Jessica Davis

Although many organizations claim interoperability is a major focus, progress is slow, at best. For HL7 CEO Charles Jaffe, the reason is a lack of financial reward, as for-profit vendors can’t be expected to “connect everyone on their own dime.”

AWS will be working with the healthcare tech giant on its HealtheIntent platform to analyze clinical data and predict available treatment.

Hacking incidents caused the majority of healthcare breaches in October, but insider errors impacted an even greater amount of patient records, according to the Protenus Breach Barometer. Protenus researchers pulled and analyzed data from the U.S. Department of Health and Human Services’ Office of Civil Rights, as well as research from the site DataBreaches.net. In all, 37 breaches were reported last month. This means 2017’s security trend remained true for October: At least one breach occurs in the healthcare sector each day. [Also: The biggest healthcare breaches of 2017 (so far)] Insider error continues to be a problem area for the industry. Of the three insider breaches for which Protenus had data, user error caused the breach of about 157,000 patient records last month. Insiders accounted for 29 percent of all October incidents. In fact, insider error drastically increased in October from other months, September breached just 24,958 records and August affected 26,831. One of those errors involved a flyer sent to HIV patients, asking them to participate in an HIV research project. The trouble was that the healthcare organization used envelopes with a clear front that revealed the HIV status. This was the second breach of this kind this year. Another insider incident involved another troubling trend this year: an improperly secured Amazon S3 bucket. That incident breached the records of about 150,000 patients.  “These incidents serve as a reminder for healthcare organizations to conduct routine training for employees on how to properly handle and distribute information to patients, without breaching their privacy,” the report authors wrote. “This is especially the case when working with vulnerable populations, as patients with diagnoses like HIV have a lot more at stake if their information is made public -- much more sensitive than their credit card information, such a breach be catastrophic to their entire way of life,” they added. Hacking is still the industry’s other leading culprit, accounting for about 35 percent of incidents and the breach of over 56,000 patient records. Two of the month’s 13 incidents specifically mentioned ransomware, while two were caused by phishing and three mentioned extortion attempts. Per the trend, notorious hacker TheDarkOverLord was responsible for all the extortion attempts. And not all of the affected organizations have reported these breaches. Lastly, the healthcare sector continues to struggle with discovering breaches. It took an average of 448 days for an organization to find a breach. In fact, one incident took 1,157 days or more than three years to discover a breach. “Both external and internal actors continue to threaten patient information and these breaches have often gone undetected for years, affecting thousands of patients,” the report authors wrote. “Our hope is that healthcare will begin to have conversations on how the industry can better protect the privacy of all patients and specifically devote attention to vulnerable populations.” Twitter: @JessieFDavis Email the writer: jessica.davis@himssmedia.com

The increase in the use of telehealth in the healthcare sector have prompted the HHS watchdog to evaluate compliance with reimbursement requirements.

Congressman says BOMs included with every device will help organizations assess threats and give transparency with managing system vulnerabilities.

As established by the 21st Century Cures Act, the committee is tasked with creating policies, standards, implementation specifications and certification criteria for health technology.

The class action lawsuit filed Thursday by the estate of a cancer patient, claimed he was unable to determine when cancer symptoms began due to the EHR vendor’s faulty software.

A Ponemon Institute report predicts 35 percent of cyberattacks to be fileless in 2018, and these attacks are nearly 10 times more likely to succeed than file-based attacks.

HHS is accused of retaliating against two of its cybersecurity leaders for speaking with the committee.

The agency wants to jump onto the current success of DoD’s similar Cerner roll outs in the Pacific Northwest and needs the funds now to avoid driving up the project’s cost down the line.