Health IT Roundup—Feds issue emergency hijacking directive; North Carolina introduces strict data breach law

Nuix's latest Black Report offers insights straight from the mouths of hackers and penetration testers (Image xijian / iStockPhoto)
CISA detected that hackers were redirecting mail and web traffic from federal agencies—yet another challenge for those agencies in weathering a government shutdown. (xijian/iStockPhoto)

DHS issues emergency hijacking directive

The Department of Homeland Security sent a rare emergency directive to HHS and other agencies, giving them 10 days to secure their DNS infrastructure.

The directive comes after the Certified Information Systems Auditor (CISA) detected a tampering campaign that was redirecting web and mail traffic from several federal agencies. It didn't specify which agencies were affected, precisely, but all federal agencies must now audit their DNS servers and change their DNS account passwords.

“CISA recommends agencies prioritize NS records and those associated with key agency services offered to organizational users and the public (for example, websites that are central to the agency’s mission, MX records, or other services with high utilization),” officials wrote. (Health IT Security article)

Webinar This Week

Optimizing Healthcare Operational Excellence to Drive Care Transformation

Join us in this webinar to learn how organizations have leveraged modern technology to enable transformative innovation and continuous improvement across their operations resulting in overall cost savings, process optimization, and clinical improvements.

North Carolina readies for take 2 on data breach notification law

A year after their first attempt at reforming North Carolina's data breach notification law, legislators are reintroducing a revised version. The bill, which mandates that organizations report a breach within 30 days of discovering it, would cut the current notification time in the state in half.

“We are strongly committed to getting this right and creating a strong framework for protecting our most personal information,” North Carolina Representative Jason Saine, R-Lincoln County, one of the members who introduced the bill, said in a statement.

Similar laws are under consideration in several other states as well. (Health IT Security article)

Vanderbilt demos AI-powered voice assistant for EHRs

In a first for providers, Vanderbilt University Medical Center is developing a voice assistant for its electronic health record system. The goal, according to its developers, is to make it easier for physicians to retrieve a piece of information from a patient's file during an exam.

"It is a time-consuming and tactually complicated effort to understand the patient story," said Yaa Kumah-Crystal, M.D., core design adviser at Vanderbilt. "Often you know what piece of information you want but are forced to forage through a graphical user interface designed by someone that does not understand your clinical workflow. This can be an exasperating experience and one of the reasons EHRs often are cited as contributors to physician burnout."

The medical center is consulting with Epic, which is also working on a voice assistant for EHRs. (Healthcare IT News article)

Suggested Articles

Federal lawmakers are putting pressure on HHS to make big changes to forthcoming rules on data sharing and information blocking.

New York-based Northwell Health launched a new mobile app that's an Uber for blood draws.

Patient engagement, analytics and precision medicine will be key to shifting to value-based care, but funding is a significant challenge, CIOs say.