How Premera Blue's Breach Reveals Weaknesses in Health Care Security
Washington-state based Premera Blue Cross announced a breach...
Another big name in health insurance has been the latest victim of a massive cyber attack.
Washington-state based Premera Blue Cross announced a breach earlier this week that could have affected up to 11 million customer records. The records included credit card numbers, Social Security numbers and information about medical problems.
While the attack was just made public, Premera issued a statement saying it discovered the breach on Jan. 29 – around the same time that Anthem was breached. The Anthem breach compromised the information of nearly 80 million people.
It's possible that the attacks were related — done by the same perpetrator. At least that's an educated guess from the cybersecurity company iSight Partners.
Premera also says the attack itself started in May of last year. But iSight found a suspicious domain called "prennera.com," an address that may have been made to spoof Premera's official website. It was created in December 2013.
“Attackers gained unauthorized access to our IT systems and may have accessed the personal information of our members, employees and other people we do business with. The privacy and security of our members’ personal information is a top priority for Premera. We value the trust you place in us to keep your personal information secure and we regret the concern that this attack may cause you,” stated Premera.
The health plan is cooperating with the FBI in its investigation, and is also working cybersecurity firm Mandiant "to both investigate the attack and cleanse our IT system of the infection created by that attack."
Moreover, it is offering members two years of free credit monitoring and identity protection services from Experian, and "taking additional steps to strengthen and enhance the security of our IT systems moving forward."
"I recognize the frustration that the news of this cyberattack may cause," said Premera president and CEO Jeff Roe, in a statement. "The privacy and security of our members' personal information is a top priority for us. As much as possible, we want to make this event our burden, not yours, by making services available to protect you and your information moving forward."
Security experts say this attack should once again serve as a clarion call: Health care is in the crosshairs.
"While banks and financial institutions are the classic targets, these have been increasingly improving their security for the past five years, and like security professionals always say: attackers will find their way to the next available target on their list," said Shahar Tal, vulnerability research team leader at cybersecurity firm Check Point, in a press statement.
"Providers in this vertical should all heighten their alert status, proactively monitor their infrastructure for suspicious logs, and put protections in place that will prevent them from being the next target," he added.
The Premera breach "once again demonstrates the failure of flawed, outdated assumptions: over-reliance on 'guard the door' entry point security and early technologies such as simplistic single-key encryption schemes is a quaint and dangerous approach to a 21st century problem," added Richard Blech, CEO of Secure Channels, in a statement.
"To be an entrusted safe-keeper of private and sensitive consumer information," he said, "an insurer or provider has to protect said data by encrypting it."
Five minutes with Stanley Healthcare's Troy Dayon
Stanley Healthcare provides technology solutions for caregivers, whether they are in a hospital, a care home, or at home. Here the company's President Troy Dayon explains the challenges carers face and what role technology plays in care for the elderly.
The healthcare workforce is shrinking while the population is aging. How can this be addressed?
Not only is the healthcare workforce shrinking, but the industry is facing the issue of overload and burnout among healthcare professionals.
One major approach to address this is to help each caregiver to accomplish more – not by pushing them harder but by focusing their attention on the things that matter most, harnessing technology such as AI and machine learning.
This technology provides caregivers with information on what care is needed, and which patients or residents to focus on first based on risk or acuity. The insights that it provides can help caregivers to be more efficient and address issues that would usually require more of their time, such as critical asset location, which takes time away from giving the care where it’s needed most.
What do healthcare providers need to do to address clinician burnout?
It is key for healthcare providers to understand the setting and the specific environment in which clinicians have been working. Many hospitals across the globe reconfigured entire wards to treat COVID-19 patients, and for more than a year, clinicians have been working in crisis mode.
They need the opportunity to return to regular, sustainable routines, supported by technologies that help make them more efficient, but also more fulfilled because they maximise time with patients, applying their hard-earned education and experience to work at the top of their license.
In aged care, the experience of managing a highly contagious and deadly virus has reinforced the need for a proactive approach to managing the health of residents. Caregivers need predictive tools like the Foresite solution to help them understand which residents are at greatest risk, so they can focus their efforts where they can have the most impact.
How can technology support older people?
AI-based technology such as Foresite harnesses a range of passive monitoring technologies to develop a baseline profile of a resident in aged care that highlights changes in health or behaviour. This information can help caregivers see where and when they need to spend their time, identifying heightened risk for falls and early indication of heart issues and even infections.
In fact, the technology has been shown to accurately predict events like falls, which allows intervention prior to an event occurring, rather than just automating routine processes.
Beyond this, connecting caregivers remotely to seniors to provide efficient care outside of traditional care settings is crucial. During the pandemic, there was a marked increase in the use of telehealth and remote monitoring of vitals, medication management and daily health.
These technologies fill a major gap in healthcare delivery: care for patients once they’ve been discharged from hospital, or for seniors who need some level of care but don’t need to be in an aged care home. By caring for people effectively in their own homes, we can help reduce the burden on hospitals from readmissions and leverage the expertise of aged care organisations beyond the confines of the four walls of the facility.
A lot of care is in fact delivered by unpaid carers. How can they be better supported with tech?
The remote monitoring technology that professional caregivers have access to can, in turn, also provide information and support to unpaid caregivers. For example, helping ensure a loved one is taking their medication, or knowing when they might be experiencing a change in health that can put them at risk.
Human observation is inherently limited, no matter how often you see a loved one, and you can’t always rely on what a senior says about themselves. It’s very common that they downplay problems, because no one wants to be a burden or relinquish their independence.
Remote solutions that connect family to an older relative help increase safety and wellbeing for the senior and reduce the burden on caregivers. They also make possible care decisions based on facts. At some point, a senior may need to transition to an aged care setting, which is often a difficult family conversation. This is an area where we can offer support to unpaid caregivers – reassurance during what is typically a very stressful period for the people providing that care.
In Japan several large hospitals are deploying robot nurses. Is this a potential solution?
I think the best path for robotics in healthcare is to focus on the root problem. It’s about dealing with a limited number of caregivers for a population that’s rapidly aging. Robotic technologies offer solutions that support the human healthcare providers with the information they need to make better and faster decisions about care. It’s about convergence and use of technology rather than a specific solution such as a robotic nurse.
This technology could be in the form of AI and machine learning or a robotic agent for routine administrative tasks. Removing low-value activities that distract caregivers from giving care is a key focus when it comes to robotics in healthcare. This automation can free up time for caregivers to spend more time with patients while optimising workflows.
Robots in this sense don’t replace humans. They are leveraged for what they do well – repetitive routines done with speed and precision – while humans are given the time and space to deliver what ultimately we all want: human-centered care.