News roundup: DDoS attacks may be ‘smokescreen’, DEA slams Truepill with ‘show cause’, telehealth claims stabilize at 5.4%, Epic squashes patent troll, Cerner meeting exits KC, MedOrbis, Kahun partner on AI intake

December 22, 2022 | by

Readers won’t get out of 2022 without one last cybercrime…article. DDoS attacks–distributed denial of service–escalated worldwide with Russia’s invasion of Ukraine in February. (Ukraine and military aid is a hot topic this week with President Zelenskyy’s visit to the US and Congress speech.) Xavier Bellekens, CEO of Lupovis, a cybersecurity company and a cyberpsychologist (!), postulates that DDoS attacks, as nasty as they are, may be a smokescreen for far more nefarious and damaging attacks. While IT goes into crisis mode over the DDoS, other attacks and information gathering on systems preparing for future attacks are taking place. Russian cyber groups focus on large organizations and move down the line into the most vulnerable, using both manual and automated approaches. Worth reading given the vulnerability and IT short staffing in healthcare organizations. Cybernews

The fallout from Cerebral and Schedule 2 telehealth misprescribing expands. The Drug Enforcement Agency (DEA) issued a ‘Show Cause’ to online pharmacy Truepill for inappropriate filling of ADHD Schedule 2 medications, including Adderall. A ‘Show Cause’ order is an administrative action to determine whether a DEA Certificate of Registration should be revoked, which could put Truepill out of business. The red flag for the DEA: 60% of  Truepill’s prescriptions–72,000–filled between September 2020 and September 2022 were for controlled substances, including generic Adderall. Truepill was Cerebral’s primary mail order provider, though they also used CVS and Walmart. The company stopped filling Cerebral’s ADHD prescriptions in May 2022.

In the order, the DEA cites that “Truepill dispensed controlled substances pursuant to prescriptions that were not issued for a legitimate medical purpose in the usual course of professional practice. An investigation into Truepill’s operations revealed that the pharmacy filled prescriptions that were: unlawful by exceeding the 90-day supply limits; and/or written by prescribers who did not possess the proper state licensing.”

The company stated in an emailed statement that they were fully cooperating with the investigation. If it does move to a hearing, Truepill’s chances of a successful defense are statistically low.

Truepill also fills prescriptions for Hims & Hers, GoodRx and Mark Cuban Cost Plus Drug Company. It was valued in its 2021 funding round at $1.6 billion. Companies in telemental health and prescribing of Schedule 2 ADHD medications, such as Cerebral and Done Health, are under enhanced scrutiny over their business practices [TTA 1 June]. Mobihealthnews, DEA press release, HISTalk, Digital Health Business & Technology

Telehealth medical claims stabilize. FAIR Health’s latest reports for August and September report that the percent of medical claims coded as telehealth are back up to 5.4%. June and July dropped slightly to 5.2% and 5.3% respectively. Also steady are that the vast majority of claims are for mental health services. In September, they were 66% of diagnoses far ahead of ‘acute respiratory diseases and infections’ at 3.1%. In procedure codes, psychotherapy accounts for over 43%.

A patent troll Epically bites the dust. Back in the early to mid-2010s [TTA’s index here], patent trolls (technically non-practicing entities which have no active business) presented a significant threat to early and growth-stage health tech companies. One, MMR Global (which apparently no longer exists), was notorious for buying up EHR and PHR-related patents and then filing patent infringement lawsuits against both small and large healthcare organizations with similar patents–and their users–that were generally monetarily settled. But NPEs are still active. One in south Florida, Decapolis Systems, used the same techniques as MMR Global had, suing in this case multiple Epic customers for patent infringement. Epic not only defended its customers but also sued Decapolis in the US District Court, Southern District of Florida. The court found that both Decapolis patents were invalid, ending what Epic termed ‘vexatious patent litigation’. Decapolis had successfully sued 24 other entities, including other EHRs, which settled. Owned by an inventor, this company will have to find another line of honest business. Epic release, Thomson Coburg

Oracle’s message to Kansas City: no more Cerner meetings for you. And maybe more. Cerner’s site for its annual customer/partner conference since 2007 has been in Kansas City, attracting about 14,000 visitors. Not only will it be integrated into Oracle CloudWorld in Las Vegas, 18-21 September, it’s been retitled Oracle Health with no mention of Cerner. The loss to local KC business is substantial–estimated to be in the $18 million range. While it’s logical to integrate it into the massive CloudWorld conference, it’s also another message to KC after Oracle’s sudden real estate downsizing that Cerner’s presence there will shrink…and shrink..as it’s absorbed into Oracle Health, and further confirmation that the Cerner name is gradually being sunsetted. KansasCity.com, HISTalk

A new (to this Editor) specialty care telehealth company, MediOrbis, is partnering with Kahun for an AI-enabled digital intake tool. This is a chatbot capable of conducting an initial medical assessment. Based on the patient’s answers and Kahun’s database of about 30 million evidence-based medical knowledge insights, it provides a summary for the physician before the telehealth visit and highlights areas of concern. Mobihealthnews  MediOrbis also has partnered with remote care/engagement Independa to add its capabilities to Independa’s HealthHub on their LG TVs.

Thursday legal news roundup: Oscar Health accused of IPO securities fraud; Venezuelan cardiologist moonlights as cybercriminal, faces slammer; Change Healthcare sues former employee now at Olive AI

May 19, 2022 | by

To use a cliché, what a difference a year makes. In March 2021, insurtech Oscar Health successfully raised $1,4 billion in its IPO with shares at $39. Heady times didn’t last long, with shares tumbling to $5.67 as of this writing. Now the shareholder lawsuits have begun, with the complaint stating that negative effects of COVID-19 on Oscar’s business were not disclosed, specifically the growing cost of the pandemic on testing and treatment costs they would cover, and “Oscar would be negatively impacted by an unfavorable prior year Risk Adjustment Data Validation (RADV) result relating to 2019 and 2020 [and] that Oscar was on track to be negatively impacted by significant SEP membership growth”. The lack of forward-looking disclosure at an IPO is a violation of the Securities Act. The initial lawsuit has been filed in the US District Court for the Southern District Court of New York by shareholder Lorin Carpenter. Multiple law firms have invited shareholders to join in the suit — example from PR Newswire. Also named in the suit are Oscar Health co-founders CEO Mario Schlosser and Vice Chairman Joshua Kushner, plus several investment banks.

Oscar started the year with a Q1 loss of $0.36 per share versus an estimate of a loss of $0.40, but this is less than half of last year’s loss of $0.98 per share. They are also exiting the Arkansas and Colorado markets in 2023. Healthcare Dive

Cardiologist, master cybercriminal, a new Dr. Mabuse? Accused of the creation, use, and sale of ransomware is one Venezuelan doctor and practicing cardiologist, Moises Luis Zagala Gonzalez, a dual citizen of Venezuela and France. The charges by the Department of Justice (DOJ) in the Eastern District of New York also detail his “extensive support of, and profit sharing arrangements with, the cybercriminals who used his ransomware programs.” SaaS can’t hold a candle to the RaaS–ransomware-as-a-service–operation he created to sell what he dubbed ‘Thanos,’ allegedly named after a fictional cartoon villain responsible for destroying half of all life in the universe. Turns out that Iranian state-sponsored hackers and fellow ransomware designers really liked it too. If convicted, he faces 10 years in Club Fed–five years for attempted computer intrusion, and five years for conspiracy to commit computer intrusions. Designing criminal software really does test the limits of moonlighting. DOJ release, TechCrunch

Change Healthcare sues former employee at competitor Olive AI. While their merger with UnitedHealthcare is tied up in the US District Court in DC [TTA 23 Mar], Change Healthcare is not letting any courtroom grass grow under their feet. They are suing a former employee, Michael Feeney, with violating the non-compete clauses of his employment contract. The suit was filed in Tennessee Chancery Court, its HQ state. Mr. Feeney has countersued in his state of residence, stating that the non-compete violates Massachusetts law. He was VP, strategy and operations at Change handling physician revenue cycle management. At Olive AI, he is currently SVP, provider market operations. Information is a bit scarce on this and the free article this Editor has found reads machine-translated. If you have access to the Nashville Post or Modern Healthcare it’s probably more decipherable.

As to the lawsuit affecting non-competes due to the tight labor market–don’t count on it. It’s a conflict between the state the company is in enforcing non-competes, versus a state which restricts (or negates) them that is the former employee’s state of residence and work. What wins out will be the interesting part and affect many of us in the US.

Summertime, and the ransomware is running wild (updated)

August 24, 2016 | by

Mashing up our summer ‘tune’ list are the latest reports on ransomware attacks and data breaches:

  • Banner Health’s odd breach of 3.7 million records, first testing their café credit cards then entering their patient information systems, is leading to at least one class-action lawsuit. HealthITOutcomes, Becker’s Hospital Review
  • Bon Secours Health System of Maryland had a exposure of 655,000 records when a business associate of Bon Secours left patient information exposed online for four days while it adjusted its network settings. Healthcare Dive
  • The Locky ransomware has been battering hospitals since the beginning of August, with phishing emails spiking on August 11. Most of this global strike is attacking healthcare, with transportation and telecom running second; countries with the highest frequency of attacks are US, Japan, and South Korea, FireEye reports. ZDNet
  • Solutionary, now NTT Security, which specializes in cybersecurity services, reported last month that 88 percent of all ransomware detections in second quarter 2016 targeted healthcare. However, Cryptowall, not Locky, was the killer ransomware they spotted, accounting for nearly 94 percent of detections. Release
  • Can you anticipate cyber crimes like these? ID Experts has an intriguing blog post on how you can think like a cyber thief. Part One of a promised three-part series. Updated: ID Experts disclosed earlier this week that it spun off RADAR, its two-year-old IT security and compliance company, effective 2 Aug, with a $6.2 million Series A funding. It appears that the CEO wrote the check (CrunchBase).  There’s gold in dem dere cyber varmints! MedCityNews  Release
  • Scared enough? The Federal Trade Commission comes to the rescue with a half-day seminar on ransomware detection and prevention in Washington DC on September 7. The session is free and will be webcast (details to come). FTC release, event page