DC Healthcare Provider Limps On After Malware Attack

Despite its computer systems being infected with malware since Monday, MedStar Health, which operates 10 hospitals and more than 250 outpatient facilities in and around Washington, D.C., has continued to provide patient care at near normal levels, according to several updates released this week.

Since the malware attack occurred, MedStar Health has treated an average of 3,380 patients a day at its 10 facilities, it announced Thursday. It has treated nearly 4,000 patients in its ERs and performed more than 1,000 surgeries.

Neither MedStar nor the FBI, which is investigating the incident, will say if ransomware was used in the attack.

However, perpetrators of the attack have asked for 45 bitcoins -- about US$18,500 -- to unlock all of the healthcare provider's infected systems, The Baltimore Sun reported.

The ransom note appeared on the screens of all computers on the MedStar network when users tried to access any files on the system, according to the paper.

MedStar did not respond to our request to comment for this story.

A cyberattack on Hollywood Presbyterian Hospital earlier this year set the game plan for hackers targeting healthcare providers.

"They know the playbook they have to run to take advantage of these situations," said Chris Ensey, COO of Dunbar Security Solutions.

"They received $17,000 for the Hollywood hack," he told TechNewsWorld. "That set the market rate."

Healthcare systems in particular are susceptible to cyberattacks because of the way they share information.

"They have to share information quickly and with a lot of different constituents that are part of the caregiving process," Ensey said. "That requires lots of different openings to be poked open in your firewalls so the attack surface is broader."

What's more, there are many medical devices with network connections and software that hasn't been updated or maintained, he continued.

"There are lots of soft points that a hacker can take advantage of in that infrastructure," Ensey said.

Lack of Commitment

Despite years of FBI cyberthreat warnings, healthcare providers have been tightfisted when it comes to security spending.

"Healthcare has not made a significant investment in information security technology," said David Holtzman, vice president of compliance at CynergisTek.

"Over the past several years, we have seen healthcare organizations devoting only 3 percent of their IT budgets to information security, and only a little over half of them have a dedicated resource focused on information security," he told TechNewsWorld.

"These are strong indicators of the lack of commitment across the healthcare sector for putting appropriate weight and resources to safeguarding health information across the enterprise," Holtzman said.

Every year security is underfunded is a year healthcare systems become more susceptible to attack.

"I think we are seeing the effect of that now in cases like MedStar," Bugcrowd VP of Operations Jonathan Cran told TechNewsWorld.

The healthcare industry is not equipped to handle these attacks, observed Linn F. Freedman, a partner with the law firm of Robinson+Cole.

"These attacks are malicious," she told TechNewsWorld. "They are debilitating, and healthcare entities do not have the resources to be able to combat these highly sophisticated cyberintrusions."

Damage Control

Even when MedStar gets its systems back online, it will be difficult to ascertain exactly what happened to them and if they remain at risk.

"What you have to do is shut down your network and painstakingly gather all the evidence," explained Karthik Krishnan, vice president of product management at Niara.

"That's an extremely hard thing to do for most companies," he told TechNewsWorld. "The down time could be weeks. That's unacceptable."

Since MedStar's service levels don't seem to be severely impacted by the malware on its systems, it may be able to ignore its attackers' ransom demands.

"Every situation is different with respect to whether an entity should pay a ransom," Robinson+Cole's Freedman said. "Hollywood Presbyterian made that decision because they needed to get their [electronic medical records] up and running. In the MedStar case, the EMR wasn't affected."

Taking a hard line against extortionists has its merits, but the decision is rarely uncomplicated.

"In the financial sector, our stance was never pay the ransom because we didn't want to encourage the attackers," said Sean Tierney, director of cyber intelligence for Infoblox.

However, "if you aren't equipped to defend against the problem," he told TechNewsWorld, "then you have to consider paying the ransom -- but it should always be your very last resort."

Source: http://www.technewsworld.com

Read More

For kids with autism, this tech matters

For these kids, games and cute robots are more than just fun. On World Autism Awareness Day, we look at some of the ways technology is improving the lives of those with the condition.

Both Katie and her teacher look like they'd be right at home in a Pixar film, and at first their conversation seems like it would fit in one too.

The ponytailed and pink-clad Katie really wants to sharpen her pencil, but her teacher won't let her until the other kids in the class finish taking a test. Katie asks again, but the teacher offers the same frustrating answer.

"Katie seems upset that her teacher said 'no.' How should Katie respond? Let's help Katie make the best choice," a narrator says. "Remember, sometimes parents and teachers say 'no' when you ask them for something. It's important that we stay calm and respond appropriately."

The conversation, highlighted in software called The Social Express, aims to help kids diagnosed with autism spectrum disorder, or ASD, resolve conflicts and understand that no means no.

It's an important lesson packaged in kid-friendly animation. And it's just one of several programs and robots that help kids with autism communicate, interact socially and control repetitive behaviors. All these can be a struggle for those affected by the broad and complicated range of brain development issues that fall under the ASD umbrella.

The Social Express was created by Marc and Tina Zimmerman, who have identical twin boys, both diagnosed with autism. The twins reacted positively to the use of a laptop during home therapy sessions, and that inspired the Zimmermans to create software that teaches social cues through animated, interactive lessons. It works on computers, iPads and with interactive white boards in school settings, and it lets parents, educators and kids work through lessons on topics like making eye contact, taking turns, listening to others, showing respect and controlling emotions.

ASD today affects 74 million people, or 1 percent of the world's population, according to the US Centers for Disease Control and Prevention. Many on the spectrum struggle to talk to other people and understand others' thoughts and emotions, as well as their own. This makes it hard for many kids to form lasting relationships with those around them.

ASK Nao, a cute humanoid robot with a welcoming face, is another tech tool that can help. The bot, from Aldebaran Robotics, has a very specific purpose: to move, dance and interact with children with autism. The bot comes with special programs, like Guess Emotions, which involves NAO acting out an emotions and asking the child to identify it.

"Most children on the autism spectrum have a natural attraction towards technology, and Nao's humanoid shape creates a perfect link between technology and humanity," said Olivier Joubert, autism business unit manager at Aldebaran.

ASK Nao isn't the only robot built to teach social skills to kids with autism. Back in 2010, a low-cost, child-size bot named Kaspar worked with kids who needed help learning proper social reactions.

Robots and apps are patient. They don't judge. Even personal voice assistants like Siri can play a role, as the unlikely friendship between Apple's artificial intelligence system and one child with autism shows.

Games can play a role too.

For kids with autism in a classroom in Australia, Minecraft is an effective teaching tool for communicating English, science, geography and art lessons. The multiplayer mode in this game, where you can build whole 3D worlds, encourages social interaction between students, improving conflict resolution and communications skills for kids with autism. Those skills can then translate to life outside the classroom. It can be challenging for people with autism to read body language and facial expressions.

April 2 is World Autism Awareness Day, with the entire month designated in the US as National Autism Awareness Month for promoting awareness of not only the condition itself, but also of the many creative tools for dealing with it. The campaign has designated blue as its signature color, and the hashtag #LIUB, for Light It Blue, is picking up traction on social media.

Autism organizations often use a puzzle piece as a symbol. It can represent the complexity of the disorder, but it can also be seen as a visual representation of how people with autism are key parts of a bigger picture, important pieces in the lives of their families and friends. Technology is finding its place in that jigsaw.

Source: http://www.cnet.com

Read More

Obamacare premiums could spike next year

Companies selling individual health plans on Obamacare’s insurance marketplaces must grapple with the impending expiration of two of the law’s key early-stage programs, likely foretelling premium increases in 2017, as PricewaterhouseCoopers points out in a new regulatory brief.

The Affordable Care Act included a trio of provisions meant to counteract insurance marketplace uncertainty in its nascent years.

Collectively dubbed “the 3 Rs,” risk adjustment, reinsurance, and risk corridors were intended to act as shock absorbers for a newly reformed individual health insurance market in which participating firms were, essentially, shooting in the dark when setting premium levels and gaming out how sick and costly new enrollees would be.

Here’s a basic breakdown of how those three policies work: Risk adjustment is a transfer program which redistributes funds from insurers which paid out significantly less in medical claims to those which had to pay more; reinsurance is an insurance policy for insurance companies; and risk corridors take a percentage of the profits reaped by Obamacare insurers which set their premiums too high to those which set them too low.

Risk adjustment is the only one of these programs which will persist beyond 2017. Furthermore, the policies have provided significantly less buffer to insurers than originally hoped. That adds up to an added burden of uncertainty in Obamacare’s marketplaces, which may already contain more sick and costly enrollees than originally expected, according to insurers such as Blue Cross Blue Shield.

And when it comes to the insurance industry, uncertainty almost guarantees defensive pricing.

“The end of reinsurance and risk corridors payments will likely prompt insurers to raise premiums,” wrote PwC. “The loss of these programs increases the potential for financial instability for insurers.”

It’s important to note that those premiums are also likely to stabilize in the years following the 3 R’s expiration. But for the time being, insurance companies are still in some ways playing a guessing game when it comes to premium levels.

Source: http://www.msn.com

Read More