Rattled by Cyberattacks, Hospitals Push Device Makers to Improve Security

Exposed

More than 150 million personal health records have been breached in health-care company hacks since 2009.

In stepping up their efforts, hospitals have gone beyond building firewalls and taking other actions to shield their own networks—they have moved into demanding information like the software running devices that manufacturers have long considered proprietary. The requests have generated tensions between the sides.

Medical-device manufacturers including Royal Philips NV and Boston Scientific Corp. have begun adding new features and disclosing more about products—such as which third-party software they contain—to help hospitals protect devices against attacks, health-care and security experts said.

The interconnectivity has given rise to new headaches for hospital executives, worried about the consequences of a hack. Their fears were brought home two years ago, when the WannaCry and NotPetya cyberattacks disrupted operations at some hospitals, forcing the cancellation of some surgeries.

Hospital-technology officials say gaining access to the software running inside devices—and knowledge of its vulnerabilities—would help them build firewalls and other defenses against attacks. The Food and Drug Administration recommended in guidance proposed last October that manufacturers provide software disclosures to hospitals. Partners HealthCare, based in Boston, this year required for the first time that an unnamed device maker reveal its device software as part of their contract, said Julian Goldman, Partners’ medical director of biomedical engineering.

NewYork-Presbyterian, meanwhile, is seeking contracts with device makers that allow independent tests of device cybersecurity, called “penetration tests,” said Jennings Aske, the hospital network’s chief information security officer.

Last year, NewYork-Presbyterian began working with outside consultants to assess the cyberdefenses of the corporate networks of suppliers, including medical-device makers, Mr. Aske said. In 2017, the hospital dropped plans to buy infusion pumps manufactured by Smiths Group PLC after the Department of Homeland Security warned that hackers could take control of the pumps, 

Smiths said it released a fix in 2017. “While we were disappointed with the NYP decision to purchase another system, we are confident in the firmware update and that the pump is safe for patients,” the spokesman said.

Vizient Inc., which negotiates contracts for products and services on behalf of 3,100 health systems in the U.S., added cybersecurity questions for the first time to requests now under consideration for bids across 10 medical-device categories, said Ross Carevic, Vizient’s director of technology sourcing. The questions included whether device data are encrypted and what password procedures are used. Vizient plans to factor the answers into contract-award decisions. 

Philips, a major supplier of imaging, respiratory and other gear to hospitals, often receives such cybersecurity questionnaires, said Michael McNeil, the company’s global product security officer. He said it would be helpful if the requests were standardized in order to make answering them more routine.

Boston Scientific, which supplies products like lasers and catheters used by hospitals in surgeries and heart procedures, said it is facing requests for more stringent password features like automatic time-outs, said Ken Hoyme, director of product security. But password timeouts could interfere during time-sensitive surgical procedures, he said.

The health-care companies, including hospitals, reported 148 hacks exposing personal-health information last year, up from five hacks in 2009. The Department of Homeland Security last year issued 30 advisories about cybersecurity vulnerabilities in medical devices, up from 16 the year before, according to MedCrypt, which makes security software for medical devices.

Device makers say hospitals’ cybersecurity demands can be complicated and bog down sales negotiations. “These contracts are taking more time to negotiate,” said James Kinkela, corporate counsel at Boston Scientific. “The contracting has definitely gotten more complex.”

The attention to cybersecurity follows health-care’s embrace in recent years of digital technologies, from electronic medical records to mobile lab tests. For hospitals, internet-connected devices offer the potential to monitor patients more continuously and closely, and use the data to guide—and improve—care.

“There are struggles right now about who owns which piece of cybersecurity,” said Stephanie Domas, vice president of research and development at cybersecurity consultant MedSec. Hospitals don’t know enough about the security of devices on their networks, and manufacturers don’t always provide software updates to fix vulnerabilities quickly, she said.

Hospitals are pushing medical-device makers to improve cyber defenses of their internet-connected infusion pumps, biopsy imaging tables and other health-care products as reports of attacks rise.

Rattled by recent global cyberattacks, U.S. hospitals are conducting tests to detect weaknesses in specific devices, and asking manufacturers to reveal the proprietary software running the products in order to identify vulnerabilities. In some cases, hospitals have canceled orders and rejected bids for devices that lacked safety features.

Hospitals, after a decade of racing to wire up their medical records and an explosion of internet-connected medical devices, are growing more aggressive with technology suppliers amid pressure to better defend against incursions that could threaten patients and cause costly disruptions. Credit-rating agency Moody’s Investors Service in February ranked hospitals as one of the sectors most vulnerable to cyberattacks.

4 Things Seniors Should Know About Treating Depression

Author: Teresa Greenhill

When we feel physical pain, we reach for ibuprofen or call our doctors for advice. So, why shouldn’t seniors do the same when they are experiencing the physical and mental pain of depression? You don’t need to suffer due to stigma, and you don’t need to take on this battle alone. Here’s what you need to know about getting help for your depression. 

Medicare Can Help with Mental Health Too 

Most seniors know they can rely on Medicare for their annual check-ups and physical health needs. For seniors struggling with depression and other mental health issues, however, Medicare can offer coveragethat can help as well. For example, Medicare Part B offers some coverage for outpatient services, but it may not be enough. So, stay informed about your Medicare plan options and any changes that could impact your ability to seek care for your depression. You may want to research supplemental Medicare plansthat could offer even more benefits for your mental health so you can get the help that you need to feel like yourself again. These plans can also help out with prescription drug costs, which can come in handy if you need medication to alleviate your depression symptoms. 

Asking for Help Is Often the Hardest Step 

Depression is common among adults in America, and yet there is still so much stigmaaround getting treatment. As a society, we have a long history of treating mental illness differently than other health conditions, but that really shouldn’t be the case. The truth is, millions of Americansare dealing with mental health issues every single day, but less than half of those people seek out the help they need. You can reduce the voice of stigma in yourself by knowing that you are not alone and that you are not weak for wanting to get better. Start by searching for a therapistwho can help you get on the road to recovery and develop ways to cope along the way. You can also check to see if your therapist will accept Medicare or if you will need to find another way to pay for your treatment or another therapist that fits your Medicare coverage. 

Social Connection Can Ease Symptoms of Depression 

There are so many things you can do to find relief from depression. You may need to make a self-care checklistto remind yourself to practice basic healthy habits, like taking a shower and eating healthfully. Those efforts can help you stay afloat when you are feeling down, but one of the most impactful ways seniors can ease feelings of depression is to stay socially connected. When you feel isolated, research shows you are more likely to feel depressed, which can cause you to isolate yourself even more. You can prevent isolation and depression by reaching out to loved ones for support or by taking up a new hobby that allows you to meet new people, such as volunteering at a local charity or taking a yoga class. Plus, staying physically active can ease feelings of depression as well, so you will be reaping more benefits for your mental health. 

Addiction Often Occurs With Depression in Older Adults 

Getting help for your depression is a good first step towards taking back control of your life. It’s also important to note that depression and addictionoften occur together. Which comes first is hard to pinpoint, but what matters is that those suffering from addiction address mental health issues during their treatment. Going through treatment can make depressive symptoms worse, so it’s also important to take this into account as well. For seniors, alcohol abuseis very common when there is an untreated mental health issue, such as depression. Since drinking can make depression worse, it’s crucial to recognize whether you have an unhealthy relationship with alcohol or other substances and seek out comprehensive treatment to help. 

If you’re a senior who is struggling with depression, you shouldn’t have to suffer alone. There are professionals who can help you feel like yourself again and help you see your way out of the darkness. You just have to reach out and get that help for yourself. 

Author: Teresa Greenhill

Ascension’s CEO Anthony Tersigni announced a series of leadership changes

St. Louis-based Ascension revealed changes to its operational structure and leadership amid the departure of three longtime executives in a Jan. 22 announcement.

The changes include the dissolution of Ascension’s solutions and healthcare divisions. The solutions and healthcare divisions were created in 2012 to improve focus and growth for the system’s subsidiaries.

Officials said the decision to eliminate the divisions stems from the health system’s goal to become a unified organization, One Ascension.

In addition to the organizational changes, Ascension President and CEO Anthony Tersigni announced the departure of three longtime executives, and the creation of a new position.

Patricia A. Maryland, DrPH, will leave the organization after a 15-year tenure. She will continue in her role as CEO of Ascension Healthcare through June 30. After her departure, the position will be eliminated.

Executives John Doyle and David Pryor, MD, will retire at the end of the health system’s fiscal year, June 30.

To support Ascension’s integrated health ministry, Joseph R. Impicciche will assume the newly created role of Ascension president and COO. He will oversee Ascension’s healthcare operations and services and report to Mr. Tersigni.

Mr. Impicciche has served as executive vice president and general counsel since 2004.

Johns Hopkins Reaches Settlement with Registered Nurses Affirming Nurses’ Guaranteed Right to Unionize

Nurses at Johns Hopkins Hospital in Baltimore are hailing as a critical victory a settlement reached with the hospital which reaffirms the nurses’ guaranteed legal right to unionize, said the National Nurses Organizing Committee/National Nurses United (NNOC/NNU) today.  

“This settlement makes clear that nurses have the right to form a union, we have a right to speak with our coworkers about a union, and Johns Hopkins does not have the legal right to target and intimidate nurses who engage in union activity,” said Alex Laslett, RN. “We are organizing at Johns Hopkins because we know a union affords nurses the protection we need to advocate freely for the best care for our patients.”

The settlement resolves unfair labor practices charges filed with the Baltimore-based National Labor Relations Board (NLRB) on behalf of the Johns Hopkins nurses by NNOC/NNU. The NLRB found merit to charges that the hospital broke the law by:

  • The creation of the impression of surveillance and unlawful interrogation in regards to protected union activity,
  • Promulgating and/or enforcing a rule barring off-duty RNs access to break rooms, outside patient care areas, in connection with union activity, and
  • Prohibiting Hopkins RNs from talking about the union at work, while permitting other non-work conversations.

The settlement requires that Johns Hopkins Hospital management post signs throughout the facility affirming the nurses’ right to form a union. The signs declare that Johns Hopkins Hospital will not prohibit nurses from talking about the union, will not create the impression that hospital management is watching out for union activities, will not ask nurses about their union sympathies, and will not discriminatorily enforce its policies on nurses accessing break rooms.