Weekend news roundup: Teladoc adds to Primary360; Novartis, Medtronic support UK digital cardiac startups; Bluestream adds PrimaryOne Health; NoKo ransomware threatens healthcare; more Fed scrutiny on telehealth Rx, billed time may be coming

July 8, 2022 | by

Teladoc had some positive news this week with additions to Primary360, its new primary care service for the provider/payer market. It added in-network referrals and care coordination capabilities, free, same-day prescription delivery from Capsule, and in-home, on-demand phlebotomy from Scarlet Health. The release notes that about half of patients fail to pick up their prescriptions. In addition, Priority Health, a nonprofit health benefits company serving Michigan, has added Primary360 to its fully insured virtual first plan design for employers. FierceHealthcare

Some good news from the UK in a time of government upheaval. Novartis is supporting cardiac digital health startups through the Novartis Biome UK Heart Health Catalyst 2022. This investor partnership is to identify and scale innovations for non-invasive lipid testing and at-home blood pressure testing using software as a medical device. Partners in support are Medtronic, RYSE Asset Management and Chelsea and Westminster Hospital NHS Foundation Trust and its official charity CW+. Successful applicants will receive support from partners during the competition process, the opportunity of investment up to £3 million provided by RYSE Asset Management, subject to due diligence at RYSE`s discretion, access to the Novartis Biome UK eco-system located in White City, and opportunities to work with our NHS partners to set up and deliver a pilot evaluation of the winning innovation. Applications must be in by 31 August–form is here. FierceBiotech

Bluestream Health adds PrimaryOne Health. Bluestream provides a white-labeled customized virtual care service that will be integrated into PrimaryOne’s services. This medical group of 11 community healthcare facilities across central Ohio serves 48,000 patients with primary care, OB-GYN, pediatric, vision, dental, behavioral health, nutrition, pharmacy, physical therapy, and specialty care.  Release

North Korea’s Maui Ransomware is no Hawaiian vacation. The threat has built enough since May 2021 for the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) to release a joint Cybersecurity Advisory (CSA) on Thursday warning healthcare and public sector health organizations. It is state-sponsored North Korean malicious cyber activity. The CSA provides a sample of how it executes, what it targets, how it encrypts files, and how to respond. Hackermania, NoKo Style, is Running Wild with breaches piling up [TTA 7 July], and not only in healthcare. Healthcare Dive, Healthcare IT News

And in Dog Bites Man News, a former US assistant district attorney for Massachusetts predicts that Federal entities such as the Department of Justice (DOJ) may not stop with telemental prescribing. They will not only be ramping up their scrutiny of telemental health companies–but also telehealth billing. For Cerebral and Done Health that facilitate the prescribing of Schedule 2 drugs, this assumption of scrutiny has become a no-brainer. What it also is: a caution for mainstream telehealth providers such as Teladoc and Amwell charging into psychiatric telehealth.  But the former ADA, Miranda Hooker, now a health sciences area partner with Troutman Pepper in Boston, makes a broader prediction. Prosecuted telehealth fraud, as this Editor has noted, has grown in other areas, such as prescriptions for durable medical equipment (DME) billed to Medicare [TTA 6 May] and cardiologists moonlighting as Dr. Mabuse, Master Cybercriminal [TTA 19 May]. But the next frontier may be time-specified telehealth consults billed to Medicare under various CPT codes (e.g. 994XX). A 15-minute consult billed as a more lucrative 30-minute consult can be considered fraud. The Cerebral investigation, according to Hooker, marks a shift by the DOJ into investigating the actual provision of telehealth services and whether they are being billed properly. FierceHealthcare

Dry the tears: WannaCry stymied, North Korea hackers suspect. Is this a poke for a worse attack?

May 16, 2017 | by | 1 Comment

Breaking News This morning’s (Tuesday 16 May) news is about reputable security organizations–Kaspersky Lab and Symantec–connecting the dots that lead for now to a North Korea-linked hacking organization, the Lazarus Group. This group has been identified in previous hack attacks and is based upon WannaCry code appearing in Lazarus programs. US Homeland Security has admitted seeing the same similarities, but all are working to gain more information.

Lazarus has been previously identified as the source of the 2014 Sony attack and the theft of $81 million from the Bangladesh central bank, again linked to fundraising for North Korea for its missiles, army, EMP and nuclear arming while its terrorized people starve. However, this attack was a flop; according to US Homeland Security, about $70,000 was raised in ransom. The Homeland Security spokesman also distanced the NSA from the original information which targeted weaknesses in Microsoft’s systems.

According to reports, WannaCry disproportionately affected Russia, Taiwan, Ukraine and India, according to Czech security firm Avast. No US Federal government systems were affected. China on Monday reported that it attacked traffic police and school systems.

The Telegraph has posted a speculative list of 34 NHS organizations which suffered IT failure during the WannaCry attack. The article includes a map produced by MalwareTech that geographically spots the infection locations; the Boston to Washington corridor is a sea of blue dots. And…Marcus Hutchins has been identified as the young UK tech working for Kryptos Logic who redirected the attacks by buying a domain embedded in the WannaCry code. How it worked, according to PC World, is that if the malware can’t connect to the unregistered domain, it infects the system. By registering the domain and creating a page for the malware to connect to, he stopped the malware spread. (Video in Telegraph article)  Also FoxNews

But is this a prelude to more and worse? Is this testing our preparedness? If so, we’ve been found wanting on an enterprise level with vulnerable systems and administrators not updating their software and OS. George Avetisov, the CEO of HYPR, a biometric authentication company, in The Hill, summarized it neatly today: “We’ve also learned the hard way that, simply through a coordinated phishing attack on unsuspecting users, hackers can disrupt the day-to-day activities of enterprises that provide communications, travel, freight and healthcare administration simply by remotely deploying malware.” He then goes on to praise President Trump’s executive order (EO), “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” which he signed on Thursday–right before all this began. As if in confirmation…ShadowBrokers, the group that hacked the NSA files, today announced the availability of a subscription to a ‘members only data dump’ like a Wine of the Month Club. Watch out, banks and healthcare, it’s open season! NHS, better pay attention to another kind of hygiene–cyberhygiene. Without it, plans for patient apps and data sharing will go sideways–and deserved fodder for Dame Fiona [TTA 10 May]. The Hill  Earlier coverage here