Hackers hit another Blue Cross, put 10.5 million members at risk (Breaking)

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2015/02/Hackermania.jpg” thumb_width=”150″ /]BREAKING NEWS This time the data breach is at Excellus Blue Cross Blue Shield, which covers upstate New York (Rochester-Syracuse area). It was discovered by Excellus on 5 August but dated back to 23 Dec 13, and reportedly has compromised members’ names, addresses, telephone numbers, Social Security numbers, financial account information and in some cases sensitive medical information. According to the AP/NBC, it also breached other divisions of Excellus and the corporate parent, Lifetime Healthcare: Lifetime Benefit Solutions, Lifetime Care, Lifetime Health Medical Group, The MedAmerica Companies and Univera Healthcare. The source of the hack has not yet been determined.

Excellus joins fellow BCBS members Anthem [TTA 11 Feb], soon to be merging with Cigna, with 80 million; Premera Blue Cross [TTA 24 Mar] with 11 million, Care First with a ‘bag o’ shells’ 1.1. million [TTA 2 June]. The pattern has been such that the national Blue Cross Blue Shield Association (BCBSA) announced in July that it will offer all 106 million of its members identity protection starting next January. (Note for our mathematicians: Anthem has millions of non-BCBS members) Chinese hackers are suspected in the Anthem breach.

FierceHealthPayer broke the story, in this Editor’s estimation, to the healthcare trade area. Rochester Democrat & Chronicle. Excellus message to policyholders. The NBC/AP report also has a video interview with Eugene Kaspersky of the eponymous anti-virus software (and whose Kaspersky Lab was also a hacking victim earlier this year)

Updated via the Rochester Democrat & Chronicle:  FireEye is becoming the ‘go-to’ security company for health organization breaches–Excellus hired them in the wake of the Anthem breach and they discovered the vulnerability facilitating the breach.

Unnerving mergers (US-UK); DoD’s EHR picked; EHRs & AMA

Blues feeling Blue about…The Anthem-Cigna merger, finalized last week (but yet to be approved by the US and likely the UK Governments as Cigna issues policies there), gives them bragging rights over the Aetna-Humana merger and Optum/United Healthcare in their covering of 53 million US lives as the largest US health insurer. Unnerved is the Blue Cross and Blue Shield Association, of which Anthem is a part of with the Anthem and Empire Blue Cross plans plus others in a total of 14 states. But Anthem also competes with ‘the Blues’ in 19 additional states where it markets under a non-Blue brand, Amerigroup, primarily for Medicare and Medicaid (state low-income coverage). Many of the Blues are non-profit or mutual insurers; many are partial or single-state, like Independence, Capital and Highmark (PA/DE/WV) in Pennsylvania and Horizon Blue Cross of New Jersey. Their stand-alone future, not bright since the ACA, now seem ever dimmer in this Editor’s long-time consideration and that of Bruce Japsen writing in Forbes. Also Morningstar considers Anthem’s overpaying and the LA Times overviews.

Walgreens Boots Alliance, another recent merger of quintessentially American and British drug store institutions, named as its interim CEO Stefano Pessina. He previously ran Alliance Boots prior to the merger and is the largest individual shareholder of WBA stock with approximately 140 million shares, so one cannot call it a surprise. At a youthful 73 (see video), one assumes he also takes plenty of Walgreens vitamins and uses Boots No 7 skin care. Forbes.

Updated: The big EHR news is the US Department of Defense announcing the award of its Defense Healthcare Management System Modernization contract this week. At 10 years and $11 billion, even giant EHRs went phalanxed with other giant government contractors to face DOD: Epic with IBM; Cerner with Leidos, Accenture and Intermountain Healthcare; Allscripts with Computer Sciences Corp. and Hewlett Packard. Certainly there will be ‘gravitational pull’ that affects healthcare organizations, but the open and unanswered question is if that pull will include the far nearer and immediately critical lack of interoperability with the Veterans Health Administration’s (VA) VistA EHR. The Magic 8 Ball reads: Hazy, try again later.  Leidos/Cerner announced as winners close of business Wednesday 29 July. 

In other EHR news, US doctors vented last week on how much they hate the @#$%^&* things to the American Medical Association‘s ‘town hall’ in Atlanta. Bloat, diminished effectiveness, error, getting in the way of care due to design by those without medical background presently prevail. The AMA’s Break the Red Tape campaign asks CMS to “postpone” finalizing Stage 3 Meaningful Use (MU) rules so that it can align with new payment/delivery models. Better yet, they should buy thousands of copies of Dr Robert Wachter’s book [TTA 16 Apr] and drop them on every policymaker’s desk there, with a thud. Health Data Management 

“Who do I call?” when the cyberalarm goes off

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2015/02/Hackermania.jpg” thumb_width=”175″ /]A top read for the weekend is this short article by Gillian Tett in the FT on the lack of coordination in the US in not only protecting systems from cyberattack, but also the lack of coordination between public and private sectors in protection–and when something does go wrong. As Henry Kissinger famously said about Europe when various crises loomed, ‘who do I call?’

Indicators of a gathering storm are everywhere:

* Wednesday’s hours-long, still unexplained outages at the NYSE and United Airlines. (The Wall Street Journal website going down for a bit was the topping on the jitters)

* A joint report from Cambridge University and Lloyds insurance group, also released Wednesday, estimated that a hack shutting down the US electrical grid would create $1 trillion in damage. (more…)

“The data security fault, dear Brutus, is not China, but in the company org chart”

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2015/06/Org-chart1.jpg” thumb_width=”150″ /]Mansur Habib, PhD and cybersecurity strategist, formerly CIO for the Baltimore City Health Department, proposes that any data breach analysis should start first with a hard look at the organizational chart. If the CIO or the chief information security officer (CISO) doesn’t report directly to the CEO, the executive clearly does not place priority on IT and data security, treating it as a cost center to be restricted; in his words, they do not ’embrace cybersecurity risk as business risk’. In his 2013 doctoral research in 2013 and subsequently, Dr Habib observed that about half of US HIT and cybersecurity heads report to the chief financial officer (CFO) or some other executive like a CAO (administrative). His withering take on most CEOs are that they are more concerned with stock price (more…)

Kickstarting the 1st week of summer: news from all over

No deal yet between insurer giants. Cigna turned down a $53.8 billion bid from Anthem. According to Healthcare Finance, concerns ranged from corporate governance problems, their membership in the Blue Cross Blue Shield Association, the probable chairman’s (from the Anthem side) qualifications and data security (ahem!). Given that Anthem’s 60 million record breach was an inadvertent inside job [TTA 11 Feb], the last is perfectly understandable. But the door appears to be open for the emollient of additional money (to mix a metaphor). Extra: a tart take on this from the WSJ…..Jaguar is looking to increase driving safety by reading your brain waves to detect if you are distracted or daydreaming, via sensors embedded into the steering wheel. It’s based on technology used by NASA and the US bobsled team. They are also working on mood enhancing lighting and a predictive system to speed your interactions with the dashboard to minimize eyes off the road. But will these detect if you feel good to be bad, as their adverts say? Gizmag….The FT gets into digital health via business, profiling startups such as Lyra Health, Genomics England and Heartflow, as well as 23andme and Google X (including the glucose-detecting contact lens we profiled 18 months ago. Hat tips to Eric Topol and David Doherty (mHealth Insight) via Twitter….The NY Times looks at the dark side of ‘senior independence’ with a group of NYC homebound seniors, but other than tut-tutting the desire of older mainly limited income New Yorkers to remain in familiar surroundings, our ‘national celebration of independence’ (!) and not to be institutionalized (their words), the article doesn’t offer much in the way of solutions. And solutions are badly needed for the nearly 2 million over 65 who rarely or never leave their homes, because not all of them will be in assisted living. Hat tip to Joseph Coughlin of MIT AgeLab via Twitter…. But in Australia, they’re exploring ‘future proofing’ and ‘dignity enabling’ homes for an aging population to make them more livable and accessible, via landscaped ramps, larger bathrooms, and sensor rich floors that connect to gait tracking and analysis. Smart Homes 2.0. Sydney Morning Herald…..Neil Versel over at his new MedCityNews stand reports on Doctor On Demand‘s test of tablet-based medical kiosks adjacent to the pharmacy department at four Wegman’s grocery stores here in the Northeast. Is Weis Market far behind?….And Fitbit has a bit part in ‘Law and Order’…well, not the TV show in perpetual reruns, but in a real-life case in Lancaster County, Pennsylvania which is not all Amish farms, black carriages and the so-called Amish Mafia. The police used Fitbit activity data to determine that a local resident (and Fitbit wearer), who claimed she was raped by a stranger, staged the crime scene with overturned furniture, a knife, and a bottle of vodka in her home. ABC27 News via David Lee Scher.

A ‘Game of Thrones’ analogy to potential health insurer mergers

The Wall Street Journal has likened the merger action pending among America’s largest insurers to the series ‘Game of Thrones’, said thrones occupied by Aetna, Cigna, Humana, UnitedHealthcare and Anthem. These more aptly remind this Editor of the final stages of airline deregulation, except that none are in a non-medieval bankruptcy court. Their actions reflects the payers’ urgent concerns that now is the time to reinforce a national presence, that revenues in a Obamacare environment (well, we’ll see the effect of that US Supreme Court subsidy decision due imminently) can do nothing but go down and that Medicare Advantage, commercial accounts, health system relationships (ACOs) and health IT systems are the place to be. What is missing: the fate of those independent, state and regional Blue Cross-Blue Shield (collectively, the ‘Blues’) which are not part of Anthem, many of which are ‘non-profit’ (note the quotes); the positive effect of competition on pricing and a fair consideration of the negative effects of monopoly. Ah, but there are no flung axes, regicide or poisonings to be found here. The real theme of ‘Game of Thrones’ is the effect of the powerful on the powerless (we the insured), which the WSJ writer doesn’t address…..Insurers Playing a Game of Thrones (if you hit a paywall, search on the title)

Do startups truly threaten the ‘healthcare establishment’?

Or are successful startups fitting into their game? Chris Seper in MedCityNews paints the picture of one side of a quandary. The ‘healthcare establishment’ fundamentally and to its detriment does not understand and is threatened by the startup and innovation process. A startup may begin with an idea which is, in his words, ‘almost always flawed, sometimes deeply’. If the founders are smart, they will test their ideas, validate them and change them appropriately. If not, they will fail. But it is easier for the Establishment to point at the most egregious of the bad ideas and use them to rationalize the status quo.

But being congenital contrarians, we paint the house on the other side of the street. Has the Establishment caught up with–or in some cases, co-opted startups, making them and their funders ‘do their diligence’ and be more cautious before emerging? This Editor would argue yes, and largely for the better.

**The ‘Wild West’ days are over. A few years ago, a truly bad or deeply flawed health tech idea or could easily find funding, because it was all blank slate, new and ‘transformative’.The sexiest hooks were Quantified Self, sleep, employer health incentives, interactive coaching, genomics, app prescribing and (last) wearables. A lot of founders imagined themselves as the Steve Jobs of Healthcare, down to the black turtleneck. Now there is a history of success and failure. The railroads reached the dusty frontier towns.

**There’s now a ‘Startup Establishment’. National accelerators (more…)