Issue link: https://beckershealthcare.uberflip.com/i/1120168
45 CIO / HEALTH IT Vulnerability found in Philips' EMR puts patient data at risk By Mackenzie Garrity T he U.S. Department of Homeland Security and Philips issued an alert April 30 that the information technology vendor's EMR sys- tem Tasy has a cross-site scripting vulnerability that could put patient information at risk, according to GovInfoSecurity.com. "Philips has become aware that under certain specific conditions, an attacker with low skill may potentially compromise patient confidenti- ality, system integrity and/or system availability," the alert said. "Some of the affected vulnerabili- ties could be attacked remotely." Tasy system with soware versions 3.02.1744 and earlier were included in the security alert. If the system is fully exploited, hackers could put unexpected data into the application, execute arbitrary code, alert the intended control flow of the system and access sensitive information. Since the alert, Philips has discovered no evi- dence of exploitation of the vulnerability, Gov- InfoSecurity.com reported. ere has also been no misuse of clinical information. "Philips analysis has shown that it is unlikely that this vulnerability would impact clinical use, due to mitigating controls currently in place. Philips analysis indicates that there is no expectation of patient hazard due to this issue," the company wrote in the alert. Customers have been guided to follow manu- facturer instructions in the system configuration manual and avoid giving internet access to the EMR outside a virtual private network. "Cross-site scripting is not new; it's been on the Open Web Application Security Project list of top 10 common website cyber issues for sever- al years," Mark Johnson, a security consultant at LBMC Information Security, told GovInfoSecu- rity.com. "And the fact that the industry is still facing problems from issues this old doesn't fill me with great confidence that our industry can handle the more sophisticated attacks that are coming our way." n ER shift can require 4,000 EHR clicks By Mackenzie Garrity D epending on the EHR system physicians use, they can spend significant time clicking on their computer screen, 62 clicks specifically just to order Tylenol, according to Fox News. For physicians working a full shift in the emergency room, more than 4,000 clicks are required through- out the day. With all that clicking, come mistakes. Former FDA Commissioner Scott Gottlieb high- lighted the risks patients face from poorly designed EHRs. He cited babies dying because medications were ordered incorrectly and patients being giv- en false diagnoses all because scans were sent to wrong files. The blame game then becomes muddled. Is the physician at fault or the system? "It's not that we're a bunch of Luddites who don't know how to use technology," an ER physician told Kaiser Health News, according to Fox News. Former President Barack Obama in 2009 created the Health Information Technology for Economic and Clinical Health Act, requiring all medical re- cords to be stored electronically within five years. The law sent many health technology companies off and running with ideas on creating new EHRs. It also left physicians scrambling to learn new systems with little training. n Dr. David Feinberg moved from Geisinger to Google to reach 'a billion patients a day' By Andrea Park D avid Feinberg, MD, made waves in November 2018 when Google announced that he would be leaving his post as president and CEO of Danville, Pa.-based Geisinger Health System to become VP of Google Health. During a panel discussion at the Milken Institute's Global Conference on April 29, Dr. Feinberg finally explained his reasoning for the pivot. According to a transcript of the conversation shared by STAT's Rebecca Robbins on Twitter, when asked what he has to offer the tech giant, and vice versa, Dr. Feinberg cited his obsession with "same-day access" to healthcare. He developed this passion at University of California Los Angeles Health (where he served on the faculty before eventually becoming president and CEO), then continued to cultivate it at Geisinger, even as the number of patients for whom he was responsible grew from several hun- dred as a clinic director at UCLA to Geisinger's 3 million. "Then Google calls, and they're talking about a billion patients a day. And I'm like, 'I'm all in — I mean, if you allow me to treat them like they're my patients,'" Dr. Feinberg said. "Google, I think, has seven or eight products that have over a billion users a day…and they want to do the same in health." He continued, "I want every person who goes to Google Search…or is getting their eyes read by one of our computers or whatever to be treated like they're my patient. I want the care to be safe, high-quality, low-cost, culturally sensitive." n