Archives for 2020
For many years, the healthcare industry has been generally immune from the barrage of cyber-attacks which have been primarily directed towards the financial and retail sectors. In addition, data breaches tend to involve lost or stolen devices, often with unencrypted data.
Today, healthcare entities have become prime targets for cyber-attackers, who are drawn to rich repositories of personal data that can fetch prices 20 to 30 times higher on the black market than stolen credit cards. Last year, an estimated 66% of healthcare organizations experienced a cybersecurity incident impacting approximately 109 million patients. Overall, cyberattacks cost the US healthcare system about $6 billion a year. The attacks come from sophisticated networks of cybercriminals, often located overseas.
The potential damage to an institution’s financial stability and reputation from one of these breaches is significant, which is why every executive up to the CEO along with members of the board of directors should be concerned. However, a 2015 survey of nearly 300 healthcare organizations found that just a quarter allocated more than 6% of their annual budgets to IT security. About half allocated less than 3%. In addition, few had committed a significant percentage of IT employees to the issue.
Be prepared. Ask your Account Manager for more information on our Security Risk Assessments.
UNDERSTANDING THE BREACHES
While there are numerous types of attacks, including distributed denial of service, phishing, and advanced persistent threat attacks, healthcare executives should be aware of two recent additions:
- Business email compromise. Also known as “CEO fraud,” this attack begins with an email sent directly to the CFO, ostensibly from the company’s controller, asking for an electronic funds transfer. The email appears legitimate because it includes information gleaned from social media. The FBI issued an alert on this type of attack last year, calling it an “emerging global threat.”
- Ransomware. Hospitals are the perfect target for ransomware, in which cyber-attackers infiltrate IT system with malware. Once they have control of the system and/or its data, they demand payment to return control. In February, Hollywood Presbyterian Medical Center experienced a ransomware attack that prevented staff from being able to access electronic health records. The hospital eventually paid hackers $17,000 in ransom to regain access. A similar attack at MedStar Health in Maryland required the system to shut down its entire computer networks for several days and providers to revert to paper processes.
CONNECTED DEVICES A THREAT
Hackers have a unique advantage in hacking into hospital systems that doesn’t exist in either retail or banking sectors: interconnected medical devices. Nearly every device in a healthcare setting, from infusion pumps to MRIs, has a computer chip that allows it to communicate with the EHR and other systems. Most run legacy software that hasn’t been updated in years and have hard-wired passwords that haven’t been changed. Not only can hackers then move into the organization’s main IT systems from the device, but they could reprogram them to cause harm to patients.
TAKING AN OFFENSIVE APPROACH
It is nearly impossible to completely protect your IT systems against cyberattacks. However, there are numerous steps healthcare organizations can take to take to minimize the number and severity of such attacks:
- Employ a strong security posture, including multi-layered endpoint and network security, encryption, strong authentication and monitoring capabilities; first-and-foremost, ensure all software and plug-ins are up-to-date.
- Regularly conduct risk assessments and mock exercises; analyse the results, assess lessons learned, and quickly address any identified vulnerabilities.
- Provide mandatory ongoing education and training for all employees; enforce the use of strong passwords; in addition, make sure users understand and practice good security hygiene.
- Hire and maintain an appropriately sized and skilled IT security team. Also consider pre-contracting with top-tier managed security service providers and third-party experts to assist in the event of a breach.
It’s not a question of whether or not your facility will be attacked; it will, and probably already has. The question is: “Can I contain the damage and defeat the attackers?”
Be prepared. Ask your Account Manager for more information on our Security Risk Assessments.
In the face of the global pandemic, a key first step in returning to normalcy involves contact tracing: identifying who has COVID-19, who has been exposed to the novel coronavirus, and who is immune to contracting COVID-19. These are critical elements required to keep our communities healthy and economies open as we manage current infections and plan for future waves of the disease.
Cities, states, and organizations nationwide have created robust strategies for designing and implementing the necessary COVID-19 Contact Tracing workforce. Plans call for tens of thousands of newly trained public health workers to conduct contact tracing of COVID-19 infections. This new workforce is necessary because of decades of declining public health support and funding. Those cutbacks have left many public health agencies unequipped to respond to the current pandemic.
COVID-19-Related Mental Illness
In addition to the COVID-19 infection control measures, there is the rapidly rising risk for COVID-19-related mental illness, including depression, post-traumatic stress disorder, suicide, and alcohol and drug misuse. High unemployment coupled with widespread social isolation is projected to contribute to tens of thousands of “deaths of despair.” While the initial COVID-19 response has appropriately focused on containing the infection, this emerging mental health epidemic within the pandemic requires immediate attention if we are to avoid additional suffering and death. Several solutions come to mind, notably asking contact tracers to screen those they contact for mental illness, including substance abuse disorder (SUD), and make appropriate treatment referrals.
Make sure you and your practice are prepared. Ask your Account Manager for more information on our assessURhealth services.
Implementing COVID-19 Mental Health Tracing Requires A Multidisciplinary Effort
First, we must engage primary care providers and clinics that are perfectly poised to support public health agencies in tracing patients with COVID-19 infection and exposure. Primary care practices are particularly well equipped, as they have been the first point of contact for many patients with COVID-19 symptoms, infections, and questions.
Primary care practices are also well positioned to help identify and treat those suffering from declining mental health and substance use challenges stemming from the COVID-19-related economic downturn, unemployment, and social isolation. Many primary care practices include a diverse team of providers, including physicians, social workers, nurses, medical assistants, counselors, and others. These varied teams can support the mental health needs of their patients at a variety of levels.
Second, we should include primary care practices in legislative solutions, funding, and national organizational efforts to increase COVID-19 contact tracing. To implement interprofessional training and inclusion of primary care clinicians and practices in the growing COVID-19 tracing workforce, we encourage national primary care organizations—such as the Primary Care Collaborative, American Academy of Family Physicians, American Academy of Pediatrics, American Psychological Association, and Society for General Internal Medicine—to engage local and national public health organizations such as the National Association of County and City Health Officials, the Association of State and Territorial Health Officials, and the American Public Health Association.
Third, we should engage the new public health workforce, primarily contact tracers, in screening and referral for mental health issues, including substance use disorder (SUD). The new workforce will require education and training on COVID-19 contact tracing recommendations and guidelines. Basic clinical education in mental health and SUD screening and referral for care should be included in national training programs.
As with current contact tracing, mental health screening would be voluntary with an aim towards stigma reduction, educating people about symptoms and assisting them in seeking help. Privacy must be a top priority. Because contact tracers are not mental health professionals, screening and referral would be peer-to-peer communication to help those suffering mental health problems access care in their local community. It might be most effective to engage local mental health providers to train contact tracers in basic mental health screening and SUD screening to assure questions and referrals are relevant to the local community.
COVID-19 contact tracers call and interact with dozens of people each day. The time necessary for mental health screening and referral would increase the duration of contact-tracing calls; however, it could identify people at risk of depression, drug or alcohol misuse, and suicide. Local communities would be best equipped to determine the balance of effort applied to contact tracing and mental health tracing—in areas of higher infection rates, it might be important to use the limited resources available to trace infections. As communities begin to recover, contact tracing might be able to spend more time in mental health and SUD screening. The extra time in screening and referral would be worth it.
We Need Policies That Support Coordinated Public Health, Primary Care, And Mental Health
COVID-19 offers an unprecedented opportunity to rebuild our community health infrastructure so that primary care, public health, and mental health professionals are a unified team supporting and promoting the health of the population. Such a team could deliver the needed robust tracing of COVID-19 infection and COVID-19-related mental health issues. These combined efforts could lead to further collaborative work that addresses community health as a whole, leading to local, multisector communities of solution and moving beyond historically siloed, transactional medical offices and health agencies. If we focus solely on contact tracing of COVID-19 infection and ignore the rising surge of mental illness, we miss an important opportunity to prevent a new wave of morbidity and mortality.
Two specific solutions for aligning public health, primary care, and mental health moving forward are to improve our interprofessional education and use existing resources for addressing mental health challenges, particularly those that utilize non-mental health professionals. Medical Schools, public health schools, graduate medical education, and community health worker training should implement interprofessional education regarding COVID-19 contact and mental health tracing as part of their core curricula. Federal funding for COVID-19 contact tracing should include training in mental health screening and referral and incorporate current primary care providers in COVID-19 contact tracing efforts. States should incorporate primary care and mental health into local COVID-19 contact tracing efforts and funding initiatives.
Systems for identifying and treating mental illness have been successfully implemented in communities around the nation and internationally. We can draw from elements in these models as we create our public health-primary care communities of solution. Mental Health First Aid, an international mental health training program, has been used to train non-mental health professionals to respond to mental health crises, and can be used as a model for training our new public health workforce. In response to suicide clusters found in Palo Alto, CA and Fairfax, VA, community members joined forces to create a coordinated response to identifying and offering resources to teens suffering with mental illness. Both localities used an Epi-Aid team from the Centers for Disease Control and Prevention to offer technical assistance for their multi-sector approach, something states should consider as they deploy their public health-primary care partnerships.
COVID-19 Mental Health Call To Action
It is essential to contain the COVID-19 infection through robust contact tracing. We call on those implementing COVID-19 contact tracing to train this workforce to also address the projected rise in mental illness and SUD. We call on federal and state policy makers to include funding for mental health education and training for COVID-19 contact tracers. We call on local public health departments to include primary care and mental health providers in current COVID-19 contact tracing efforts, to improve mental health outcomes over the coming months.
Make sure you and your practice are prepared. Ask your Account Manager for more information on our assessURhealth services today.
TAMPA, Fla. – DAS Health, the Tampa-based industry leader in health IT and management, has been ranked on the Inc. 5000 List of the nation’s fastest growing companies for the 8th year since 2012. This is a remarkable accomplishment, as only a fraction of companies have made the list twice, and only 1% of companies ranked have made the list eight or more times.
The list represents a unique look at the most successful companies within the American economy’s most dynamic segment—its independent small businesses. Microsoft, Timberland, Vizio, Intuit, and many other well-known names gained their first national exposure as honorees on the Inc. 5000.
DAS has grown exponentially in the last 3 years. “We are very honored to be recognized once again on such a prestigious list. Our team’s drive and dedication make us unmatched in the Health IT and management services sector,” said David Schlaifer, President and CEO. “It is our people and our passion for customer service that have relentlessly led to our continued growth and innovation.”
About DAS Health
DAS Health has been a leading provider of Health IT and management solutions and a trusted consultant to independent physician groups, hospitals, and healthcare systems across North America since 2003. Headquartered in Tampa, FL, with regional offices in Las Vegas and New Hampshire, DAS delivers superior Information Technology, Electronic health records (EHR), RCM medical billing, value-based care, patient engagement and practice management solutions for over 15,000 users nationwide. Visit DAShealth.com to learn more.
TAMPA, Fla. – DAS Health Ventures, Inc., an industry leader in health IT and management, announced today it completed the acquisition of Technology Seed, LLC a managed IT and cybersecurity services company based in Salem, NH. This acquisition strengthens DAS’ position in the MSP sector and significantly advances its growth strategy to build the leading managed IT and services provider to physician groups, hospitals and healthcare systems throughout the country.
DAS Health actively serves more than 1,500 clients, 3,000 clinicians and 15,000 total users nationwide. With its headquarters in Tampa, Florida, a regional office in Las Vegas, Nevada and a significant presence in Georgia, Illinois, New Jersey, North and South Carolina, Texas, and Wisconsin, DAS Health serves clients throughout nearly all 50 states. The recent acquisition significantly enhances their presence in New England, and as a result DAS Health has now added a regional office in New Hampshire that will create opportunities for greater regional support of its entire solutions portfolio.
“Technology Seed offers an exciting opportunity for DAS to strengthen and expand our managed IT services throughout the country, and specifically in New England” stated David Schlaifer, DAS Health President and CEO. “I am pleased to welcome Kurt Simione and his team to the DAS family. With this strong addition to our portfolio, we look forward to unlocking additional value for our clients.”
This is the largest of over a dozen acquisitions in the past several years made by DAS, which has become known for its ability to identify quality companies that are a strategic fit and rapidly integrate them in order to continually enhance the customer experience for clients of both companies. Cogent Growth Partners assisted DAS in the acquisition.
“Joining DAS will allow us to expand and enhance our current services.” said Kurt Simione, Founder and President of Technology Seed; “their commitment to client success, employee growth and company culture makes them an excellent fit for us and our clients.”
Both companies’ clients will gain an increased depth of IT and security support, and Technology Seed’s healthcare clients will now have a substantially improved value proposition, as DAS Health’s award-winning offerings are robust, including practice management and EHR software sales, support and hosting, revenue cycle management (RCM), managed IT services, security risk assessments (SRA), MIPS/MACRA reporting & consulting, mental & behavioral health screenings, chronic care management, telemedicine, and other value-based and patient engagement solutions.
About DAS Health
DAS Health has been a leading provider of Health IT and management solutions and a trusted consultant to independent physician groups, hospitals and healthcare systems across North America since 2003.
Headquartered in Tampa, FL, with regional offices in Las Vegas and now New Hampshire, DAS delivers superior Information Technology, RCM medical billing, value-based care, patient engagement and practice management solutions for over 15,000 users nationwide. It includes representation and support of various EHR platforms, including NextGen® Office and Henry Schein MicroMD®, is the largest reseller of Aprima® and e-MDs Lytec, Medisoft, and Practice Partner solutions, and providing RCM, Managed IT, System Interfaces and numerous other services in conjunction with AdvancedMD®, Athenahealth®, Allscripts®, eClinicalWorks™, GreenwayHealth™, and many others. Visit DAShealth.com to learn more.
About Technology Seed
Since 2000, Technology Seed has been a premier provider of Managed IT services and Managed Security services to businesses across the country. Headquartered in Salem, NH, Technology Seed combines a unique blend of strong technical and engineering talent with highly-dedicated customer service. The company intelligently adapts to changing technology to maintain IT integrity, Cybersecurity and proactive IT management for thousands of users.
Cogent Growth Partners is a buy-side focused merger & acquisition advisory firm (not a sell-side broker) working exclusively with clients and candidates in the IT Services industry who are in the MSP, Cyber Security/MSSP, Cloud Services and IT Software/SaaS sectors generally. Cogent combines industry specific M&A transaction expertise with its deep IT operations know-how to help its clients and candidates in the IT space discover the Opportunity-Delta© that will help them swiftly grow to become a more successful company that is able to produce significantly improved financial results and greater equity value for its owners. www.cogentmergers.com
Aprima® is a registered trademark of Aprima Medical Software, Inc., an eMDs Company; eMDs, eMDs Plus, Lytec, Practice Partner and Medisoft are trademarks of eMDs, Inc. AdvancedMD® is a registered trademark of AdvancedMD, Inc. Allscripts® is a registered trademark of Allscripts Healthcare Solutions, Inc. Athenahealth® is a registered trademark of Athenahealth, Inc. eClinicalWorks™ is a trademark of eClinicalWorks, LLC. GreenwayHealth™ is a trademark of Greenway Health, LLC. MicroMD® is a registered trademark of Henry Schein Medical Systems, Inc. NextGen® Office is a registered trademark of QSI Management, LLC.
TAMPA, FL, April 14, 2020 – DAS Health, an industry leader in health IT and services, announced today that it has implemented three key programs to support independent clinicians during and after the COVID-19 pandemic.
The health dangers and economic uncertainties of the pandemic converge at physician practices … clinicians are on the frontline of delivering patient care while simultaneously grappling with running a small business under the most challenging of circumstances. DAS Health is offering technology solutions and multiple financial assistance programs to offset some of these risks, including a telehealth program, online access to mental health screening, and payment deferments.
To enable clinicians to continue seeing patients while maintaining the social distancing recommended by the CDC, DAS Health is rolling out a telehealth solution with free implementation and a significant fee reduction on software. In partnership with DrFirst™, DAS Health will deliver the Backline® platform, a best-in-class care coordination solution, to its client network of nearly 3,000 clinicians across all 50 states. “Backline is simple and effective, and we have built a seamless integration with over 95% of the physician practice management and EHR systems currently in place with our clients,” said David Schlaifer, President and CEO of DAS Health, “This accelerates clinicians’ use of technology to provide a high level of patient care while maintaining social distancing protocols.” G. Cameron Deemer, President of DrFirst added, “We are committed to working closely with DAS Health to give its clinicians quick access to Backline so they can continue to take care of their patients. As a HIPAA-compliant, full care collaboration platform, Backline can be an integral part of an efficient practice now and after this public health crisis is resolved.”
DAS Health also announces a significant modification to its electronic mental and behavioral health screening tool, assessURhealth™, making it possible for patients to complete assessments online, in compliance with updated CMS guidelines. Clinicians can now implement the program at a deeply reduced cost and with no implementation fees. With assessURhealth, healthcare providers can assess patients’ anxiety and depression levels, as well as their propensity for drug abuse, alcohol misuse and suicide risk, among other factors, and to provide them the assistance they need, at the time they need it. Schlaifer explained, “Unfortunately, we understand that these behavioral health issues are on the rise during this time, and we want to help do our part to keep them to a minimum.”
In addition to discounts and waived fees, DAS Health is announcing a Payment Deferral Assistance (PDA) program, which allows clients to defer up to four months’ payments with a repayment term of up to five years with no interest, giving them a financial lifeline. “The program’s acronym is aptly named ‘PDA’, as it is truly our way of publicly showing our affection and appreciation for those who are on the front lines of this pandemic,” said Schlaifer. “The vast majority of our clients are small businesses who need assistance, and don’t necessarily have the bandwidth to optimize all the resources available to them right now. So, from one small business to another, we decided to help out directly.” Rod Gisi, Practice Manager at Sylvia A. Gisi MD, Inc. in Temecula, California said, “The DAS team has been very hands on and helpful during this challenging time. I appreciate everything DAS Health is doing for our practice and how quickly they have been able to help.”
Since 2000, DrFirst™ has pioneered healthcare technology solutions and consulting services that securely connect people at touchpoints of care to improve patient outcomes. We create unconventional solutions that solve care collaboration, medication management, price transparency and adherence challenges faced in healthcare. We unite the Healthiverse™ by providing our clients with real-time access to the information they need, exactly when and how they need it – so patients get the best care possible. To learn more, visit DrFirst.com.
About DAS Health
DAS Health has been a leading provider of Health IT and management solutions and a trusted consultant to independent physician groups, hospitals and healthcare systems across North America since 2003. Headquartered in Tampa, FL, with a regional office in Las Vegas, NV, DAS delivers superior health IT, RCM medical billing, value-based care and practice management solutions. DAS Health has been recognized for seven consecutive years as a top healthcare company on the Inc. 500|5000 list, serving nearly 3,000 clinicians and 15,000 healthcare professionals, caring for over 10 million patients nationwide.
DAS Health offers representation and support of various EHR platforms, including Aprima®, e-MDs, Lytec, Medisoft, Practice Partner, NextGen® Office and Henry Schein MicroMD®; as well as RCM, Managed IT, System Interfaces and numerous other services in conjunction with AdvancedMD®, Allscripts®, athenahealth, eClinicalWorks™, GreenwayHealth™, and many others. Visit DAShealth.com to learn more.
DrFirst is a trademark and Backline is a registered trademark of DrFirst. Aprima® is a registered trademark of Aprima Medical Software, Inc., an eMDs Company; eMDs, eMDs Plus, Lytec, Practice Partner and Medisoft are trademarks of eMDs, Inc. NextGen® Office is a registered trademark of QSI Management, LLC. MicroMD® is a registered trademark of Henry Schein Medical Systems, Inc. AdvancedMD® is a registered trademark of AdvancedMD, Inc. Allscripts® is a registered trademark of Allscripts Healthcare Solutions, Inc. athenahealth is a trademark of athenahealth, Inc. eClinicalWorks™ is a trademark of eClinicalWorks, LLC. GreenwayHealth™ is a trademark of Greenway Health, LLC.
– Current and former patients of Richard Davis, MD, who operates The Center for Facial Restoration, have received ransom demands from a cybercriminal who hacked the clinic’s server.
Other providers have reported extortion attempts after a breach in the past year, including CarePartners and plastic surgeon Robert Spies, MD. However, this is one of the first reported incidents where the hackers targeted the patients, rather than just the provider.
In a letter to patients, Davis reportedly received a letter from hackers who claimed they had breached the clinic’s servers and obtained the complete medical records of patients, which could be used to publicly exploit patients or be traded to third parties.
The hackers demanded a ransom payment from Davis and by November 29, about 15 to 20 patients reported to the clinic that they also received individual extortion attempts from the hackers “threatening the public release of their photos and personal information unless unspecified ransom demands are negotiated and met.”
On November 12, Davis filed an FBI complaint and met with agents in an effort to examine the scope of the cyberattack and source of the ransom demands. While the investigation continues, patients receiving ransom demands are being encouraged to file individual complaints with the FBI.
The hackers potentially stole the personally identifiable information from an estimated 3,500 former and current patients.
The provider explained that PII is stored in a scan of the patient’s intake demographic questionnaire, rather than an electronic demographic database, which has made obtaining contact information for impacted patients “painstakingly slow and labor intensive.”
What’s more, data access continues to be hindered by ongoing IT service disruptions, Davis explained. Patients are urged to share the notification with any known patients of The Center for Facial Restoration.
Davis has since installed new hard drives, firewalls, and detection software to reduce the potential of future cyberattacks, “but no system is foolproof, and even the US government with all its resources has been victimized repeatedly.”
“While upgrading my defenses clearly won’t help those individuals whose data has already been stolen, there is reason to suspect that the theft of patient photographs may be limited to only a very small number of individuals – mostly those patients who used email to send or receive their photographs – so the upgrades may prove useful,” Davis said.
“I deeply regret that individuals currently or formally under my care have been victimized by this criminal act, and I urge you to monitor your financial information closely,” he added. “I am sickened by this unlawful and self-serving intrusion, and I am truly very sorry for your involvement in this senseless and malicious act.”
The hack mirrors past security incidents of the notorious hacker known as thedarkoverlord, an anonymous hacking group that targeted a wide range of organizations – including the Athens Orthopedic Clinic in Georgia.
One known member of the group is currently standing trial in St. Louis for his role in the hacking efforts, including aggravated identity theft and conspiring to commit computer fraud offenses.
- 1. ACOs may affect physician employment patterns, JAMA study finds
- 2. OIG: CMS paid out $434M in improper premium assistance payments
- 3. Opioid prescriptions aren’t decreasing, study finds
- 4. ACOs using medical home physicians save money, yield higher quality, report finds
- 5. Uninsured rate stays stable in 2018