Health IT Roundup—Feds issue emergency hijacking directive; North Carolina introduces strict data breach law

Nuix's latest Black Report offers insights straight from the mouths of hackers and penetration testers (Image xijian / iStockPhoto)
CISA detected that hackers were redirecting mail and web traffic from federal agencies—yet another challenge for those agencies in weathering a government shutdown. (xijian/iStockPhoto)

DHS issues emergency hijacking directive

The Department of Homeland Security sent a rare emergency directive to HHS and other agencies, giving them 10 days to secure their DNS infrastructure.

The directive comes after the Certified Information Systems Auditor (CISA) detected a tampering campaign that was redirecting web and mail traffic from several federal agencies. It didn't specify which agencies were affected, precisely, but all federal agencies must now audit their DNS servers and change their DNS account passwords.

“CISA recommends agencies prioritize NS records and those associated with key agency services offered to organizational users and the public (for example, websites that are central to the agency’s mission, MX records, or other services with high utilization),” officials wrote. (Health IT Security article)

Report

Driving Engagement in an Evolving Healthcare Ecosystem

Deep-dive into evolving consumer expectations in healthcare today and how leading providers are shaping their infrastructure to connect with patients through virtual care.

North Carolina readies for take 2 on data breach notification law

A year after their first attempt at reforming North Carolina's data breach notification law, legislators are reintroducing a revised version. The bill, which mandates that organizations report a breach within 30 days of discovering it, would cut the current notification time in the state in half.

“We are strongly committed to getting this right and creating a strong framework for protecting our most personal information,” North Carolina Representative Jason Saine, R-Lincoln County, one of the members who introduced the bill, said in a statement.

Similar laws are under consideration in several other states as well. (Health IT Security article)

Vanderbilt demos AI-powered voice assistant for EHRs

In a first for providers, Vanderbilt University Medical Center is developing a voice assistant for its electronic health record system. The goal, according to its developers, is to make it easier for physicians to retrieve a piece of information from a patient's file during an exam.

"It is a time-consuming and tactually complicated effort to understand the patient story," said Yaa Kumah-Crystal, M.D., core design adviser at Vanderbilt. "Often you know what piece of information you want but are forced to forage through a graphical user interface designed by someone that does not understand your clinical workflow. This can be an exasperating experience and one of the reasons EHRs often are cited as contributors to physician burnout."

The medical center is consulting with Epic, which is also working on a voice assistant for EHRs. (Healthcare IT News article)

Suggested Articles

In turn, UPMC will also become a strategic investor in CarepathRx, officials said.

Walmart has tapped Cambia Health Solutions' Cheryl Pegus, M.D., to serve as its new executive vice president of health and wellness.

Andor Health just landed an investment from Microsoft's venture arm to expand its AI-powered virtual health program.