Connect with us

Health Care

Pandemic Stress, Cyberattacks Are Compounding Degradation of Care Delivery




This past September, the U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency published a report designed to assess the health of the nation’s hospitals and health systems.

Perhaps unsurprisingly, the report, “Provide Medical Care is in Critical Condition: Analysis and Stakeholder Decision Support to Minimize Further Harm,” doesn’t offer encouraging news.

It finds the nationwide infrastructure enabling provision of medical care – one of CISA’s 55 National Critical Functions – to be severely strained by the COVID-19 pandemic and all the clinical, financial, workforce and supply chain challenges it has brought,

The concurrent cyber-pandemic of rampant ransomware and nation-state skullduggery has only compounded the difficulties faced by providers.

As the report notes: “Beyond the obvious consequences of disruptions to diagnostic, testing, and treatment equipment, even minor reductions in efficiency caused by cyber incidents compound to increase staff workload and degrade the system’s ability to provide medical care.”

At the upcoming HIMSS Healthcare Cybersecurity Forum, which kicks off next Monday, a CISA researcher will unpack the recent report – and offer some suggestions for how his agency can support struggling healthcare organizations.

To preview his session, “Healthcare is in Critical Condition,” Josh Corman, who has long IT security and public policy experience in the private sector, and joined CISA this past year under the CARES Act as a senior advisor and strategist, spoke with Healthcare IT News about the report and what it means.

“We do regular routine analysis of risk to the nation’s critical infrastructure and national critical functions throughout the pandemic,” Corman explained, noting that the assessment is both qualitative and quantitative. “This analysis is done for government stakeholders and decision-support within CISA, DHS and across agencies like HHS and CDC.”

Like many of the 55 other national critical functions during this time of upheaval – they include Operate Government, Generate Electricity, Provide Wireless Access Network Services and Maintain Access to Medical Records – the NCF known as Provide Medical Care “has been severely strained, stressed at various points throughout the pandemic.”

Aimed at various stakeholders – hospital leaders, healthcare providers, cybersecurity and IT professionals – the report explores several things that most who have experienced the past two years “suspected or possibly or probably thought were intuitive,” Corman said. “But now we’ve got some hard data to show the impacts that are affecting their organizations.”

The report explores several areas of stress and strains for providers. For instance, “we have the first data sizing of the relationship, the correlation between IC bed utilization and excess deaths two, four and six weeks later,” he explained.

“It’s a novel set of findings, and it’s much different than, say, pre-pandemic excess death rates by sizing the shape of that curve. We hope to make sure that people who are making choices about hospital utilization are armed with this newer consequence information.”

The strains on the care delivery system – and the excess deaths they cause – can have severe upstream effects on broader infrastructure, workforce and, potentially, national security.

“An analysis of these excess deaths on top of COVID-19 death reveals some interesting demographic slices – one of which is that one of the fastest growing groups affected by these non-COVID-19 excess deaths from degraded and delayed care are aged 25 to 44 year olds,” Corman explained.

“We also have an ethnicity breakdown that demographic is fairly representative of the nation’s critical infrastructure workers. So critical functions can be impeded by sickness and death of the workforce. In some cases, for highly specialized talent, we can’t really [just] hire more people. It can take five, 10, 15 years to train and backfill the strategic workforce.”

The goal, he said, is “inform state and local leadership on some of the impact – not just to their citizens, which is of course important, but also to identify and track and manage risk and reduce risk to the national functioning of the country for things like transportation, water, food production, medical supplies, and the like.”

No question, the pandemic has been a stressful time for the healthcare system, and has presented significant challenges that have often compromised patient care.

But here’s another question: Can cyber disruption make it worse?

“I think everyone intuitively knows that water is wet and fire is hot,” said Corman. “And that degradation can affect patient outcomes irrespective of cause.”

By way of example, he pointed to a study that explored (non-cybersecurity) disruptions to healthcare delivery, a New England Journal of Medicine article studied the effects of traffic disruptions caused by major U.S. marathons, and assessed how they affected heart attack prognoses.

“They saw that the 4.4 minute longer ambulance ride to get around the marathon route has a statistically significant increase in mortality 30 days later.”

Throughout the pandemic, in the U.S. and abroad, “unscrupulous ransom actors were targeting and hitting us hospitals pretty hard.”

In at least one case, and possibly others, we’ve seen how cyber attacks can lead to patient deaths.

“Armed with the elevated case rates and hospitalizations of the pandemic as a baseline, we were able to lean in and try to study this national experiment of protracted service disruption in hospitals,” said Corman. “The team asked, can cyber [attacks] make it worse? And the answer is yes.”

As he explained: “The way we measure that is, if we have now an instrument for measuring hospital strain associated with excess death two, four and six weeks on one hand, what we’re able to do is for some of these protracted victims, we could take a very close look for many months after an attack and in the same geography, controlling for things like the size of hospital, the type of hospital, the size hospital in the observation period across a statistically significant sampling, we can compare head to head with the same geography, same population, same time period of the pandemic.”

With head to head comparisons, said Corman, “you now are able to contrast the effects of cyber disruption to introduce delayed integrated care sufficiently high enough to be in our danger zone for excess deaths two, four and six weeks later.”

HHS and the FDA “have said for many years that cyber safety issues are patient safety issues,” he said. “But there’s been a reluctance in the field to really reconcile and rectify what we many of us intuitively have known to be true – that, yes, delayed and degraded patient care from any cause – power outages, marathons and, yes, cyber attacks – can contribute to worsen outcomes and even excess deaths.”

Corman is the co-founder of I Am The Cavalry, which describes itself as a “grassroots organization focused on the intersection of digital security, public safety and human life.”

According to its motto: “The Cavalry isn’t coming. It falls to you.”

But that’s not to say there’s no helping hands out there.

And Corman emphasizes that “CISA, the newest federal agency, is here to be your cyber defender.”

Toward that end, there are several resources highlighted in the report designed to arm healthcare professionals “with new data and motivation to go to their stakeholders and encourage them to maybe sign up for some of the free, taxpayer funded services from CISA, like our Cyber Hygiene Services.”

Another educational resource is its CISA Bad Practices page, designed to highlight “exceptionally risky” habits such as use of unsupported (or end-of-life) software, known/fixed/default passwords and credentials and, of course, reliance on single-factor authentication.

“We want stakeholders avail themselves left of boom services and advice from CISA -meet the local regional CISA team, their cybersecurity advisers, perhaps – and, right of boom, for them know who to call with resources like and other things, so that they have a plan in place before harm and can maybe mitigate and recover more quickly from harm.”

Josh Corman’s HIMSS Healthcare Cybersecurity Forum session, “Healthcare is in Critical Condition,” is scheduled for Tuesday, December 7, at 11 a.m.

Twitter: @MikeMiliardHITN
Email the writer:

Healthcare IT News is a HIMSS publication.

Original Post:

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Health Care

PatientBond, Vizient Team up for Digital Behavior Change Tools




Patient engagement SaaS provider PatientBond and healthcare performance improvement and analytics company Vizient are partnering up to provide Vizient member healthcare organizations with digital patient engagement and behavior change programs.

WHY IT MATTERSPatientBond’s digital engagement workflows can be personalized with psychographic insights, with the aim of activating patient behaviors and driving improved patient engagement and outcomes.

Through the partnership, Vizient’s customer base, which includes academic medical centers, pediatric facilities, and community hospitals, will offer programming including care gap closures, condition specific messaging, screenings and appointment reminders and appropriate use communications.

The aim of the programs is to reduce hospital readmissions and improve digital health risk assessments.

Other programs included in the deal will provide psychographically segmented marketing campaigns to advance patient/member activation, as well as patient and physician matching or find a doctor services based on psychographic insights.

The deal will also provide extensive market research insights and dynamic payment reminders for partners.

THE LARGER TRENDPatient-reported outcomes are a critical way to assess the ongoing state of patient health and satisfaction, and a growing number of digital tools are helping them do so.

The financial upside for care providers is also noteworthy: Jackson Hospital significantly improved its finances with digital patient engagement tools, switching from letters and phone calls to automated emails and text messages along with some help from analytics.

At Rush University Medical Center, the hospital has deployed similar digital tools to reduce the strain of avoidable readmissions and ED recidivism when resources already were at capacity.

Last year, Cardinal Health announced the launch of a digital patient engagement platform aimed at addressing medication adherence challenges – a significant issue for the health industry and patients.

In 2019, Vizient collaborated with Civica Rx on provider needs analytics data to reduce Rx costs. By providing insights into purchasing patterns and provider needs through its analytics and data capabilities, Vizient helped Civica Rx anticipate gaps in drug availability and affordability.

ON THE RECORD“PatientBond brings consumer science and dynamic intervention technologies to healthcare with unmatched clinical and business results,” said PatientBond CEO Justin Dearborn in a statement. “Vizient’s member healthcare organizations can benefit from PatientBond’s personalized patient engagement at scale with proven and consistent results.”

Nathan Eddy is a healthcare and technology freelancer based in Berlin.Email the writer: nathaneddy@gmail.comTwitter: @dropdeaded209

Source Here:

Continue Reading

Health Care

LifePoint Health Inks Data Deal With Health Catalyst




Brentwood, Tennessee-based LifePoint Health has entered a new collaboration with Health Catalyst and will use its analytics technologies to help bolster care quality, lower costs and improve population health management.

WHY IT MATTERSLifePoint Health will integrate Health Catalyst’s data operating system and analytics tools to gather performance metrics and drive improvements in healthcare quality, reporting and operational and financial decision-making.

By discovering and sharing clinical data, the partnership will help reduce variation in clinical outcomes. Health Catalyst’s tools dovetail with LifePoint’s national quality and facility recognition program goals to measurably improve patient care, safety and satisfaction as well as improve access and lower costs, according to the company.

In addition to the cloud-based data platform, LifePoint will use Health Catalyst’s analyzer, insights, AI, patient safety monitoring and data entry applications. The suite of tools can help increase organizational speed and interoperability, according to Health Catalyst.


While healthcare organizations are just beginning to scratch the surface of using data to drive improvements, according to Health Catalyst President Patrick Nelli, the company’s strategic acquisitions have provided them with the ability to customize software and services around core care systems.

One of them was its purchase earlier this year of KPI Ninja, whose event-driven data processing capabilities complement Health Catalyst’s own platform, enabling customers to build new services and operational tools around their core care systems.

LifePoint, meanwhile, has been making acquisitions of its own, such as its June 2021 addition of specialty hospital company Kindred Healthcare, with an eye toward a delivery network that taps into Kindred’s specialty hospital and rehabilitative expertise and its behavioral health platform.

ON THE RECORD“The Health Catalyst DOS platform, along with our technology product suites and applications, and improvement expertise, will best position LifePoint Health to achieve, sustain and scale the highest standards of care across its network,” said Health Catalyst CEO Dan Burton in a statement this week.

Andrea Fox is senior editor of Healthcare IT News.Email: afox@himss.orgHealthcare IT News is a HIMSS publication.


Continue Reading

Health Care

Fifteen Months for Domestic Worker Who Stole Jewellery




On Thursday, a Palma court sentenced a domestic worker to fifteen months for the theft of jewellery from her employer, a woman in her eighties.

Between 2015 and the end of 2020, the 45-year-old Chilean worked two days a week at the woman’s home in Sa Indioteria, Palma. Over that period, she stole various items of jewellery. The woman only realised this at the end of 2020, which was when she reported the matter to the National Police.

The police established that these items, which included watches, rings and bracelets, were sold in gold-buying establishments in Palma. The woman later verified that these were hers. As well as the jewellery, a hearing aid was stolen.

In January 2021, the domestic worker was arrested. Described as being in an “irregular situation” in Spain, her lawyer obtained agreement for the sentence to be suspended so long as a sum of 10,700 euros is paid over three years, at a rate of 297 euros per month, and she does not commit another crime during this period.


Continue Reading