News highlights for Friday

February 6, 2015 | by

AnthemHealth didn’t encrypt, Blueprint Health collects, HealthSpot funds again, Sense4Baby goes to Europe, Apple Health pilots in hospitals and buddi gets bigger still.

Another hack attack claimed major US health insurer AnthemHealth, the former WellPoint. It’s estimated that 80 million of its customers, former customers and employees had data breached: names, addresses, dates of birth, emails, employment information, income, medical IDs and SSIs. The Wall Street Journal reports that Anthem didn’t encrypt data for analytics reasons. It’s unconfirmed where the hackers originated but Bloomberg’s latest report tags the usual Chinese state-sponsored suspects. Unusually, it was reported within days of discovery; Anthem has called in Mandiant (FireEye) to beef up its cybersecurity. Other reports: WSJ, Modern Healthcare….The Blueprint Health accelerator has a new initiative, the Collective. It is designed to pair up major healthcare providers and payers with startups and early stage companies. So far signed up are Aetna, AstraZeneca, HP, Montefiore, North Shore LIJ, New York-Presbyterian, Samsung, EmblemHealth, Philips and Razorfish Healthware. More information here….The HealthSpot Station telehealth/telemedicine kiosk is readying a $11.6 million funding round from four investors soon, based on (more…)

Staying up at night with telemedicine (and telehealth)

June 19, 2013 | by | 1 Comment

Our readers have many things which keep them up at night, including that extra taco, but René Quashie of leading healthcare/life sciences law firm Epstein Becker Green adds a few more to the list. While muddling telemedicine (remote consults) with telehealth (vital signs tracking and monitoring), he outlines the legal pitfalls (and consequences) that both are facing: non-compliance with state prescribing and licensure laws (physical examination requirements); lack of highly developed protocols and guidelines (liability exposure); lack of greater coverage and reimbursement by payers (low credibility=low/no pay); HIPAA compliance in privacy and security (lack of protection against unauthorized data access). However, how many of these have already experienced accomodation by state regulators, or have started to modify to follow regulations?  Awake yet? This is only Part 1. Things That Should Keep the Telehealth Community Awake at Night (Part 1) (TechHealth Perspectives/EBG blog) Hat tip to reader Ellen Fink-Samnick of Ellen’s Ethical Lens.

VA networks breached from overseas; 20 million records affected (US)

June 19, 2013 | by

Department of Veterans Affairs IT systems have been breached since 2010 by eight ‘nation-state-sponsored organizations’, affecting records of 20 million veterans, according to recent testimony in hearings held earlier this month by the House Veterans Affairs Oversight and Investigations Subcommittee. While the normal ‘hack’ is due to theft or an inside job for financial gain, these likely have a far more sinister nature. According to former VA Chief Information Security Officer Jerry Davis (now at NASA), the attacks continue from these countries, and according to Subcommittee Chairman Rep. Coffman, may include China and Russia. Testimony and evidence also revealed that those responsible for informing Secretary Shinseki may have understated the problem. The VA has certainly been taking its lumps with a Magic 8 Ball of late, with a derailed joint EHR project with the Department of Defense and wrangling on who’s leading integration [TTA 3 April; iHealthBeat]. VA Systems Hacked From AbroadWas VA Secretary Misled About Breaches? (HealthcareInfoSecurity)

Healthcare data breaches show 25% fraud risk: study

April 30, 2013 | by

For healthcare institutions, that data breach can really cost. Javelin Strategy & Research has been tracking the cost of data breaches, including healthcare, for the past ten years. Using its data across all their industries tracked (data here), the threat of identity fraud as of 2012 is up to 1 in 4, from 1 in 9  in 2010. In commenting on the big breach last year at the Utah Department of Health (780,000 records, TTA 22 Dec), a Javelin spokesperson has made some news by estimating the additional fraud cost at $406 million–and that is in addition to the estimated $9 million that the state has spent on security audits, upgrades and credit monitoring for victims.  Hackers seem to be more targeted than ever, but often even simple precautions are not taken–in Utah, the factory password to the server was never changed. A cautionary note–no, symphony–to developers and to HIT departments. Healthcare IT News, Salt Lake Tribune, Javelin release

Could iris scans be a solution? Biometrics makers, such as Safran, Fujitsu, AOptix Technologies and M2Sys Technology, are finding new customers in hospitals and large providers. HCA Holdings, the largest US for-profit hospital chain, is testing Eye Controls’ system at their private clinics in London. Medical ID theft is also a problem in the UK, with ‘shame-based theft’ (to conceal an illness) and private billing the given reasons. Iris scanning units cost about $200-300–a moderate cost. According to the World Privacy Forum, iris scanning will rule out hacking, but not ‘inside jobs’–progress of a sort. But an open question is how this integrates into current EHRs. Iris Scans Seen Shrinking $7 Billion Medical Data Breach (Bloomberg)  Editor’s note: The Gimlet Eye is…envious.