The Growing Threat of Cybersecurity Attacks in Healthcare: Change Healthcare Confirms Ransomware Attack

The Growing Threat of Cybersecurity Attacks in Healthcare: Change Healthcare Confirms Ransomware Attack

Optum’s Change Healthcare confirmed today that they did fall victim to a ransomware attack on February 21st, 2024. “Change Healthcare can confirm we are experiencing a cybersecurity issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat,” an Optum spokesperson said, “We are actively working to understand the impact to members, patients and customers.”

This incident underscores the increasingly sophisticated and persistent threats facing the healthcare sector. According to reports, hackers have claimed to have obtained a massive amount of sensitive data, raising concerns about patient privacy and the integrity of healthcare systems. The ramifications of such attacks extend far beyond the immediate disruption they cause. Healthcare organizations are entrusted with vast amounts of sensitive data, including patient records, financial information, and proprietary research. The breach of this data not only compromises patient confidentiality but also poses significant financial and reputational risks to the affected institutions.

Ransomware attacks, where malicious actors encrypt data and demand payment for its release, have become distressingly common in recent years. Their success often hinges on exploiting vulnerabilities in digital infrastructure and human error, such as phishing attacks or weak passwords. Despite efforts to bolster cybersecurity measures, hackers continue to adapt and refine their tactics, making them a formidable adversary for even the most vigilant organizations.

The incident involving Change Healthcare serves as a stark reminder of the urgent need for healthcare companies to invest in robust cybersecurity protocols. Prevention, detection, and response strategies must be continually updated and fortified to withstand evolving threats. This includes implementing encryption technologies, conducting regular security audits, utilizing multi-factor authentication, adopting a SIEM, and providing comprehensive training to staff members to recognize and mitigate potential risks.

Beyond technical measures, addressing the root causes of cyber vulnerabilities requires a multifaceted approach. This includes addressing systemic issues such as legacy systems, which may lack the security features necessary to withstand modern threats. Investing in modernizing infrastructure and adopting emerging technologies like artificial intelligence and blockchain can enhance security while improving efficiency and interoperability within healthcare ecosystems.

In conclusion, the ransomware attack on Change Healthcare underscores the critical importance of cybersecurity in safeguarding patient data and maintaining the integrity of healthcare services. This incident should serve as a wake-up call for the industry to redouble its efforts in fortifying defenses, fostering collaboration, and adopting proactive strategies to mitigate cyber risks. Only through collective action and a commitment to cybersecurity best practices can healthcare organizations hope to stay one step ahead of cyber threats in an increasingly digital world.

 

If you have any questions or concerns, please reach out directly to our Director of Cybersecurity at Bryan.Ament@bluenovo.com.

Your Guide to Navigating the NY Health Care Facility Transformation Program Grant

Your Guide to Navigating the NY Health Care Facility Transformation Program Grant

As the March 13th, 2024, submission deadline quickly approaches, BlueNovo recognizes the significance of this funding avenue and is dedicated to empowering healthcare entities to seize it.

At BlueNovo, we understand that navigating the intricacies of grant applications can be daunting. That’s why we’ve crafted a comprehensive GRANT WRITING ASSISTANCE GUIDE tailored specifically for the NY Health Care Facility Transformation Program Grant of 2024. This guide serves as your roadmap, equipping you with the insights and strategies needed to articulate your vision effectively and maximize your chances of securing funding.

Don’t let this opportunity slip through your fingers. Whether you’re fine-tuning your proposal or starting from scratch, our team stands ready to provide the expertise and support needed to elevate your application. Contact BlueNovo today, and together we can help you secure the essential funding your Health Center rightfully deserves.

Optum/Change Health Care Cybersecurity Incident

Optum/Change Health Care Cybersecurity Incident

As many of you are aware Optum reported a cybersecurity incident that was suffered by Change Health Care, a subsidiary of Optum. As of the most recent update Change Health Care systems and applications remain offline.  Optum made the decision to disconnect all Change Health Care systems when it was determined that a cybersecurity incident occurred, last Wednesday.  This was done to lessen the spread of any potential cybersecurity impacts to its customer base.

Optum, during the investigation has a high level of confidence that the incident only affects the Change Health Care platform and have not found evidence of Optum or United Health Group systems being affected.

There is currently no timetable for return of services provided by Change Health Care.  The organization is providing regular updates, which can be found here: Optum Solutions Status – Update: Some applications are experiencing connectivity issues. (changehealthcare.com) additionally, statuses of individual applications and services can be found here: Optum Solutions Status (changehealthcare.com).

At this time, we do not currently believe customers who use Change Health Care services are at risk of a cybersecurity impact due to incident. With that being said, it is imperative for organizations and their staff to stay vigilant to common tactics of threat actors including phishing, smishing, credential hijacking and bypassing of Multi-Factor Authentication (MFA) Systems with techniques such as MFA fatigue attacks.

We will continue to monitor this incident as more information becomes available. Optum is working with CMS and other government agencies to address care issues that may result due to Change Health Care services being unavailable.

If you have any questions or concerns, please reach out directly to our Director of Cybersecurity at Bryan.Ament@bluenovo.com.

New Funding Opportunity- New York State

New Funding Opportunity- New York State

Funding Opportunity Snapshot

The New York State Department of Health (NYSDOH) and the Dormitory Authority of the State of New York (DASNY) announce the availability of funds through Funding Opportunity 2024 Statewide Health Care Facility Transformation Program IV and V Health Information Technology, Cybersecurity, and Telehealth Transformation to support technological and telehealth projects that facilitate health care transformation activities.

Funding Overview

This funding is intended to cover capital, non-capital, and working capital expenses. The grant aims to assist in the development and implementation of projects that align with specific categories:

  1. Electronic Health Records: Improving the efficiency and quality of care in healthcare organizations through better infrastructure, clinical decision support, and revenue cycle management.
  2. Cybersecurity: Enhancing the cybersecurity posture of healthcare facilities, including compliance with standards such as the NIST cybersecurity framework and HIPAA.
  3. Health Management Tools: Implementing applications that aggregate data to support care provision, improve patient outcomes, and facilitate value-based contracting.
  4. Telehealth: Developing telehealth applications to improve access to care, particularly in regions with limited healthcare providers or specialties.

The primary goal is to improve access to health-related information for providers, support the sharing of data across the healthcare continuum, drive adoption of standards in technology and data formats, provide the Department with improved access to health-related data, and support the growth of telehealth.

Funding Application Details

The New York Health Care Facility Transformation Program Grant 2024 is available to a wide range of healthcare organizations listed in the NYSDOH/DASNY RFA.

Applications are due in the NYS Grants Gateway, Wednesday, March 13, 2024, by 4:00 PM EST.

The anticipated award date is Monday, July 1, 2024.

The application details for the New York Health Care Facility Transformation Program Grant 2024 include specific requirements and focus areas:

  1. Information Exchange Development: Applicants should aim to develop information exchange in primary, acute, post-acute care facilities, and other outpatient services. Projects should align with Department goals, adopt standards in technology and data formats, and improve access to health-related information for providers. This includes supporting data sharing across the healthcare continuum through bi-directional exchange using the Statewide Health Information Network for New York.
  2. Cybersecurity: Projects should support investments for increased cybersecurity of the facility and the security of patient information. They should adhere to national standards like the NIST cybersecurity framework, HIPAA security rule, and support readiness for a third-party certification.
  3. Health Management Tools: Projects should focus on enhancing electronic medical records (EMRs) to support workforce needs via streamlined clinician workflows, provide or improve clinical decision support, and make other investments that boost provider productivity, monitor outcomes, and participation in value-based contracting.
  4. Telehealth: The grant supports the growth of telehealth and remote patient monitoring advancements, access, and addressing the digital divide in rural communities.
  5. Consistency with DSRIP and Medicaid 1115 Waiver Program Principles: The care services developed as a result of the Eligible Project should be consistent with DSRIP (Delivery System Reform Incentive Payment) and Medicaid 1115 waiver program principles. This includes improving core population health, patient outcomes, patient experience, and incorporating a sustainable business model with a transition to a value-based payment model.
  6. Public Health Law Compliance: Applicants are advised to comply with Public Health Law 2825-g and Chapter 54 of the Laws of 2024.

Grant Eligibility

To be eligible for funding, applicants must demonstrate how their project aligns with the Department’s goals. These goals include improving access to health-related information for providers, supporting data sharing across the healthcare continuum, driving the adoption of technology standards, enhancing the Department’s access to health-related data, and supporting the growth of telehealth.

Applicants should describe how their project will contribute to the long-term financial sustainability of their organization, impact quality of care, patient outcomes, and experience, integrate, preserve, or expand essential health care services, relate to identified community needs, advance health equity, benefit Medicaid or Medicare enrollees and uninsured individuals, and address the limited access to alternative financing.

Regarding fund allocation, the grant is discretionary, and the decision to award or not to award, or to award a grant at a funding level that is less than the amount requested by the applicant, is at the discretion of the Commissioner of Health and is not subject to appeal. The decision not to fund an application will be communicated by letter, and comparisons with other grant applications will not be made during a debriefing. The decision to change the terms and conditions is also discretionary and not subject to appeal.

These requirements ensure that the projects funded by the grant not only contribute to the technological and telehealth development in healthcare facilities but also align with broader healthcare goals and standards set by the state and federal guidelines.

How BlueNovo can help?

BlueNovo is the most trusted healthcare & technology partner of FQHCs and CHCs nationwide. We partner with community-based healthcare organizations to achieve profound solutions within their strategic technology imperatives. Many of BlueNovo’s core service offerings align with the NYSDOH-DASNY Statewide Health Care Facility Transformation Program IV and V Health Information Technology, Cybersecurity, and Telehealth Transformation Grant activity. Now is the perfect opportunity to complete the grant application and plan for the upcoming funding. Careful planning will ensure that your Health IT infrastructure, Cybersecurity, and EHR applications are well-positioned to meet the criteria for funding and the long-term needs of your organization. Don’t let this funding opportunity pass. Get in Touch Now.

Funding Opportunity Snapshot ARP-UDS+

Funding Opportunity Snapshot ARP-UDS+

Funding Opportunity Snapshot FY 2022 American Rescue Plan Uniform Data System Patient-Level Submission Funding (ARP-UDS+)

ARP-UDS+ Funding Overview

The purpose of the ARP-UDS+ one-time investment is to support HRSA-funded health centers and look-alikes to respond to and mitigate the spread of COVID-19 and enhance health care services and infrastructure. The goal is to expand the value of UDS data to the Health Center Program while improving how health centers prepare and submit UDS data. This effort will enable health centers to tailor their efforts to improve health outcomes and advance health equity, more precisely targeting the needs of specific communities or patients.

Funding Application Details

FY 2022 ARP-UDS+ funding is available to H8F-funded health centers and L2C-funded look-alikes -all CHCs — both grantees and Look-Alikes – can receive up to $60,000 in one-time funding. Applications are due in HRSA’s Electronic Handbooks by 5:00 p.m. ET on Monday, May 23, 2022.

What can the funds be used for?

The funds may be used to support any ARP or UDS+ activities listed in the ARP-UDS+ Activities Plan.

There are four main areas of focus:

  • Reporting Modernization. Improve UDS reporting through advances in health information technology. This effort includes the UDS Patient-Level Submission (UDS+) Initiative to transform aggregation of UDS clinical quality measures from health center- to patient-level data for the 2023 UDS report.
  • Content Review. Update UDS tables and content to improve data standardization and quality, including clinical quality measure (CQM) alignment.
  • Stakeholder Engagement. Get feedback from UDS stakeholders on proposed changes to UDS reporting processes, tables, and measures.
  • Testing. Before implementing changes, testing innovations with health centers through the UDS Test Cooperative and other pilots (such as the UDS+ CAREWare Pilot).

How BlueNovo can help?

BlueNovo works exclusively with community health centers (CHCs) to bridge the gap between quality improvement and health IT. Many of BlueNovo’s core service offerings align with the ARP UDS+ grant activity. Now is the perfect opportunity to complete the grant application and plan for the upcoming funding. Careful planning will ensure your health IT infrastructure and EMR applications are well-positioned to meet the criteria for funding and the long-term needs of your organization. Don’t let this funding opportunity pass. Get in touch now.

Medcurity and BlueNovo Announce Cybersecurity Partnership

Medcurity and BlueNovo Announce Cybersecurity Partnership

Medcurity and BlueNovo announce a strategic cybersecurity partnership supporting community health centers.

Wednesday, April 6, 2022

SPOKANE, Washington/SILVER SPRING, Maryland–Medcurity, a leading cybersecurity risk management platform for healthcare organizations, and BlueNovo, a leading provider of strategy, managed technology, health information technology, and cybersecurity services for federally qualified health centers, announced a strategic partnership today. The two companies are collaborating to bring clarity and practical guidance and support for security and compliance at Community Health Centers (CHCs), Federally Qualified Health Centers (FQHCs), Primary Care Associations (PCAs), Health Center Controlled Networks (HCCNs), and affiliated community-based organizations.

Medcurity and BlueNovo will jointly offer a comprehensive and actionable security risk analysis, leveraging Medcurity’s intuitive and powerful platform and BlueNovo’s technical and cyber-expertise. Together, they will provide CHCs with industry-leading software and the resources to mitigate risks, protect critical data assets and ensure compliance.

With the sharp rise in cyber-attacks in the healthcare space, security risk awareness and proactive risk mitigation are more critical than ever before. This partnership will directly benefit CHCs, protecting them from these threats and giving them the peace of mind required to provide the highest quality care possible to their underserved communities.

“We are always looking for ways to better serve our community health centers given the limited resources available to them. This is especially important in today’s volatile cybersecurity climate” says Roopak Manchanda, CEO, BlueNovo. “A HIPAA Risk Assessment (SRA) is the foundation for practice compliance and risk mitigation. Medcurity’s platform is intuitive, making the entire process much easier to manage for us and our customers. This is exactly the type of innovation we want to jointly bring to CHCs.”

“This is a critical time to help all healthcare organizations meaningfully measure and reduce their security risk,” says Joe Gellatly, CEO of Medcurity. “BlueNovo has a proven record in providing highly valuable IT and advisory services to community health centers. With the powerful and intuitive Medcurity platform, we will work together to support and protect our essential safety net providers.”

About BlueNovo:

BlueNovo is a national leader in provider and patient-centered healthcare, quality, and technology services exclusively for Community Health Centers and similar healthcare providers. With offices nationally in DC, IL & CA, they specialize in assisting safety-net organizations to achieve profound solutions to their strategic Health IT imperatives.

Within BlueNovo’s five practice areas – (1) Clinical Transformation & QI, (2) Strategy & Risk, (3) EHR Implementation & Optimization, (4) Cybersecurity, and (5) Technology Managed Services – they deploy cost-effective solutions that improve patient care and simplify processes while ensuring greater customer service. For more information regarding BlueNovo, visit www.bluenovo.com

About Medcurity:

Based in Spokane, Washington, Medcurity was founded by Joe Gellatly and Amanda Hepper. Their team has decades of experience in healthcare, technology, and compliance. Medcurity was built to help healthcare organizations manage complex HIPAA and security requirements in one powerful platform. Medcurity is a cloud-based platform that automates and manages all the requirements behind HIPAA compliance, from the HIPAA security risk analysis to privacy & security policies, as well as business associate agreements and HIPAA training.

Download the Press Release