Skip to main content

Quality and Safety

By Kat Jercich | 04:57 pm | November 10, 2021
A new SecureAge study found that 40% of employers said their current company had dealt with a cyberattack in the past – yet many faced hurdles to implementing defense measures.
By Kat Jercich | 01:14 pm | November 09, 2021
White House officials testified this past week that they have seen a "discernible decrease" in U.S.-targeted cyberattacks linked to Russia. As reported by The Hill, Chris Inglis, the country's first national cyber director, told the House Homeland Security Committee that it was too soon to tell why the number of incidents had lessened.   "It may well be that the transgressors in this space have simply lain low in understanding that this is for the moment a very hot time for them, and we need to ensure that that continues to be the case," said Inglis.   "I think in the longer term, we will be able to measure in a qualitative and a quantitative fashion what the diminishment of those efforts are," he added.   Inglis emphasized the importance of staying the course when it comes to cyber defenses, saying that the United States needs to "ensure that our strategy is solidified and brought to bear."  Inglis' remarks prefaced news that the Department of Justice had charged two individuals for deploying Russia-linked REvil ransomware against U.S. targets.   EHR vendor reports security breach   QRS, Inc. has begun notifying individuals of a cyberattack that involved the personal information, including the health information, of some of its clients' patients. QRS, a technology services company that offers electronic health record and practice management software, said in a notice on its website that it had discovered in August that one of its dedicated patient portal servers had been accessed. After taking the server offline and investigating, QRS determined that the attacker had accessed the server between August 23 and 26.    During that time, the attacker may have acquired files containing individuals' name, address, date of birth, Social Security number, patient identification number, portal username, and/or medical treatment or diagnosis information. According to the U.S. Department of Health and Human Services Office for Civil Rights Breach Portal, the incident affected 319,778 individuals. "Although QRS is not aware of any identity theft or fraud to any person as a result of this incident, it is notifying the potentially affected patients on behalf of its clients to advise them about the steps QRS has taken to investigate the incident and provide them with guidance about monitoring their information," wrote the company on its site.   Philips flags security vulnerability in EMR systems   Philips has issued an advisory regarding a version of its TASY Electronic Medical Record HTML5 system.   According to the alert, Philips said it had identified two potential vulnerabilities in system versions 3.06.1803 and prior that may allow SQL injection under certain conditions.   "Should this occur, a successful SQL injection attack can result in confidential patient data being exposed or extracted from the TASY database," said the company.    "Attackers could gain unauthorized access to Tasy EMR systems or accounts and, ultimately may lead to a Denial of Service to the database," the advisory continued.   Philips advised affected customers to upgrade to versions 3.06.1804 or later, which are not subject to the vulnerabilities.   "At this time, Philips has received no reports of exploitation of these vulnerabilities or incidents from clinical use that we have been able to associate with this problem. Philips' analysis has shown that it is unlikely that this vulnerability would impact clinical use," said the vendor.    "Philips' analysis also indicates there is no expectation of patient hazard due to this issue," said the alert.   Kat Jercich is senior editor of Healthcare IT News. Twitter: @kjercich Email: kjercich@himss.org Healthcare IT News is a HIMSS Media publication.
By Kat Jercich | 04:36 pm | November 08, 2021
One of the accused, 22-year-old Yaroslav Vasinskyi, is reportedly suspected of attacking about 2,500 victims and raking in $2.3 million in ransom.
By Mike Miliard | 04:12 pm | November 08, 2021
The new document, published this past week, takes stock of a fast-changing technology environment – and would replace the agency's previous medical device guidance, first issued more than 16 years ago.
By Kat Jercich | 10:10 am | November 05, 2021
In a preview of his panel at the HIMSS Cybersecurity Forum, Franciscan Health Vice President of Digital Innovation and Applications Sri Bharadwaj says threat factors have substantially increased amid COVID-19.
By Mike Miliard | 06:00 pm | November 04, 2021
Former Microsoft exec Kurt DelBene, who helped right the course for Healthcare.gov eight years ago, could be tasked with enabling a bigger turnaround job at Veterans Affairs.
By Tammy Lovell | 10:17 am | November 03, 2021
Baseimmune’s technology predicts future strains and designs antigens to protect against them.
By Healthcare IT News | 01:06 pm | October 29, 2021
The survey offers a chance for health system leaders to learn more about a fast-changing threat environment, and benchmark how their own cybersecurity programs compare to those of their peers.
By HIMSS TV | 06:00 pm | October 28, 2021
Philip Bradley, digital health strategist at HIMSS, describes how EMRAM 2022 improves the patient experience, provides financial and operational sustainability, and ultimately offers a roadmap to build an aspirational journey toward better outcomes.