Connect with us

Health Care

Planned Parenthood Los Angeles Hit With Ransomware Attack




Planned Parenthood Los Angeles began sending notification letters this week to patients whose information may have been affected by a cyber incident in October.

According to the letter, which was posted on the California Office of Attorney General’s data security breach website, PPLA identified suspicious activity on its computer network on October 17.

After taking systems offline, notifying law enforcement and engaging a third-party cybersecurity firm, the healthcare facility determined that an unauthorized person had gained access to the network between October 9 and October 17, installed ransomware and had exfiltrated some files from the system during that time.

Planned Parenthood spokesperson John Erickson told Healthcare IT News that about 400,000 patients’ information was contained in the documents.

“At this time, we have no evidence that any information involved in this incident has been used for fraudulent purposes,” said Erickson. Erickson said that health centers had remained open, with patient care operations continuing, throughout the incident.


According to the facility, the files involved included patient names, as well as one or more of the following:

Insurance information
Dates of birth
Clinical information, such as diagnosis, procedure and/or prescription information

In many ways, the attack follows the blueprint set by other bad actors who have targeted healthcare facilities.

But some cyber experts said the elevated political passions around Planned Parenthood, and reproductive healthcare in general, may mean the incident carries extra weight.

“This is devastating news at a time when political tensions are raging as the Supreme Court actively debates a direct challenge to 1973 Roe v. Wade,” said Jane Grafton, vice president at the cyber security company Gurucul.

Grafton was referring to the oral arguments heard before the highest court in Dobbs v. Jackson Women’s Health Organization on Wednesday.

Although Planned Parenthood Los Angeles is not directly involved with that case, the association between its parent organization and abortion care raised concerns about its patients’ personal information, particularly considering the harassment providers have faced.

“Women’s personal procedures and diagnosis are just that: personal. Having them stolen for potential exposure puts women in the political crosshairs,” said Grafton. “Securing medical records has never been more important. We can only hope that this information stays out of the public eye.”

“Given that not only was standard identity information stolen, but the theft was coupled with medical background and procedure data, the ramifications of malicious use of this data are easy to imagine,” said Garret Grajek, CEO of the identity governance vendor YouAttest.


Although 400,000 is a substantial number of patient records, the breach is far from the most severe reported in 2021.

That dubious honor goes to Florida Healthy Kids Corporation, which found “significant vulnerabilities” on its site since 2013 – potentially leading to the exposure of Social Security numbers, dates of birth, names, addresses and financial information for 3.5 million people.

Still, it’s possible PPLA could face legal action over the breach if affected individuals feel their data wasn’t adequately protected.

It wouldn’t be alone in that, either: In October, a Florida resident brought a lawsuit against UF Health Central Florida after an incident potentially exposed her information, as well as that of more than 700,000 people.


“Ransomware continues to be a major issue for organizations around the world, especially now that data is stolen before being encrypted,” said Erich Kron, security awareness advocate for KnowBe4, in a statement.

“The most common method for spreading ransomware is email phishing,” he added. “Organizations that want to protect themselves against these attacks should focus on prevention measures such as training the employees to spot and report phishing emails, including sending simulated attacks to help them polish their skills. Organizations should also ensure that email filters are in place and as a last resort to recover from the outage, that system backups are tested and kept isolated from the network.”

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Healthcare IT News is a HIMSS Media publication.

Source Here:

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Health Care

PatientBond, Vizient Team up for Digital Behavior Change Tools




Patient engagement SaaS provider PatientBond and healthcare performance improvement and analytics company Vizient are partnering up to provide Vizient member healthcare organizations with digital patient engagement and behavior change programs.

WHY IT MATTERSPatientBond’s digital engagement workflows can be personalized with psychographic insights, with the aim of activating patient behaviors and driving improved patient engagement and outcomes.

Through the partnership, Vizient’s customer base, which includes academic medical centers, pediatric facilities, and community hospitals, will offer programming including care gap closures, condition specific messaging, screenings and appointment reminders and appropriate use communications.

The aim of the programs is to reduce hospital readmissions and improve digital health risk assessments.

Other programs included in the deal will provide psychographically segmented marketing campaigns to advance patient/member activation, as well as patient and physician matching or find a doctor services based on psychographic insights.

The deal will also provide extensive market research insights and dynamic payment reminders for partners.

THE LARGER TRENDPatient-reported outcomes are a critical way to assess the ongoing state of patient health and satisfaction, and a growing number of digital tools are helping them do so.

The financial upside for care providers is also noteworthy: Jackson Hospital significantly improved its finances with digital patient engagement tools, switching from letters and phone calls to automated emails and text messages along with some help from analytics.

At Rush University Medical Center, the hospital has deployed similar digital tools to reduce the strain of avoidable readmissions and ED recidivism when resources already were at capacity.

Last year, Cardinal Health announced the launch of a digital patient engagement platform aimed at addressing medication adherence challenges – a significant issue for the health industry and patients.

In 2019, Vizient collaborated with Civica Rx on provider needs analytics data to reduce Rx costs. By providing insights into purchasing patterns and provider needs through its analytics and data capabilities, Vizient helped Civica Rx anticipate gaps in drug availability and affordability.

ON THE RECORD“PatientBond brings consumer science and dynamic intervention technologies to healthcare with unmatched clinical and business results,” said PatientBond CEO Justin Dearborn in a statement. “Vizient’s member healthcare organizations can benefit from PatientBond’s personalized patient engagement at scale with proven and consistent results.”

Nathan Eddy is a healthcare and technology freelancer based in Berlin.Email the writer: nathaneddy@gmail.comTwitter: @dropdeaded209

Source Here:

Continue Reading

Health Care

LifePoint Health Inks Data Deal With Health Catalyst




Brentwood, Tennessee-based LifePoint Health has entered a new collaboration with Health Catalyst and will use its analytics technologies to help bolster care quality, lower costs and improve population health management.

WHY IT MATTERSLifePoint Health will integrate Health Catalyst’s data operating system and analytics tools to gather performance metrics and drive improvements in healthcare quality, reporting and operational and financial decision-making.

By discovering and sharing clinical data, the partnership will help reduce variation in clinical outcomes. Health Catalyst’s tools dovetail with LifePoint’s national quality and facility recognition program goals to measurably improve patient care, safety and satisfaction as well as improve access and lower costs, according to the company.

In addition to the cloud-based data platform, LifePoint will use Health Catalyst’s analyzer, insights, AI, patient safety monitoring and data entry applications. The suite of tools can help increase organizational speed and interoperability, according to Health Catalyst.


While healthcare organizations are just beginning to scratch the surface of using data to drive improvements, according to Health Catalyst President Patrick Nelli, the company’s strategic acquisitions have provided them with the ability to customize software and services around core care systems.

One of them was its purchase earlier this year of KPI Ninja, whose event-driven data processing capabilities complement Health Catalyst’s own platform, enabling customers to build new services and operational tools around their core care systems.

LifePoint, meanwhile, has been making acquisitions of its own, such as its June 2021 addition of specialty hospital company Kindred Healthcare, with an eye toward a delivery network that taps into Kindred’s specialty hospital and rehabilitative expertise and its behavioral health platform.

ON THE RECORD“The Health Catalyst DOS platform, along with our technology product suites and applications, and improvement expertise, will best position LifePoint Health to achieve, sustain and scale the highest standards of care across its network,” said Health Catalyst CEO Dan Burton in a statement this week.

Andrea Fox is senior editor of Healthcare IT News.Email: afox@himss.orgHealthcare IT News is a HIMSS publication.


Continue Reading

Health Care

Fifteen Months for Domestic Worker Who Stole Jewellery




On Thursday, a Palma court sentenced a domestic worker to fifteen months for the theft of jewellery from her employer, a woman in her eighties.

Between 2015 and the end of 2020, the 45-year-old Chilean worked two days a week at the woman’s home in Sa Indioteria, Palma. Over that period, she stole various items of jewellery. The woman only realised this at the end of 2020, which was when she reported the matter to the National Police.

The police established that these items, which included watches, rings and bracelets, were sold in gold-buying establishments in Palma. The woman later verified that these were hers. As well as the jewellery, a hearing aid was stolen.

In January 2021, the domestic worker was arrested. Described as being in an “irregular situation” in Spain, her lawyer obtained agreement for the sentence to be suspended so long as a sum of 10,700 euros is paid over three years, at a rate of 297 euros per month, and she does not commit another crime during this period.


Continue Reading