Issue link: https://beckershealthcare.uberflip.com/i/1444560
40 CIO / HEALTH IT Microsoft warns of continued Log4j exploitation attempts By Naomi Diaz M icrosoft is urging companies to remain vigilant and use scan- ning systems to detect unusual activity as Log4j's continued ex- ploitation attempts occur. Microsoft warned organizations in a Jan. 3 blog post that the attempts against Log4j, a highly-utilized open-source code, are extremely threat- ening and could pose security risks to the healthcare sector. "Exploitation attempts and testing have remained high during the last weeks of December," Microsoft's blog post stated. "We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-key- board attacks." The company's blog post stated that this is a real and present danger to the environments of companies and organizations. The impact will be widespread due to the amount of services and soft- wares affected in the exploitation attempt, and remediation will take some time, according to the post. n Patient access best with Epic, Meditech: KLAS By Jackie Drees E pic secured the highest client satisfaction scores for patient ac- cess functionality compared to fellow EHR competitors Meditech and Cerner, according to a Dec. 9, 2021, KLAS Research report. For its "Patient Access 2021" report, KLAS analyzed data from healthcare providers about the patient access plat- forms they use. Each year, the research firm interviews thousands of healthcare professionals about the IT services their organizations use. KLAS' report examines patient access offerings from Epic, Meditech and Cerner and customers' perceptions of how well the vendors deliver function- alities, including address verification, cost estimates, coverage discovery, eligibility certification, scheduling and prior authorizations. Here are the overall performance scores for the EHR vendors, based on a 100-point scale: • Epic: 89.5 • Meditech: 84.6 • Cerner: 70.6 In a Dec. 10, 2021, statement shared with Becker's, Cerner affirmed its focus on improving usability, creating action- able data insights and simplifying the billing process. In 2020, it launched its Engage and Access patient access offer- ing that aims to provide a more consum- er-driven patient access model. "This report, as well as client feedback heard through other channels, validates why Cerner has made broad swings in our revenue cycle strategy," a company spokesperson said. "We are confident that our decisions have put us on a path to advance improvement in our caregiv- ers' experience and performance." n Former Northwell employee charged with HIPAA violation for snooping patient EHRs By Jackie Drees H untington (N.Y.) Hospital, part of New Hyde Park, N.Y.-based Northwell Health, began notifying about 13,000 patients that their protected health information was improperly accessed by a former employee, the hospital said in a November 2021 online notice. e hospital determined that a night-shi employee inappropriately accessed patient in- formation between October 2018 and February 2019. e employee was immediately suspended and later terminated. Huntington Hospital worked with law enforcement on the incident investigation, which "included following instructions to delay notifying any patients who were potentially impacted by this incident through November 2021," according to the online notice. e former employee is being charged with a criminal HIPAA violation as a result of the investigation, the hospital said. Patient information that may have been exposed by the incident included names, birth dates, addresses and medical record numbers. No Social Security numbers, insurance information, credit card numbers or other payment-related information was accessed. Huntington Hospital is offering all patients affected by the incident one year of free iden- tity the protection services. e hospital has also strengthened its access controls and provided targeted re-training of staff on patient confidentiality practices. n