May 17, 2020

How EHRs are preventing prescription fraud and abuse

EHR
healthcare
Surescripts
EHR
Admin
2 min
How EHRs are preventing prescription fraud and abuse
Recent data from the nations leading health information network, Surescripts, reveals more than 48,000 providers in New York have adopted technology to...

Recent data from the nation’s leading health information network, Surescripts, reveals more than 48,000 providers in New York have adopted technology to combat prescription fraud and abuse and improve patient care.

Since March 1, the number of New York providers enabled for electronic prescribing of controlled substances (EPCS) increased 28 percent, as the state moves closer to the March 27 deadline to comply with the Internet System for Tracking Over Prescribing (I-STOP) mandate that requires the use of electronic prescribing.

RELATED TOPIC: Why Patients Should Care How their Doctors Feel About EHRs

Doctors in New York are outpacing their counterparts in other states, with just eight percent of providers enabled for EPCS nationwide compared to 47 percent in New York. This is a significant improvement compared to one year ago, when fewer than two percent of providers in New York were ready.

Meanwhile, pharmacy adoption of the technology is nearly universal, with 95 percent of pharmacies in New York enabled to receive prescriptions for controlled substances electronically.

RELATED TOPIC: TOP 10: Most Popular EHR Software Solutions

This rapid increase in adoption was made possible because of electronic health record (EHR) software vendors’ certification of the technology, which is a necessity in order for prescribers to start using it.

Currently, EHRs serving 96 percent of prescribers in New York are certified for EPCS. As a result, many providers are already utilizing the technology, with 37 percent of all EPCS transactions nationwide in March coming from New York.

RELATED TOPIC: Physicians Identify Concerns With EHR Technology

“The industry has made remarkable progress in adopting this critical technology that can have a direct and immediate impact on improving patient care and saving lives,” said Tom Skelton, Chief Executive Officer of Surescripts. “As we look beyond New York, we will continue to expand the connections we have with software vendors, providers and pharmacies to broaden the utilization of e-prescribing for controlled substances and add considerable value to the nation’s healthcare system.”

Electronic prescribing offers many benefits for patients, providers, pharmacies, and the healthcare system as a whole. It is safer and more convenient for patients by ensuring a prescription reaches a pharmacy, and it improves patient medication adherence.

RELATED TOPIC: Top 10 EHRs According to Physicians

The technology is more efficient for doctors and pharmacists and improves prescription accuracy. E-prescribing of controlled substances is designed to improve both the doctor and the patient experience with increased safety and security while ensuring the patient’s choice of pharmacy.

Let's connect!   

Click here to read the latest edition of Healthcare Global magazine!

Share article

Jun 17, 2021

Peloton vulnerable to cyber attacks, McAfee research finds

cyberattack
fitness
Cybersecurity
verification
3 min
​​​​​​​Software security experts McAfee discovered exercise bikes by Peloton are vulnerable to cyber attacks, which the company have since resolved 

Peloton, the popular exercise bikes, were found to be vulnerable to cyber attacks according to the latest research from McAfee. 

For those still unfamiliar with Peloton, it is a brand of electric bikes that combines high end exercise equipment with cutting-edge technology. Its products use a wi fi connection to connect to a large tablet that interfaces with the components of the exercise device, and provides an easy way for physical activity enthusiasts to attend virtual workout classes over the internet several times a week.

“Behind the scenes is a standard Android tablet, and this hi-tech approach to the exercise bikes has not gone unnoticed. Viral marketing mishaps aside, Peloton has garnered attention recently regarding surrounding the privacy and security of its products. So McAfee decided to take a look for themselves and purchased a Peloton Bike+.

The problem

Researchers looked at Android devices, and uncovered a vulnerability  that could allow an attacker with either physical access to the Bike+ or access during any point in the supply chain to gain remote access to the bike’s tablet, including the camera, microphone and personal data. 

To the user there would be no indication the Bike+ has been tampered with, potentially putting Peloton’s 16.7 million users at risk of  being hacked.  

The flaw was found in the Android Verified Boot (AVB) process, leaving Peloton open to attackers. 

They were able to bypass the Android Verified Boot process, which normally verifies all code and data within the system before booting. Researchers were able to get the device to boot bypassing this step. 

This can lead to an Android OS being compromised by an attacker who is physically present. Even worse, the attacker could boot up the Peloton with a modified credential to gain privileges, granting them access to the bike remotely. 

As the attacker never has to unlock the device to boot it up, there would be no trace of any access they achieved on the device. This type of attack could also happen at any point from construction to warehouse to delivery, by installing a backdoor into the Android tablet without the user ever knowing. 

The solution

Given the simplicity and criticality of the flaw, McAfee informed Peloton even as auditing was ongoing. The vendor was sent full details,  and shortly after, Peloton confirmed the issue and subsequently released a fix for it. 

The patched image no longer allows for the “boot” command to work on a user build, mitigating this vulnerability entirely. Further conversations between McAfee and  Peloton confirmed that this vulnerability is also present on the Peloton Tread exercise equipment. 

Peloton’s Head of Global Information Security, Adrian Stone, commented on the research: “this vulnerability reported by McAfee would require direct, physical access to a Peloton Bike+ or Tread. Like with any connected device in the home, if an attacker is able to gain physical access to it, additional physical controls and safeguards become increasingly important.

"To keep our members safe, we acted quickly and in coordination with McAfee. We pushed a mandatory update in early June and every device with the update installed is protected from this issue.”

Share article