Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

Final rule improves patient access to lab results

To help patients be more informed partners in their healthcare, the Department of Health and Human Services has issued a final rule that amends the Clinical Laboratory Improvement Amendments of 1988 regulations to allow laboratories to give a patient, or a person designated by the patient, his or her “personal representative,” access to the patient’s completed test reports on the patient’s or patient’s personal representative’s request.

Wisc. breach affects 42K

Nearly 42,000 members of a Wisconsin health insurance group have been notified that their protected health information may have been compromised following a HIPAA privacy breach.

Social media users open to sharing their data

Most (94 percent) social media users with health conditions said they would be willing to share their medical data with physicians to improve overall healthcare, provided that their privacy is protected, according to a discussion paper from the Institute of Medicine.

Lost computer puts 6,700 patients’ data at risk

The disappearance of a password-protected, unencrypted desktop computer from Phoebe Putney Hospital in Albany, Ga., prompted officials to notify 6,700 patients that their data may be at risk.

Malware cause of breach at Ohio medical supply firm

Edgepark Medical Supplies, an Ohio-based medical supplier, is notifying approximately 4,200 customers that their protected health information is at risk.

HITRUST launching cyber attack exercises

The Health Information Trust Alliance (HITRUST) will lead an industry-wide effort to conduct exercises to simulate cyber attacks on healthcare organizations. The results of CyberRX will be used to evaluate the industry’s response and threat preparedness against attacks and attempts to disrupt U.S. healthcare industry operations, according to an announcement.

Rodriguez to vacate OCR director post

The Office of Civil Rights soon will have an opening in its top spot.

GAO calls out CMS, other agencies for inconsistent data breach practices

A General Accounting Office report takes several federal agencies to task, including the Centers for Medicare & Medicaid Services, for inconsistently implementing policies and procedures when responding to a data breach involving personally identifiable information.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.