The New York-Presbyterian health system has created a platform to provide a variety of telehealth services to patients across its network and across the country.

New York-Presbyterian says its new NYP On Demand platform provides virtual emergency and will begin offering virtual urgent-care visits by the end of the summer. It anticipates the program will reduce wait times in their emergency department and provide patients with more convenient care options. The system says it is the first health system in New York to provide virtual ER services.

“We need to be able to improve access for our patients,” said Dr. Peter Fleischut, New York-Presbyterian’s chief innovation officer. “We need to make it easier for them to access the care they need.”

Hospitals and healthcare providers are increasingly harnessing telehealth platforms to augment their traditional care, provide patients with more convenient options and potentially reduce costs. A booming area for telemedicine is urgent care, where health systems could treat simple problems like a cough or runny nose cheaper, according to Dr. Alan Pitt, chief medical officer of telehealth company Avizia.

New York-Presbyterian wants to revamp how it provides emergency and urgent care and expand access to experts in the faculty practices at the health system’s two affiliated medical schools—Columbia University Medical Center and Weill Cornell Medical College.

For emergency care, some visitors to the emergency department at New York-Presbyterian Weill Cornell campus can now elect to receive a virtual visit from a physician rather than an in-person examination after their initial medical screening. Fleischut said the health system will be expanding the program to provide virtual urgent-care visits in patients’ homes across New York state by the end of the summer.

The telehealth platform will also allow New York-Presbyterian patients to make digital follow-up appointments starting this fall. It also will allow New York-Presbyterian doctors to digitally consult with specialists at other facilities within the network to provide more convenient care.

“We anticipate this is how we need to be operation in the future to engage with our patients,” Fleischut said. “I would guarantee that we will be adding services into this” platform.

New York-Presbyterian has also launched an initiative to provide patients across the country with digital second opinions in 80 medical specialties through the NYP On Demand platform. Rather than traveling to New York City to consult with experts from Columbia or Weill Cornell, patients can pay an $800 one-time fee to receive a second opinion from a New York-Presbyterian physician. The health system says more than 300 physicians are already participating in the program.

“At New York-Presbyterian, we are looking to redefine the intersection of technology and healthcare, and our new digital health platform is our way of strengthening traditional telehealth services,” said Dr. Steven Corwin, CEO of New York-Presbyterian.

Article source:

read more

Banner Health is contacting 3.7 million individuals whose personal information may have been accessed in a cyberattack that began on systems that process credit card payments for food and beverage purchases at Banner locations. The breach then expanded to include patient and health plan information.

The Phoenix-based health system, with locations in Alaska, Arizona, California, Colorado, Nebraska, Nevada and Wyoming, first learned of the attack on July 7, according to a company statement. Around June 23, the attack began to target data from credit cards, including the cardholders’ names, card numbers, expiration dates and verification codes.

By July 13, an investigation revealed that the attackers “may have gained unauthorized access to patient information, health plan member and beneficiary information, as well as information about physician and healthcare providers,” the statement said. “The patient and health plan information may have included names, birth dates, addresses, physicians’ names, dates of service, claims information, and possibly health insurance information and Social Security numbers.”

Banner announced Wednesday that it is mailing letters to 3.7 million patients, health plan members and food service customers about the attack. The system has also hired a computer forensics firm, contacted law enforcement officials and is taking steps to prevent further attacks.

Bill Byron, vice president of public relations for Banner, said there was no evidence the information has been misused in any way. He added that further details may not be forthcoming.

“Banner is committed to maintaining the privacy and security of information of our patients, employees, plan members and beneficiaries, customers at our food and beverage outlets, as well as our providers,” said Peter S. Fine, president and CEO of Banner Health.

Michael “Mac” McMillan, co-founder and CEO of security firm CynergisTek, said it was odd that the point of sale systems at Banner’s 27 food service locations that were affected appear to have been on the same network as clinical systems.

A 2012 study by Verizon showed that point of sale systems are responsible for 48% of assets compromised in healthcare data breaches. While this might seem counterintuitive, the report continues, it shows that most cybercriminals are more interested in accessing a patient’s bank account than the details of electronic health records that might be stored in a file or database server.

At 3.7 million affected individuals, the Banner Health breach would be the eight largest on the “wall of shame” website that’s been kept by HHS’ Office for Civil Rights. The site lists all breaches of healthcare information involving 500 or more individuals since September 2009 when the Health Insurance Portability and Accountability Act breach notification rule went into effect.

By far the largest breach on the list is Anthem’s March 2015 cyberattack that affected the records of 78.8 million individuals. Seven of the top 10 breaches have been cyberattacks. All of those hacking breaches were reported either this year or last.

A list of the outlets that were affected can be found here.

Article source:

read more

For a hacker who’s looking to make money out of stolen personal information, healthcare systems and hospitals can be a one-stop shop.

Along with the usual names, addresses, dates of birth, Social Security numbers and claims information come credit card and banking account numbers used to process payments.

Cyber security experts will tell you the two types of information should be stored in computer systems completely unrelated and disconnected to avoid leaving either one vulnerable — something that seems to have happened to Banner Health.

The Arizona-based hospital chain this week said hackers tapped into credit and debit card information belonging to 3.7 million people through point of sale systems (POS) that process payment card data at dozens of food and beverage outlets serving Banner Health locations.

The hack occurred on June 17 and went undiscovered until July 7.

Six days later, Banner learned patient information and health plan records on its computer networks may also have been comprised.

Banner spokesman Bill Byron said the incident is under investigation and that details won’t be known or shared for weeks.

But the incident has left cybersecurity experts wondering if the healthcare industry, which in the past few years has been hit mercilessly with data breaches and ransomware threats, now has yet another weak spot — the point of sale system.

The vast majority of these systems that process credit card payments are brought in by third-party vendors, hooked up to a cash register, plugged into the internet and “away they go,” said Chris Ensey, chief operating officer of Dunbar Security Solutions.

“(POS systems) are often treated as somebody else’s stuff,” he said, adding that the healthcare organizations view the vendors as responsible for the systems.

But each new third-party services provider creates yet another entry point for hackers, he said.

And in fact, a 2012 study by Verizon showed that point of sale systems are responsible for 48% of assets compromised in healthcare data breaches.

It’s important to conduct audits to review how the systems are interoperating and what vulnerabilities they might reveal during the set-up, Ensey said.

Cyber security expert Jeremy King said hackers are data omnivores who will feast on one system for one type of data then rummage around for different data, as long as it’s marketable.

Criminals regard healthcare records as more valuable than credit card records because their data elements, such as DOBs, addresses and Social Security numbers, can’t be readily changed. A credit card, on the other hand, can be cancelled once a breach has been discovered.

Last month, a hacker was spotted on the black market offering to sell nearly 10 million patient records for $880,000. A lot of criminals who steal credit card account information will use it themselves for fraudulent purchases or sell it.

Hackers can get anywhere from $5 for the card number to $1,000 for the information contained in account balances, according to Business Insider.

“It’s big money,” King said.

King, who is international director of the Payment Card Industry Security Standards Council, said it’s important to maintain a firewall between POS systems and other information networks.

“Segmentation is a way to try and reduce your risk,” he said. “Even then, you’ve got to make sure you do that segmentation correctly, you’ve got the systems in place and you test it.”

King also advises access to credit card systems be on a “need-to-know” basis.

Now, just because Banner’s POS system breach was discovered first doesn’t mean that was the system that was first hacked, said King. “The forensic investigators will find that out in time.”

Byron, the Banner spokesman, said, so far, there is no evidence indicating any of its data were removed or “misused in any way.”

Banner’s breach is the 8th largest on the online “wall of shame” kept by HHS. The site lists all breaches of healthcare information involving 500 or more individuals since 2009.

By far the largest breach on the list was Anthem’s in 2015. The cyberattack comprised the records of 78.8 million individuals. More than 114.1 million individuals’ records have been exposed in the past two years.

Article source:

read more