News roundup: 4.3M HealthEquity member data breach, CrowdStrike health fallout, more Congress pounding of VA/Oracle; Flo app now unicorn (UK), fundings for Clarapath, CoachCare; AvaSure buying Ouva

July 31, 2024 | by

Health savings account (HSA/FSA) provider HealthEquity had a three-month breach that compromised 4.3 million member accounts. The breach originated with an undisclosed third-party vendor, in a pattern that has become familiar. According to HealthEquity’s filing with the Maine attorney general (though HQ’d in Utah), the breach occurred in that vendor’s “unstructured data repository” at HealthEquity, outside of their core systems, after the hacker stole the password out of a vendor user account. Unfortunately for HealthEquity, the hack that started in March wasn’t discovered until 26 June, giving the hacker free rein in that database for three months. What’s surprising is that the breach wasn’t worse.

HealthEquity is a third-party administrator for companies of FSA/HRA, Commuter, COBRA, and Lifestyle plans.

The Maine AG filing states that information stolen may include customer names, addresses, phone numbers, their Social Security number, information about the person’s employer, benefit type, diagnoses, prescription details, the person’s dependent (if any), and some payment card information. With HealthEquity claiming 15 million+ members, the breach affects a substantial 29% of its membership. Actions they are taking are to notify members and provide them with credit monitoring services through Equifax with a reference guide. HealthEquity notification page, TechCrunch, HealthcareITNews

CrowdStrike’s antivirus software update that went waaaay sideways continues its fallout. As most know, it happened when they pushed an update and patch to Falcon, a cloud-based anti-cyber attack product that uses AI to detect intrusions. Well, Falcon’s AI wings were fractured on that 19 July push where testing was apparently lacking. BSOD became their new thing. What made the news was the devastating effect on 8.5 million Windows devices, only about 1%–on Delta Air Lines’ aircraft scheduling and the shutdown of many systems such as 911 and police within cities and states, but apparently a curtain was drawn around the healthcare bed. EHRs were affected at major systems such as Kaiser Permanente, Providence, Henry Ford Health, Nationwide Children’s Hospital, the Dana-Farber Cancer Institute, Mass General Brigham, RWJBarnabas Health, Penn Medicine, and Seattle Children’s Hospital, causing postponements of medical procedures. At Providence, it totaled 15,000 of the organization’s servers, as well as about 40,000 of its 150,000 computers. It was the equivalent of a cyberattack without being a cyberattack. According to industry analyst Parametrix, US Fortune 500 companies (excluding Microsoft) lost a total of $5.4 billion. MedCityNews

With this kind of devastation, it’s no surprise that these companies and the government are rethinking their approach to cloud computing. They’re very concerned about the oligopoly of three providers: Google, Microsoft, and Amazon. Microsoft has 40% of the cybersecurity market with CrowdStrike 15% concentrated in larger organizations.“We’re reaching the point where over-centralization makes us less ‘healable,’ and less resilient,” Robert Thomas, owner of cybersecurity company 180A Consulting said. “We’re losing our resiliency as a nation.”  Systems are still not back up and neither is the CrowdStrike stock. Rumors do persist that they were hacked. Epoch Times   Microsoft also published a recovery tool for IT administrators to expedite the repair process. FierceHealthcare

The House Committee on Veterans’ Affairs Subcommittee on Technology Modernization hearing on 22 July had some further flak-gathering from committee members. Most of the criticism concentrated on the joint MHS/VA rollout at Lovell Federal Health Care Center and the amount of work it required to get the Oracle Cerner EHR to work mostly right. While VA and Oracle leaders insist that Lovell went better than anyone expected, the resources used at Lovell cannot be duplicated at the remaining VA facilities. VA is already facing a $15 billion shortfall for FY 2024 and 2025. The Lovell center had a persistent problem in processing prescriptions, with 60% going unfilled. In member Sheila Cherfilus-McCormick (D-Fla.) words, “I think we are far from ready to endorse further go-live activities. The two departments threw more resources at this go-live than will ever be available at any future VA facility.” Healthcare Dive  Earlier coverage TTA 24 July

The UK women’s health app Flo is now a unicorn. Their Series C of $200m (£156m), funded solely (and unusually) by General Atlantic, put them at a valuation of over $1 billion. Their total funding is $275 million. Two General Atlantic executives will be joining Flo’s board, Tanzeen Syed, managing director, and Jessie Cai, principal. Flo helps users track ovulation and menstrual periods, enabling calendaring of fertility, and monitoring of over 70 symptoms. It also assists with pregnancy health guidance. The raise will be used to expand into new user segments including perimenopause and menopause. Its current base is 70 million monthly active users (MAUs) and close to 5 million paid subscribers. Flo is marketed in 66 countries, including the US, India, Indonesia, and Nigeria, with centers in Lithuania and the Netherlands.  Release, UK Tech News

Funding/M&A wrap:

Clarapath, a medical robotics developer based in White Plains, NY, scored $36 million in a Series B-1 funding round from Northwell Ventures with participation from new investors Ochsner Ventures, CU Healthcare Innovation Fund, and Mayo Clinic. Clarapath automates pathology lab work. Its SectionStar platform sections biopsy tissue with improved accuracy. It is pre-revenue with a total of $75 million in funding. Axios, Mobihealthnews

CoachCare, a remote patient monitoring/virtual health monitoring developer for practices and health systems, added $48 million in an unlettered venture round funding led by Integrity Growth Partners with participation from Topmark Funding. The platform combines software and connected devices with outreach for RPM, chronic care management, and other virtual care for about 150,000 patients. Funding to date is $49 million. It has acquired four companies in the past year: NVOLVE, CareSpan Health, Alertive (formerly part of Carbon Health), and WebCareHealth. Release, Mobihealthnews

Another virtual care company, AvaSure, is acquiring Ouva’s smart hospital room solutions. Ouva has been partnering with AvaSure to supply AI-enhanced care automation technology. The acquisition will expand the ambient AI capabilities of AvaSure’s Intelligent Virtual Care Platform and double in-house AI engineering resources. AvaSure’s primary market is hospitals. Ouva will continue as a separate company with its pediatric and wayfinding business. Cost is not disclosed. Release, HIStalk 7/31

Can expanding telehealth help VA solve veteran access crisis?

May 18, 2016 | by | 1 Comment

The Department of Veterans Affairs (VA) has been both one of the largest US users of telehealth in various forms–and widely criticized for practices including veteran patient wait lists for care, a lack of accountability, a scheduling system full of problems, an ancient EHR (VistA), and an inability to meet interoperability and modernization goals set over years. Telehealth is, in fact, one of VA’s bright spots with store-and-forward imaging, clinical video telemedicine and home telehealth.

At the American Telemedicine Association ATA 2016 meeting Monday, Under Secretary for Health and VA Chief Executive Dr. David Shulkin noted that the crisis has pushed VA into other options for achieving the goals set for the end of year: every VA medical center provides same day primary care services and same day mental health services. One area of focus is telemental health. Dr Shulkin announced in his plenary speech the opening of five new Mental Health Telehealth Clinical Resource Centers this summer, located in Charleston, Salt Lake City, Pittsburgh, and a consortium of facilities in Boise, Seattle, and Portland, Oregon. West Haven, Connecticut is already open as a specialty hub focused on the most severe and complex mental health issues, such as chronic depression and bipolar disorder. Other VA telemedicine initiatives include kiosks and text messaging to help with medication adherence and chronic condition management. (We’ve reported on their partnering with nhssimple to develop ANNIE, a sister of NHS’ Flo in text messaging to encourage patients in their health monitoring, TTA 2 Dec 15.)

VA delivered 2.1 million episodes of telehealth care last year (FY 2015), in 45 specialty areas of care, including 400,000 telemental health visits. They also reduced bed days by 56 percent, reduced readmissions by 32 percent, and decreased total psychiatric admissions by 35 percent, maintaining high user satisfaction scores at 89 percent.

Dr Shulkin also noted that four generations of veterans are served by VA–WWII, Korea, Vietnam and Desert Shield through current Iraq/Afghanistan–and all four have different delivery requirements. He closed with what is, for VA which has been very proud of their ‘home grown’ solutions from the time of Dr Adam Darkins in the early 2000s on, something unusual: “We’re looking to learn, we’re looking to work with all of you who are innovating to help take better care of veterans.” (Next on tap: the award of the next five-year round of home telehealth providers, which is presently down to two Grizzled Pioneers, Medtronic (Cardiocom) and Viterion.) MobihealthnewsVA press release

Flo and ANNIE: text messaging with a personality to improve health (UK/US)

December 2, 2015 | by

Flo–the Florence Simple Telehealth text messaging system–is well known to our UK Readers as a successful initiative of the NHS. Over the past five years, starting from a test with NHS Stoke on Trent, it has been used by more than 30,000 people in over 70 health and social care organizations to help them monitor their health in areas as diverse as managing diabetes, living with COPD and managing breast feeding. Flo is customized by the clinician for the individual patient on questions, information, and speaks to the patient with a sometimes sassy ‘voice’ to help keep him or her on track. The Health Foundation has spotlighted Flo (named after Florence Nightingale) in ‘The Power of People’ with an overview page here and the video ‘Telehealth with a human touch’.

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2015/12/1109151630.jpg” thumb_width=”150″ /]nhssimple, a Social Enterprise is now tasked with developing the Flo program and since 2013 has partnered with the Veterans Health Administration in the US to develop a counterpart. Named ANNIE after Lt. Annie G. Fox, Army Nurse Corps, who was the first woman awarded the Purple Heart for her actions at Pearl Harbor, the VA is shortly testing it at four sites with intent to roll out nationally in 2016. This Editor has seen two presentations by Neil Evans, co-director of VHA connected health, in 2014 and this year at mHealth Summit (HIMSS Connected Health–see left). The Health Foundation video also includes an interview with Dr Wyatt Smith, prior Deputy CIO of the US Military Health System, and mentions the VHA. Hat tip to Phil O’Connell, Global Lead of nhssimple, for the update.

Widespread remote GP consultations getting closer; no shortage of implementation advice

February 10, 2015 | by

Following our previous item on the topic, on January 16th, Tim Kelsey made it very clear to this editor at a PICTFOR event that the £1b promised to GPs for premises improvement included a strong requirement that GPs also invest in electronic support, including remote consultation technology.

It is therefore particularly pleasing to see in yesterday’s Pulse Today, an item on a Skype trial in Central London that both patients and GPs seem to love. Some key quotes:

Almost all patients surveyed about their experience of the remote consultation service said they ‘would use it again’ (95%).

Although patients were warned that ‘the security of Skype isn’t 100%’, 83% also said (more…)