DC Healthcare Provider Limps On After Malware Attack

Despite its computer systems being infected with malware since Monday, MedStar Health, which operates 10 hospitals and more than 250 outpatient facilities in and around Washington, D.C., has continued to provide patient care at near normal levels, according to several updates released this week.

Since the malware attack occurred, MedStar Health has treated an average of 3,380 patients a day at its 10 facilities, it announced Thursday. It has treated nearly 4,000 patients in its ERs and performed more than 1,000 surgeries.

Neither MedStar nor the FBI, which is investigating the incident, will say if ransomware was used in the attack.

However, perpetrators of the attack have asked for 45 bitcoins -- about US$18,500 -- to unlock all of the healthcare provider's infected systems, The Baltimore Sun reported.

The ransom note appeared on the screens of all computers on the MedStar network when users tried to access any files on the system, according to the paper.

MedStar did not respond to our request to comment for this story.

A cyberattack on Hollywood Presbyterian Hospital earlier this year set the game plan for hackers targeting healthcare providers.

"They know the playbook they have to run to take advantage of these situations," said Chris Ensey, COO of Dunbar Security Solutions.

"They received $17,000 for the Hollywood hack," he told TechNewsWorld. "That set the market rate."

Healthcare systems in particular are susceptible to cyberattacks because of the way they share information.

"They have to share information quickly and with a lot of different constituents that are part of the caregiving process," Ensey said. "That requires lots of different openings to be poked open in your firewalls so the attack surface is broader."

What's more, there are many medical devices with network connections and software that hasn't been updated or maintained, he continued.

"There are lots of soft points that a hacker can take advantage of in that infrastructure," Ensey said.

Lack of Commitment

Despite years of FBI cyberthreat warnings, healthcare providers have been tightfisted when it comes to security spending.

"Healthcare has not made a significant investment in information security technology," said David Holtzman, vice president of compliance at CynergisTek.

"Over the past several years, we have seen healthcare organizations devoting only 3 percent of their IT budgets to information security, and only a little over half of them have a dedicated resource focused on information security," he told TechNewsWorld.

"These are strong indicators of the lack of commitment across the healthcare sector for putting appropriate weight and resources to safeguarding health information across the enterprise," Holtzman said.

Every year security is underfunded is a year healthcare systems become more susceptible to attack.

"I think we are seeing the effect of that now in cases like MedStar," Bugcrowd VP of Operations Jonathan Cran told TechNewsWorld.

The healthcare industry is not equipped to handle these attacks, observed Linn F. Freedman, a partner with the law firm of Robinson+Cole.

"These attacks are malicious," she told TechNewsWorld. "They are debilitating, and healthcare entities do not have the resources to be able to combat these highly sophisticated cyberintrusions."

Damage Control

Even when MedStar gets its systems back online, it will be difficult to ascertain exactly what happened to them and if they remain at risk.

"What you have to do is shut down your network and painstakingly gather all the evidence," explained Karthik Krishnan, vice president of product management at Niara.

"That's an extremely hard thing to do for most companies," he told TechNewsWorld. "The down time could be weeks. That's unacceptable."

Since MedStar's service levels don't seem to be severely impacted by the malware on its systems, it may be able to ignore its attackers' ransom demands.

"Every situation is different with respect to whether an entity should pay a ransom," Robinson+Cole's Freedman said. "Hollywood Presbyterian made that decision because they needed to get their [electronic medical records] up and running. In the MedStar case, the EMR wasn't affected."

Taking a hard line against extortionists has its merits, but the decision is rarely uncomplicated.

"In the financial sector, our stance was never pay the ransom because we didn't want to encourage the attackers," said Sean Tierney, director of cyber intelligence for Infoblox.

However, "if you aren't equipped to defend against the problem," he told TechNewsWorld, "then you have to consider paying the ransom -- but it should always be your very last resort."

Source: http://www.technewsworld.com

Read More

For kids with autism, this tech matters

For these kids, games and cute robots are more than just fun. On World Autism Awareness Day, we look at some of the ways technology is improving the lives of those with the condition.

Both Katie and her teacher look like they'd be right at home in a Pixar film, and at first their conversation seems like it would fit in one too.

The ponytailed and pink-clad Katie really wants to sharpen her pencil, but her teacher won't let her until the other kids in the class finish taking a test. Katie asks again, but the teacher offers the same frustrating answer.

"Katie seems upset that her teacher said 'no.' How should Katie respond? Let's help Katie make the best choice," a narrator says. "Remember, sometimes parents and teachers say 'no' when you ask them for something. It's important that we stay calm and respond appropriately."

The conversation, highlighted in software called The Social Express, aims to help kids diagnosed with autism spectrum disorder, or ASD, resolve conflicts and understand that no means no.

It's an important lesson packaged in kid-friendly animation. And it's just one of several programs and robots that help kids with autism communicate, interact socially and control repetitive behaviors. All these can be a struggle for those affected by the broad and complicated range of brain development issues that fall under the ASD umbrella.

The Social Express was created by Marc and Tina Zimmerman, who have identical twin boys, both diagnosed with autism. The twins reacted positively to the use of a laptop during home therapy sessions, and that inspired the Zimmermans to create software that teaches social cues through animated, interactive lessons. It works on computers, iPads and with interactive white boards in school settings, and it lets parents, educators and kids work through lessons on topics like making eye contact, taking turns, listening to others, showing respect and controlling emotions.

ASD today affects 74 million people, or 1 percent of the world's population, according to the US Centers for Disease Control and Prevention. Many on the spectrum struggle to talk to other people and understand others' thoughts and emotions, as well as their own. This makes it hard for many kids to form lasting relationships with those around them.

ASK Nao, a cute humanoid robot with a welcoming face, is another tech tool that can help. The bot, from Aldebaran Robotics, has a very specific purpose: to move, dance and interact with children with autism. The bot comes with special programs, like Guess Emotions, which involves NAO acting out an emotions and asking the child to identify it.

"Most children on the autism spectrum have a natural attraction towards technology, and Nao's humanoid shape creates a perfect link between technology and humanity," said Olivier Joubert, autism business unit manager at Aldebaran.

ASK Nao isn't the only robot built to teach social skills to kids with autism. Back in 2010, a low-cost, child-size bot named Kaspar worked with kids who needed help learning proper social reactions.

Robots and apps are patient. They don't judge. Even personal voice assistants like Siri can play a role, as the unlikely friendship between Apple's artificial intelligence system and one child with autism shows.

Games can play a role too.

For kids with autism in a classroom in Australia, Minecraft is an effective teaching tool for communicating English, science, geography and art lessons. The multiplayer mode in this game, where you can build whole 3D worlds, encourages social interaction between students, improving conflict resolution and communications skills for kids with autism. Those skills can then translate to life outside the classroom. It can be challenging for people with autism to read body language and facial expressions.

April 2 is World Autism Awareness Day, with the entire month designated in the US as National Autism Awareness Month for promoting awareness of not only the condition itself, but also of the many creative tools for dealing with it. The campaign has designated blue as its signature color, and the hashtag #LIUB, for Light It Blue, is picking up traction on social media.

Autism organizations often use a puzzle piece as a symbol. It can represent the complexity of the disorder, but it can also be seen as a visual representation of how people with autism are key parts of a bigger picture, important pieces in the lives of their families and friends. Technology is finding its place in that jigsaw.

Source: http://www.cnet.com

Read More

Obamacare premiums could spike next year

Companies selling individual health plans on Obamacare’s insurance marketplaces must grapple with the impending expiration of two of the law’s key early-stage programs, likely foretelling premium increases in 2017, as PricewaterhouseCoopers points out in a new regulatory brief.

The Affordable Care Act included a trio of provisions meant to counteract insurance marketplace uncertainty in its nascent years.

Collectively dubbed “the 3 Rs,” risk adjustment, reinsurance, and risk corridors were intended to act as shock absorbers for a newly reformed individual health insurance market in which participating firms were, essentially, shooting in the dark when setting premium levels and gaming out how sick and costly new enrollees would be.

Here’s a basic breakdown of how those three policies work: Risk adjustment is a transfer program which redistributes funds from insurers which paid out significantly less in medical claims to those which had to pay more; reinsurance is an insurance policy for insurance companies; and risk corridors take a percentage of the profits reaped by Obamacare insurers which set their premiums too high to those which set them too low.

Risk adjustment is the only one of these programs which will persist beyond 2017. Furthermore, the policies have provided significantly less buffer to insurers than originally hoped. That adds up to an added burden of uncertainty in Obamacare’s marketplaces, which may already contain more sick and costly enrollees than originally expected, according to insurers such as Blue Cross Blue Shield.

And when it comes to the insurance industry, uncertainty almost guarantees defensive pricing.

“The end of reinsurance and risk corridors payments will likely prompt insurers to raise premiums,” wrote PwC. “The loss of these programs increases the potential for financial instability for insurers.”

It’s important to note that those premiums are also likely to stabilize in the years following the 3 R’s expiration. But for the time being, insurance companies are still in some ways playing a guessing game when it comes to premium levels.

Source: http://www.msn.com

Read More

Mammograms May Detect More Than Breast Cancer

New study finds calcium deposits in breast tissue can predict calcium in arteries, a known risk factor for heart disease.

Mammograms are widely and often successfully used to detect breast cancer, the second leading cause of cancer death among U.S. women. Now, new research published in the journal JACC: Cardiovascular Imaging suggests it can help protect against an even bigger threat to women: cardiovascular disease.

Researchers believe breast calcification — small calcium deposits in the blood vessels found in breast tissue — is a good indicator of coronary arterial calcification, a very early sign of cardiovascular disease, Newsweek reported. Calcium narrows the arteries, which can increase the risk for heart attack. In breasts, though, calcium is very common and generally benign.

Doctors currently use CT scans to check for calcium deposits in arteries; however, scientists and doctors disagree that the cardiac scan is an effective screening method, according to the study. Meanwhile, mammography is more accepted — it is recommended annually for women over 40 years of age, and every other year for women 50 to 75 years old and women at high risk for breast cancer. Digital mammography in particular is more sensitive to the presence of calcifications, researchers said in a statement.

"Many women, especially young women, don't know the health of their coronary arteries," Dr. Harvey Hecht, lead author of the study and director of cardiovascular imaging at Mount Sinai St. Luke's hospital, said in a news release. "Based on our data, if a mammogram shows breast arterial calcifications it can be a red flag — an 'aha' moment — that there is a strong possibility she also has plaque in her coronary arteries.

For the study, researchers recruited a total of 292 women who had mammography and CT scans done within the past 12 months. Of those, 42.5 percent had calcium deposits show up on their mammogram. And 70 percent of women with these deposits also had calcium on their CT scans. Overall, 63 percent of those with breast calcification also had arterial calcification.

Researchers found that women with calcium deposits in their breast tissue were more likely to be older, have high blood pressure, and were less likely to be smokers. Interestingly, they also found that younger patients — those under 60 — had fewer false positives. If a younger woman had breast calcification, there was an 83 percent chance she also had calcium deposits in her coronary arteries.

Although more research and larger studies on this topic are needed to understand the significance of breast calcification, researchers said the findings show that mammograms could provide an opportunity to identify women with heart risks who ordinarily would not have been considered for cardiovascular screening.

Source: http://www.msn.com

Read More

2 New Cancer Therapies That Might Help Patients 'Live Again'

Cancer can be devastating to the individuals and families it affects. The disease alters patients' routines, roles, and relationships with others. Luckily, in the age of cancer research, millions more Americans are surviving the horrible disease, showing that you can live with cancer rather than die from it. In Big Think's latest video, 2 New Cancer Treatments That Give Patients Hope Again, medical researcher Dr David Agus explains two current revolutions in cancer therapy that could potentially eliminate all types of cancer.

The first treatment, known as immunotherapy, was successfully tested on former president Jimmy Carter. When cancer cells appear, they send out a "don't eat me" signal to the immune system. But now, there are drugs that can block that "don't eat me" signal, which allows the immune system to come in and "eat" — or attack — cancer cells. Immunotherapy has shown dramatic results with melanoma, kidney cancer, and some types of lung cancer. According to Agus, immunotherapy teaches you how to harness the power of your own immune system so that it can attack cancer on a more frequent basis than conventional chemotherapy treatments.

The second cancer treatment is known as precision, or personalized medicine. This means that if you have cancer, a doctor can take a piece of your cancer and sequence the DNA to look at which genes are “turned on” and which genes are “turned off.” The goal of this treatment is to develop a way to turn off the genes driving a particular cancer. Because this is still a developing therapy, though, it doesn't work on all patients.

"We don't have drugs to turn off every gene, but I can sequence the DNA of the cancer and develop a personalized therapy of that patient" Agus said in the video.

These new treatments reflect another way of thinking about cancer. In the 1800s, European doctors were classifying cancer by the body part it affected — hence breast cancer, prostate cancer, and lung cancer. Today, however, students and doctors are beginning to classify cancer by the genes that are driving the disease, which sometimes might apply to more than one cancer.

For Agus, “cancer is a verb and not a noun. ... You're cancering,” he said.

Cancer is something the body does, not something the body gets, he said. This philosophy provides a new way of approaching the disease, and encourages doctors to target and treat it with new, more effective therapies.

Source: http://www.msn.com

Read More

Federal officials, advocates push pill-tracking databases

WASHINGTON (AP) — The nation's top health officials are stepping up calls to require doctors to log in to pill-tracking databases before prescribing painkillers and other high-risk drugs.

The move is part of a multi-pronged strategy by the Obama administration to tame an epidemic of abuse and death tied to opioid painkillers like Vicodin and OxyContin. But physician groups see a requirement to check databases before prescribing popular drugs for pain, anxiety and other ailments as being overly burdensome.

Helping push the administration's effort forward is an unusual, multi-million lobbying campaign funded by a former corporate executive who has turned his attention to fighting addiction.

"Their role is to say what needs to be done, my role is to get it done," says Gary Mendell, CEO of the non-profit Shatterproof, which is lobbying in state capitals to tighten prescribing standards for addictive drugs.

Mendell founded the group in 2011, after his son committed suicide following years of addiction to painkillers. Previously Mendell was CEO of HEI Hotels and Resorts, which operates upscale hotels. To date, Mendell has invested $4.1 million of his own money in the group to hire lobbyists, public relations experts and 12 full-time staffers.

A new report from Shatterproof lays out key recommendations to improve prescription monitoring systems, which are currently used in 49 states.

The systems collect data on prescriptions for high-risk drugs that can be viewed by doctors and government officials to spot suspicious patterns. The aim is to stop "doctor shopping," where patients rack up multiple prescriptions from different doctors, either to satisfy their own drug addiction or to sell on the black market. But in most states, doctors are not required to check the databases before writing prescriptions.

Last week, the White House sent letters to all 50 U.S. governors recommending that they require doctors to check the databases and require pharmacists to upload drug dispensing data on a daily basis.

The databases are "a proven tool for reducing prescription drug misuse and diversion," said Michael Botticelli, National Drug Control Policy Director, in a statement.

But government health officials say virtually all state systems need improvements, including more up-to-date information.

"There isn't yet a single state in the country that has an optimal prescription drug monitoring program that works in real time, actively managing every prescription," said Dr. Tom Frieden, director of the Centers for Disease Control and Prevention, in a press conference last week.

Physicians warn about the unintended consequences of mandating use of programs that can be slow and difficult to use. Patients may face longer waits and less time with their physicians, says Dr. Steven Sacks, president of the American Medical Association.

"There really is a patient safety and quality-of-care cost when you mandate the use of tools that are not easy to use," Sacks said.

The report from Shatterproof highlights the gaps in current prescribing systems. When doctors are not required to log in, they generally only do so 14 percent of the time, according to data from Brandeis University.

The report points to positive results in seven states that have mandated database usage: Kentucky, New York, Tennessee, Connecticut, Ohio, Wisconsin and Massachusetts. In Kentucky, deaths linked to prescription opioids fell 25 percent after the state required log-ins in 2012, along with other steps designed to curb inappropriate prescribing.

The same information can be used to prevent deadly drug interactions between opioids and other common medications, including anti-anxiety drugs like Valium of Xanax.

Opioids are highly addictive drugs that include both prescription painkillers like codeine and morphine, as well as illegal narcotics, like heroin. Deaths linked to opioid misuse and abuse have increased fourfold since 1999 to more than 29,000 in 2014, the highest figure on record, according to the CDC.

Earlier this month the CDC released the first-ever national guidelines for prescribing opioids, urging doctors to try non-opioid painkillers, physical therapy and other methods for treating chronic pain.

But pain specialists fear requiring pill-tracking databases will discourage doctors from prescribing the drugs even when appropriate, leaving patients in pain. Dr. Gregory Terman says it takes him three minutes to log in to the system used in his home state of Washington.

"If it was easier to use, more people would use it," said Terman, who is president of the American Pain Society, a group which accepts money from pain drugmakers. Like many physicians, Terman says he supports the technology but doesn't think it should be required.

Last week, two states targeted by Shatterproof signed into law database-checking requirements: Massachusetts and Wisconsin. Mendell says his staffers are lobbying now in California and Maryland.

"I don't think we can afford to wait decades for this to slowly get implemented into the system," he says. "I think we need to take action now."

Source: http://www.msn.com

Read More

Ransomware hackers take aim at Kentucky hospital

A Kentucky hospital is operating in an internal state of emergency following an attack by cybercriminals on its computer network, Krebs on Security reported.

Methodist Hospital, based in Henderson, Kentucky, is the victim of a ransomware attack in which hackers infiltrated its computer network, encrypted files and are now holding the data hostage, Krebs reported Tuesday.

The hospital has not responded to CNBC's requests for comment.

The criminals reportedly used new strain of malware known as Locky to encrypt important files. The malware spread from the initial infected machine to the entire internal network and several other systems, the hospital's information systems director, Jamie Reid, told Krebs.

"We essentially shut our system down and reopened on a computer-by-computer basis," David Park, an attorney for the Kentucky healthcare center told Krebs.

The hospital is reportedly considering paying hackers the ransom money of four bitcoins, about $1,600 at the current exchange rate, for the key to unlock the files.

The FBI is reportedly investigating and declined to comment for this story.

This is just the latest hack attack by cybercriminals using ransomware to shut down critical infrastructure, a cyber threat that the FBI warns is on the rise. "Ransomware has been around for several years, but there's been a definite uptick lately in its use by cyber criminals," the FBI warned in a January report.

In February, a California hospital paid a $17,000 ransom to get its files back. In that case, hackers shut down the internal computer system for more than a week, initially demanding a ransom of almost $3.7 million.

The way ransomware infects computers has also become more effective. When ransomware first emerged, the most common way for computers to become infected was when users opened email attachments containing the malware, the FBI reported.

"But more recently, we're seeing an increasing number of incidents involving so-called 'drive-by' ransomware, where users can infect their computers simply by clicking on a compromised website, often lured there by a deceptive e-mail or pop-up window," the FBI said in its report.

According to the FBI, the way cybercriminals are demanding payment has also changed, from prepaid cards to bitcoin. Hackers prefer bitcoin because of the anonymity the decentralized virtual currency network offers.

With ransomware attacks on critical infrastructure, cybercriminals have found a sweet spot, said security expert Ben Johnson. Hospitals, power companies and government municipalities are often more concerned with getting back online than investigating an attack. They are also often battling on aging computer operating systems with understaffed security teams.

"So they pay, thus encouraging the attackers because it is working," said Johnson, a former NSA employee and co-founder and Chief Security Strategist for Carbon Black.

"Ransomware has done its market research and found its ideal market segment," Johnson said. "Last year, it was that all your health records will be stolen, this year it's that you'll be in the hospital and all the systems will fail."

Source: http://www.msn.com

Read More