Health IT Roundup—Iranians charged in ransomware attacks; Amazon's medical language processing tool

A computer keyboard with the word ransomware highlighted in red
The DOJ issued its first-ever ransomware indictment for attacks on several hospitals and EHR vendor Allscripts. (Getty/BeeBright)

DOJ hands down an indictment for ransomware attacks

The Department of Justice (DOJ) handed down its first-ever indictment for a ransomware and extortion scheme that targeted several healthcare providers and a major EHR vendor.

Federal prosecutors charged two Iranians—Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri—with deploying SamSam Ransomware attacks to shut down the networks of U.S. hospitals, schools and government agencies. The defendants allegedly used the malware attack to extort the organizations for a Bitcoin ransom in exchange for decryption keys.

Allscripts, LabCorp, MedStar Health and Hollywood Presbyterian were among the healthcare entities targeted by the pair. The attackers collected more than $6 million in ransoms, and victims incurred losses of more than $30 million.

“The defendants did not just indiscriminately ‘cross their fingers’ and hope their ransomware randomly compromised just any computer system,” Assistant Attorney General Brian A. Benczkowski said at a press conference. “Rather, they deliberately engaged in an extreme form of 21st-century digital blackmail, attacking and extorting vulnerable victims like hospitals and schools, victims they knew would be willing and able to pay.” (Release)

RELATED: Physician practices report lost revenue and patient care disruptions following Allscripts ransomware attack

Amazon launches language processing for EHRs

On Tuesday, Amazon announced the launch of Amazon Comprehend Medical, a machine-learning software that can sift through unstructured text in EHRs. In a blog post, Amazon executives said the software can identify medical conditions, anatomic terms, medications, details of medical tests, treatments and procedures.

“Ultimately, this richness of information may be able to one day help consumers with managing their own health, including medication management, proactively scheduling care visits, or empowering them to make informed decisions about their health and eligibility,” they wrote.

The company said it is working closely with Seattle’s Fred Hutchinson Cancer Research Center, using Comprehend Medical to identify patients in clinical trials that could benefit from cancer therapies. (Blog post)

Carin Alliance issues health data code of conduct

The Carin Alliance, made up more than 60 healthcare stakeholders, has issued a voluntary code of conduct for companies that aren't covered under HIPAA. The resource gives healthcare organizations an "enforceable code of conduct" to use for third-party applications that aren't covered by the privacy law to ensure they meet data security requirements.

"The CARIN code of conduct is an effective first step to ensure consumer's data sharing preferences are the foundation for how electronic data exchange will occur between entities not covered by HIPAA," said Mike Leavitt, founder of Leavitt Partners. (Release)

CVS emphasizes digital tools as it closes Aetna purchase

CVS closed its $69 billion deal to acquire Aetna on Wednesday, creating one of the largest healthcare giants to date.

CVS CEO Larry Merlo called the deal “a transformative moment for our company and our industry.” The company promised to “simplify a complicated system” and said patients would benefit from the integration of Aetna’s medical information analytics.

The company is planning to roll out new programs in the coming months, including new digital apps. (FierceHealthcare)