News that class-action specialist law firms won’t like. States are considering limiting hospital cyberattack liability if they adopt cybersecurity measures. Currently, four states–Tennessee, Connecticut, Ohio, and Utah–have laws that curb liability for cyberattacks and data breaches. A fifth state, Florida, is considering it with the governor, Ron DeSantis, pushing for a tougher version to encourage strong cybersecurity adoption. The state lawmakers’ rationale centers on the admission that cyberattacks on hospitals are inevitable and that when hospitals have security in place, they are not negligent. On the opposite side, law firms that specialize in consumer class-action lawsuits argue that hospitals would rather profit than put into place expensive protection for consumer data.
This Editor’s view tends to be even stronger than that of Governor DeSantis. How can state regulators actually know that a hospital has strong, effective cybersecurity? Hospitals not only have to spend money to constantly update their monitoring, but also have to hire the humans to implement it. In other words, what people or agency on the state level can assess that a hospital or health system has adequate cybersecurity in place and is acting in good faith to protect consumers against predatory data breaches or ransomware? The article in Politico is unfortunately very scant on how these laws work, the liability limitations, and the mechanisms for judging hospital cybersecurity. More to come on this. Also DataBreaches.net–this Editor’s go-to spot for research.
A North Korean ransomwareiste indicted, but he’ll be hard to serve if convicted. A grand jury in the Federal District Court for the District of Kansas has indicted Rim Jong Hyok of ransomware attacks on 17 hospitals and systems across 11 states plus attacks on government entities from May 2021 through April 2023. The US Department of Justice (DOJ) charge is that Mr. Rim was working for the North Korean intelligence agency, the Reconnaissance General Bureau (RGB), in a cyberhacking group known as Andariel. Andariel developed the Maui ransomware type and used it to attack healthcare and governmental entities. The ransoms collected from the hospitals were then used to fund cyber attacks and data exfiltration on government agencies, military bases, and multiple companies supporting the US military. The State Department is offering a reward of up to $10 million to locate Rim and others infiltrating US systems. It is highly unlikely that even with a conviction, Rim will serve any US time, but a conviction could initiate sanctions and other national measures. FierceHealthcare, US District Court indictment, US State Department ‘Rewards for Justice’ release
Walmart gives Humana a crack at reopening in-store clinics. After their well-publicized failure in retail health, Walmart is leasing out nearly half of their former Supercenter clinics over to Humana’s CenterWell healthcare services operation. By first half 2025, 23 of the 51 closed Walmart Health clinics in Florida, Georgia, Missouri, and Texas will convert to CenterWell Senior Primary Care and Conviva Care Centers. The focus will be on senior coordinated care with a staff of board-certified physicians, nurse practitioners, medical assistants, social workers, and other staff. Clinics are planned for Tampa/St Petersburg, Orlando, Jacksonville, Atlanta, Dallas/Fort Worth, and Kansas City. Medicare Advantage plans and Original Medicare will be accepted, though no mention is made of the ‘duals’ who are on both Medicare and Medicaid. Walmart will continue to operate pharmacy and optical locations. The CenterWell/Conviva network at present serves 318,000 seniors in about 300 centers across 15 states. Financial terms of the agreement were not disclosed. In retrospect, they should have done this several years ago. CenterWell release, MedCityNews
Another revival–the Nuro robot vehicle delivery service. Some years back, these driverless cars were envisioned to carry everything from pharmacy deliveries to groceries to prepared food, but the robot vehicles had problematic fully autonomous driving software that proved to be unsuitable for crowded urban areas as well as satisfactorily retrofitting or specially designed EVs. Now in another AI-assisted generation with the R3, about 100 retrofitted Toyota Priuses able to go up to 45 mph will be tested in the California Bay Area in Mountain View, Palo Alto, Los Altos, and Menlo Park. Other vehicles to be upgraded to the new software are from Chinese EV manufacturer BYD, which has become famous for exploding cars in its home market. Timing after the California Motor Vehicle approval now is set for Uber Eats deliveries in test in early fall. TechCrunch
Telemental health fundings continue on a roll with Spring Health. Their $100 million Series E has increased their valuation from $2.5 billion to $3.3 billion. This round was led by Generation Investment Management with participation from existing investors, including Kinnevik, William K Warren Foundation, RRE, and Northzone. Their $71 million Series D was in drought-ridden April 2023. Their total funding now is $466.5 million. Spring Health’s concentration is in mental health support and care management as part of employer benefits and for payers, covering 10 million lives through 450 directly contracted employers, strategic payer relationships, and 27,000 groups that access the solution through a channel partner. As noted in Rock Health’s H1 report [TTA 30 July], the competitive telemental health category still leads by far as the most funded clinical category, with about $700 million in raises, over double that of cardiovascular and oncology, and will likely surpass 2023. Release, Mobihealthnews, FierceHealthcare
Most Recent Comments