Healthcare and Cybersecurity
A free public service for a better community
A Good Day To Advocate for Better Healthcare
If there are subjects you’d like to see or improvements made, please let me know using the comment button below.
Videos of these newsletters appear on Youtube on this channel. Let me know what you think.
Cybercrime and Healthcare
Anywhere there is a digital device there is a risk of attack by bad actors. Some seek to damage the device, some seek to halt the system, and some seek to lock it up in exchange for ransom.
The last crime - ransom - is big business. If you were interested in going into the business of holding systems or data hostage, there is a type of software you would be interested in leasing - ransomware as a service.
Recall that in February Change Healthcare systems were attacked. The Change Healthcare platform, which is owned by UnitedHealth Group subsidiary Optum, was breached by an affiliate of the ALPHV/BlackCat ransomware group in February, causing widespread operational outages and threatening the leak of sensitive patient and client data. A $22 million ransom payment allegedly made by Optum, which is supported by blockchain transaction records associated with ALPHV/BlackCat, was apparently stolen by the ransomware-as-a-service (RaaS) in an exit scam.
The Change Healthcare breach story has taken on a new twist, with emerging ransomware group RansomHub claiming, on 4/8/2024, it has 4TB of data stolen from the healthcare tech company in February.
This comes as no surprise. The involvement of a middleman, typical in ransomware-as-a-service (RaaS) attacks, adds another level of complexity and risk. It complicates the direct line of negotiation and payment to the threat actors with the data that was stolen. RansomHub began a countdown of just over 12 days for UnitedHealth to make a ransom payment before the dataset is sold. (SC Media)
Health care data breaches soared to record-breaking levels in 2023, fueled by a surge in ransomware attacks and increased targeting of the third-party vendors hospitals and other health care providers use. Exposure of protected health information and personally identifiable information can put patients at risk of identity theft or insurance fraud. “Be careful not to share sensitive information over e-mail, text messages or other communication paths that might not be so secure,” said Errol Weiss, chief security officer at the Health Information Sharing and Analysis Center. (USA Today)
Federal law requires health care organizations to report to Health and Human Services any security breaches that expose patient information. Search by company name, breach type or company location to see if your health information has been compromised. Click here.
If you want to learn more about cybersecurity and healthcare - here is a 2023 report from Healthcare Information and Management Systems Society on the subject.
Software protections are not as strong on healthcare systems as they are for other critical programs. Part of the problem is that there is no need to demonstrate cyber hardening prior to going on line. Also, government regulations on our personal healthcare info don’t really take effect until there is a breech. They are not proactive, they are reactive.
If we had a common system of medical records for all of us, like many countries with universal healthcare, a lot of cyber attack problems could disappear. There could be a single attack surface and all efforts could be focused on protecting that system. I recall what J. P. Morgan once quipped “Put all your eggs in one basket - AND THEN WATCH THAT BASKET”.
With a single patient data system there could be easy access between providers so no need to beg one doctor to send records to another. I’ve had doctors slow walk that request prior to a surgery. If there were universal single payer healthcare, we would not discriminate against prior illnesses ands there would be no reason to hide them. Of course, when reproductive freedoms are restored there would be no need to hide that information to avoid prosecution, like in Arizona and 20 other states.
One of the reasons I bring up a single data system for healthcare under the auspices of the US government is that I worked most of my adult life helping the US government and I know just how seriously they take cybersecurity when their system is involved. That is not a guarantee against attack, but IMHO it would reduce the negative effects of attacks.
What to do:
Again, you can search by company name, breach type or company location to see if your health information has been compromised. Click here.
If you think you may be the victim of identity theft, you may wish to verify the information in your medical record, and/or ask for that information to be corrected, by requesting a copy of your of your health information and/or requesting an amendment to your health information.
For more tools to protect yourself against identity theft after a breach, please visit the Federal Trade Commission's (FTC) website for additional information.
Of course, locking credit info at each of the three credit reporting agencies might also be warranted. Experian, TransUnion, and Equifax are the three and those links in this sentence are to their pages for locking credit.
Resources
Healthcare Advocacy (Us)
Website
Our Newsletter resources including reproductive healthcare
Healthcare Advocacy Reading List
Find My Elected Officials
Contact the White House https://www.whitehouse.gov/contact/
Contact State and Federal Representatives
By phone: (202) 224-3121
By email: democracy.io
Important Healthcare Resources
League of Women Voters Healthcare Reform Toolkit
Organizations to Contact
National Nurses United Medicare4All
Physicians for a National Health Program
One Payer States
Healthcare Now
Reproductive Health
NARAL - Pro Choice America
Charley. chatbot abortion resource - make sure to use a secure incognito browser if you live in a state that has banned abortion
Planned Parenthood
Miscarriage and Abortion Hotline has references about where to procure abortion medications. They also assist women in the process of self managed abortion or miscarriage by phone or text and will respond in an hour. Details and hours of operation at their website.
United State of Women Reproductive health page (bottom of the page) has important resources such as medical support, access to Telehealth, prescriptions by mail, and legal support references.
Practice careful communications - The Digital Defense Fund has a number of tips to keep texts, calls, and internet use private. Here is their site.
If you need financial help with an abortion try abortionfunds.org
Claims Denials and Appeals & What to Do
Appeal a Healthcare Decision
Appeal/Negotiate a Hospital Bill
Disinformation Management
Cybersecurity Infrastructure Security Agency
Save Democracy
Chop Wood, Carry Water by Jessica Cravens
RESISTBOT
Link to the RESISTBOT site to learn more
Link to Chop Wood, Carry Water RESISTBOT write up
Thanks for reading Healthcare Advocacy! Subscribe for free to receive new posts