120,000 Health Alliance Plan customers’ data at risk due to vendor data breach
More than 120,000 Health Alliance Plan (HAP) clients' personal and protected medical information may have been compromised in a security breach, the Detroit Free Press reported on Tuesday.
Letters notifying customers of the breach were sent last week by Wolverine Solutions Group, a Detroit-based company HAP hired to manage its mailing services. The letters said the security problem occurred on or around Sept. 23, when Wolverine Solutions Group "experienced a ransomware incident—a malicious software that attacked and locked up our servers and workstations."
HAP said on Tuesday in a statement that the incident may have exposed customers' names, addresses, dates of birth, member identification numbers, healthcare provider names, patient identification numbers and claim information,
Blue Cross Blue Shield of Michigan customers were notified in December that their information may also have been compromised in the same breach. A Blue Cross Blue Shield of Michigan spokeswoman said in an email to the Free Press that about 150,000 members were impacted, with about 100,000 of them residing in Michigan. (Detroit Free Press)
25% of healthcare organizations have experienced device-related data breach
One-quarter of healthcare organizations have experienced a data breach due to a mobile device being compromised, with 67% of those organizations reporting a major breach, according to Verizon’s Mobile Security Index report.
Of those organizations reporting a device-related compromise, 41% said it was a major breach with lasting repercussions and 43% said remediation was difficult and expensive. Healthcare was less impacted than other industries, according to the survey: 42% of financial services companies reported a device-related breach, 31% of educational organizations and 33% of telecom companies. This could either mean that there were fewer compromises industrywide or that the healthcare organizations surveyed weren’t as good at identifying when a compromise had taken place, the survey report said.
Compared to the all-industry average, healthcare organizations were much more likely to have been notified of a breach by a customer or partner: 53% versus 38% of all industries surveyed.
Across all industries, 83% of executives said their organization was at risk of mobile threats; however, despite the risk, almost half (48%) said they had sacrificed security to “get the job done,” up from 32% last year. (Survey)
Federal agencies launch opioid detection challenge
The Department of Homeland Security (DHS) Science and Technology Directorate and U.S. Customs and Border Protection, along with the U.S. Postal Inspection Service and the Office of National Drug Control Policy, launched a technology challenge for new tools to help disrupt the flow of opioids into the U.S.
The federal government is looking for solutions ranging from forensic science to industrial quality assurance to artificial intelligence.
The challenge, which has a total pool prize of $1.55 million, seeks “novel, automated, nonintrusive, user-friendly and well-developed designs for tools and technologies that have the potential to quickly and accurately detect opioids in parcels, without disrupting the flow of mail,” according to the announcement. (Announcement)
UPMC Enterprises files federal trademark for cloud solution
The University of Pittsburgh Medical Center’s commercialization arm is developing a downloadable cloud-based software designed to serve as a health IT infrastructure for the sharing of healthcare data, Health Data Management reported.
Called the healthcare operating system (hcOS), UPMC Enterprises recently filed a federal trademark registration for the solution with the U.S. Patent and Trademark Office.
In addition to facilitating the availability of data for providers, payers and consumers, hcOS is envisioned as a platform that provides tools for developers to create healthcare apps, UPMC Enterprises officials said. (Health Data Management)