Health-care sector vulnerable to hackers, researchers say

From the Wall Street Journal article by Robert O’Harrow Jr. titled Health-care sector vulnerable to hackers, researchers say

“As the health-care industry rushed onto the Internet in search of efficiencies and improved care in recent years, it has exposed a wide array of vulnerable hospital computers and medical devices to hacking, according to documents and interviews.

Security researchers warn that intruders could exploit known gaps to steal patients’ records for use in identity theft schemes and even launch disruptive attacks that could shut down critical hospital systems.

A year-long examination of cybersecurity by The Washington Post has found that health care is among the most vulnerable industries in the country, in part because it lags behind in addressing known problems.

“I have never seen an industry with more gaping security holes,” said Avi Rubin, a computer scientist and technical director of the Information Security Institute at Johns Hopkins University. “If our financial industry regarded security the way the health-care sector does, I would stuff my cash in a mattress under my bed.”"

Insurance dependents can face special challenges on privacy

The article,  ”Insurance dependents can face special challenges on privacy” by Michelle Andrews, recently posted in The Washington Post details the liabilities insurance dependents could come in contact with as a result of HIPAA regulations and insurance billing. “The privacy rule of the federal Health Insurance Portability and Accountability Act (HIPAA)… generally prohibits the unauthorized disclosure of individuals’ medical records and other health information. But there’s a catch. Health-care providers and insurers can generally use such information when trying to secure payment for treatment or other services.” This can be a big problem for dependents undergoing sensitive treatments such as substance abuse programs, care and treatment for sexually transmitted diseases, contraception, and mental health support because the bill can be submitted to the policy holder with the treatment outlined in full depending on state law.

Be informed about your state law and insurance policy and ensure your privacy!

  • “Under federal privacy regulations, patients can request that insurers not disclose confidential information or ask that they send it to an address of their choosing. Insurers are required to comply if not doing so would endanger the patient, says English — for example, if disclosure might pose a threat of domestic violence.”

Doctors order more X-rays, not fewer, with computer access

This excerpt is taken from Lena H. Sun’s article in the Washington Post National: Doctors order more X-rays, not fewer, with computer access.

“In the debate over the high cost of health care, federal policymakers have always claimed that one way to cut costs is for doctors to use electronic medical records and other information technology. Doing so, they say, avoids duplication and saves money.

But new research suggests that may not be the case.

Doctors who have easy computer access to results of X-rays, CT scans and MRIs are 40 to 70 percent more likely to order those kinds of tests than doctors without electronic access, according to a study to be published in the March issue of the journal Health Affairs.

“On average, this is comparing doctors who had electronic medical records and those who didn’t,” said lead author Danny McCormick, a physician and assistant professor of medicine at Harvard Medical School.

Researchers say the findings challenge a key premise of the nation’s multibillion-dollar effort to promote the widespread adoption of health information technology.

“This should give pause to those making the argument,” McCormick said. Instead of saving money, that effort could drive costs higher, he said.”

Is football worth surrendering genetic privacy for generations?

The NCAA mandated testing 170,000 athletes for the sickle cell trait because of a lawsuit following the death of a freshman in 2006. See the Washington Post article: Sickle cell testing of athletes stirs discrimination fears

The NCAA apparently did not consider the effect of testing on students’ future employment, even though carrying the sickle cell trait has long been a cause of discrimination.

Better training and monitoring of athletes could help prevent the deaths of athletes with other health problems besides the sickle cell trait, and prevent exposing athletes’ entire families to discrimination.

Quotes:

  • for decades blacks were stigmatized by sickle cell because they carried it far more commonly than whites, marking them as supposedly genetically inferior, barring them from jobs, the military, insurance and even discouraging them from marrying and having children.
  • Since 2000, as many as 10 Division I college football players who had the trait without knowing it have died suddenly following workouts.
  • “What doesn’t exist is scientific data to support the screening,” said Elliott Vichinsky, director of hematology-oncology at Children’s Hospital in Oakland and director of the Northern California Sickle Cell Center. “There are a lot of other people at risk for heat-related illness from exertion.”
  • The best solution, they argue, would be better monitoring, training and care for all athletes – a strategy that worked for the military.
  • “If you want to protect people, there’s an easy way to do that: change the training protocol for everyone,” said Lanetta Jordan, the Sickle Cell Disease Association of America’s chief medical officer.

Hackers Want Millions For Data on Prescriptions

The FBI and Virginia State Police are searching for hackers who demanded that the state pay them a $10 million ransom by Thursday for the return of millions of personal pharmaceutical records they say they stole from the state’s prescription drug database.

The hackers claim to have accessed 8 million patient records and 35 million prescriptions collected by the Prescription Monitoring Program.

“This was an intentional criminal act against the commonwealth by somebody who was trying to harm others,” Gov. Timothy M. Kaine (D) said. “There are breaches that happen by accident or glitches that you try to work out. It’s difficult to foil every criminal that may want to do something against you.”

Although the hackers had threatened to sell the data if they did not receive payment by Thursday, the deadline passed with no immediate sign that they followed through.

Treasury Moves to Restrict Lobbyists From Influencing Bailout Program

Treasury Secretary Timothy F. Geithner issued new guidelines yesterday aimed at eliminating the influence of lobbyists on the $700 billion financial bailout program by restricting their contact with officials who are reviewing applications for money and deciding how to disburse it.
Treasury officials also will seek to limit political influence over the funds, saying they will use similar restrictions that forbid such influence in tax matters as a model. The department’s Office of Financial Stability will be required to certify to Congress that each government investment is based solely on objective criteria. As part of that effort, only banks recommended by their primary regulator will be eligible for capital investments.
“American taxpayers deserve to know that their money is spent in the most effective way to stabilize the financial system,” Geithner said in a statement yesterday. “Today’s actions reaffirm our commitment toward that goal.”

Connecting The Medical Dots

Congress is considering adding money for health information technology to January’s stimulus package.

Doing so could spur a critical mass of the nation’s doctors to finally enter the information age, but unless the funds are tied to standards for the interoperability of health IT systems, the expenditure could do more harm than good.

Before lawmakers act, they need to think: If stimulus money supports a proliferation of systems that can’t exchange information, we will only be replacing paper-based silos of medical information with more expensive, computer-based silos that are barely more useful. Critical information will remain trapped in proprietary systems, unable to get to where it’s needed.

Health IT systems produce value when they are interoperable. When they’re not, doctors who invest in electronic health records cannot share information with each other or add lab results to your file or send electronic prescriptions to your pharmacist. They would have to use handwritten prescriptions and paper files in addition to their electronic files.

Data Mining For DOD Health

Contracts naturally come in all sizes, shapes and flavors. Here’s one that’s just plain fascinating.
“U.S. Department of Defense Chooses Phase Forward to Support FDA-Sponsored Drug Safety Initiative.”
That’s the headline of a press release from a drug industry firm called Phase Forward. The contract involves an effort to use powerful data mining software to examine the medical records of some 12 million people, a company spokesman told us.
The stated aim is to improve the safety of prescription drugs through “rapid evaluation of DoD healthcare data on Army active duty personnel, their family members and retirees to determine which potential safety ‘signals’ merit a more thorough investigation through an epidemiological study.

Security Fix

Digging Deeper Into the CheckFree Attack
The hijacking of the nation’s largest e-bill payment system this week offers a glimpse of an attack that experts say is likely to become more common in 2009.
Atlanta based CheckFree acknowledged Wednesday that hackers had, for several hours, redirected visitors to its customer login page to a Web site in Ukraine that tried to install password-stealing software.
While this attack garnered few headlines, there are clues that suggest it may have affected a large number of people. CheckFree claims that more than 24 million people use its services. Avivah Litan, a fraud analyst with Gartner Inc., said CheckFree controls between 70 to 80 percent of the U.S. online bill pay market. Among the 330 kinds of bills consumers can pay through CheckFree are military credit accounts, utility bills, insurance payments, mortgage and loan payments.