and business decisions. Since it was a summary decision, we do not know the details of Judge White’s reasoning. AliveCor’s full statement, provided by AliveCor, is: AliveCor is deeply disappointed and strongly disagrees with the court’s decision to dismiss our anti-competition case and... Continue Reading

Another icy bucket: who is liable when a healthcare AI system fails?

...in a buyer’s market, for terms that minimize purchasers’ liability risk. Licensing agreements should, for instance, require developers to provide information necessary for effective risk assessment and monitoring, including developers’ assumptions regarding the data that models will ingest, processes for validating models, and recommendations for auditing model performance. Purchasers should also insist on favorable terms governing liability, insurance, and risk management in AI licensing contracts–in other words, indemnification. If developed in-house, ensure that you have adequate insurance to cover claims. Apply lessons learned from older forms of decision support. Courts examine whether the recommendation was evidence-based and whether the physician... Continue Reading

Sell NHS medical records to fund AI, biotech? Not quite what’s in the Blair-Hague report. (updated)

...#2 is the point making the headlines in the Independent and Sky News. The reports do not explain that the sale of the NHS medical records would be done through the NHSDT. It would negotiate data-sharing agreements with external organizations and be capable of joining profit-sharing arrangements, while guarding that data would not be sold to third parties and be strictly anonymized. The plain language of the recommendation: “Provide research entities with access to the anonymised data in return for financial profit, which would benefit the NHS. This could happen via a range of mechanisms, varying from direct financial payment... Continue Reading

23andMe data breach may have targeted those of Jewish and Chinese heritage; company valuation crashes (updated)

23andMe’s hole gets deeper. And deeper. As more dots are connected on their data breach–and financial situation. Part 1: The data breach that exposed 6.9 million records at genetic testing and data company 23andMe isn’t only being fought in the courts as to who to blame (customers recycling already corrupted passwords versus a site vulnerability to brute-force hacking). It appears the hackers had specifically targeted people with Chinese or Ashkenazi Jewish heritage. Worse, 23andMe is not addressing that. The evidence was there as early as October. 1 October: an unknown person posts on the 23andMe subReddit that they had customer... Continue Reading

2023’s global cyberattack disaster: healthcare #3 in weekly attacks, 10% of organizations ransomwared–report

...Rather than being content with encrypting data and demanding bitcoin for its release, the hyper version is now data theft followed by extortion campaigns threatening public disclosure of the stolen data, such as by MOVEit and GoAnywhere. Not mentioned here is another vector–business associates and vendors, using ‘social engineering’ tactics to steal passwords and other secure information to gain access into the larger system [TTA 24 Jan] 10% of global organizations were targeted by a ransomware attack, up 3 percentage points from 2022 Healthcare again was above average, #3 with 12% of organizations experiencing attacks. Government/military was #2 with 16%... Continue Reading

Short takes: Humana’s big MA loss (updated); Medicare telemental care bill back in Senate; HHS releases cybersecurity performance goals; Texas Healthcare Challenge hackathon 23-24 February

...directly address common attack vectors against U.S. domestic hospitals as identified in the 2023 Hospital Cyber Resiliency Landscape Analysis. As noted earlier this week, there were 116 million patient records exposed in 2023 data breaches, doubling that in 2022. HHS means well, but this is another ‘blood out of a rock’ situation. Health IT departments all over the US, from providers to payers, have had or are facing layoffs in the ongoing clash of business versus technology, which won’t cease because HHS would like it to. HealthcareDive, HealthcareITNews, The Texas Healthcare Challenge Hackathon is back! After three years dark, this... Continue Reading

Midweek updates: Walgreens may sell Shields Health after 2 years; Ventric Health’s home cardiac RPM; Singapore military medical corps upgrades PACES 3 EMR

...five minutes–two minutes for the data collection and about a minute for the analysis, can evaluate patient heart failure. The portability of the system eliminates a lot of care barriers to cardiovascular health by being more accessible to clinicians and patients in non-hospital settings, reduces time wasted on initial diagnosis, improves support of diagnosed patients, and promotes better outcomes. Healthcare IT News The Singapore Armed Forces (SAF) Medical Corps upgraded its EMR for the first time in a decade. The SAF’s Patient Care Enhancement System 3 (PACES 3) runs both the Sunrise EMR system and the newly implemented Altera Opal... Continue Reading

News roundup: Bright Health now NeueHealth; breached patient records double, RCM as vector for hacking; Amazon’s CCM marketplace; JPM reflects the new reality; fundings for Vita Health, Turquoise, CardioSignal

...be few. As to the bills coming due for CMS liabilities and debt owed to New Enterprise Associates now that JP Morgan has been paid…not a word. We continue to hand it to Bright, now NeueHealth, for the Best Gordian Knots in Healthcare. Release, Healthcare Dive Patient records exposed in data breaches doubled in 2023 versus 2022. According to an analysis by cybersecurity firm Fortified Health Security of HHS’ Office of Civil Rights (OCR), which tracks data breaches, in 2023 there were 116 million patient records exposed, topping the over 100 million of 2015, with over 655 breaches, a decrease... Continue Reading

Got a data breach? Blame the victims like 23andMe did!

23andMe wished its breached customers Happy New Year by putting the blame…on them! The hacking that started with 14,000 records and grew to exposing the records and personally identifiable information (PII) of 6.9 million users, about half their customer database, has spawned over 30 class action lawsuits in the US, plus lawsuits in Ontario and British Columbia, Canada. 23andMe, in their responses to law firms and on their blog, told lawyers and users–not unexpectedly–that the data breaches were due to 23andMe users recycling log in credentials, such as passwords, that were used on other–breached–websites, and failed to update them on... Continue Reading

Short takes: ransomware op BlackCat busted by FBI, websites shut–for now; health systems lay off IT staffers; retailers collecting way too much PII including health

...numbers), characteristics of protected classifications (like marital status, ancestry, and disabilities), commercial information (like purchase history and property records), and audio/electronic/visual information (like video and/or audio recordings of consumers). Walmart, CVS, and Walgreens additionally collect Social Security numbers, union membership status, and sex-life data. Their apps collect 15 to 20 data points, such as exact location, personal data, financial data, health and fitness, messages, photos and videos, audio files, files and docs, app activity, web browsing, app info and performance, device or other IDs Users can opt out of some of these, but most do not. And some go to... Continue Reading