As recently reported by USA Today’s Tony Leys, Bette Helm, 71, lives in a nursing home located in Knoxville, Iowa, a small city in Marion County of about 7,500 people. Like many small rural communities, accessible mental health services in the area are scant. Helm needed to talk to a trained nurse practitioner about her constant bouts with insomnia, and the closest available professional was located around 800 miles away in Austin, Texas. What to do? An in-person encounter was out of the question. Fortunately, the nursing home was able to arrange an appointment with a psychiatric nurse practitioner to help her with her problem. It was done remotely via video conference with Helm “using an iPad that she held on her lap while sitting in her bed,” writes Leys.
“Video visits are an increasingly common way for residents of small-town nursing homes to receive mental health care. Patients don’t have to travel to a clinic. They don’t even have to get cleaned up and leave their bedrooms, which can be daunting for people with depression or anxiety,” he notes. “While use of some other telehealth services may dwindle as the pandemic winds down, providers predict demand for remote mental health services will continue to increase.”
“Supporters of online treatment say it’s a good match for mental health care, especially in settings where in-person services have been hard to arrange,” says Leys, with small-town nursing homes as a prime example. The company providing this service for Helm, Encounter Telehealth, is said to serve more than 200 nursing homes and assisted living centers, mostly in the Midwest, with approximately 95% of those in rural areas. Encounter Telehealth averages up to 2,000 such visits a month. “The practitioners read the patients’ electronic medical records through a secure computer system, and they review symptoms and medications with nursing home staff members before each appointment,” reports Leys. This approach to treatment is made possible by two technological advances: current video systems and the shift to electronic medical records.
It is also pointed out that, even with telemedicine’s efficiencies, staffing can be a challenge for companies providing the service. Many mental health professionals already have more patients than they can handle, and the shortage of mental health professionals nationally has been a health care problem for many years, well before the pandemic.
While Bette Helm’s story stands as a great example of how technology can be used to overcome a serious problem in health care delivery, current technological innovations and advances also leave the door open to a serious crime of opportunity.
In a separate report by USA Today’s Ken Alltucker and Bianca Pallaro, the switch to electronic medical records has created a rich target for hackers. While the health care industry was slow to adopt a transition to computerized records, the passage in 2009 of a federal stimulus bill changed all that by providing lucrative payments to hospitals and other health-related entities that digitalized patient records.
As a result, medical data today has become increasingly vulnerable to hackers, says the report. “The number of attacks has surged since 2019 with organized hackers, often located overseas, infiltrating the computer systems of health providers, locking up critical files and disrupting care,” reports USA Today. With hacks on hospital records surging, who these criminals are going after is changing, they write. “No longer content with stealing data from large companies, attackers are increasingly targeting large metro and small rural hospitals as well as third-party suppliers who bill, mail or provide outsourced services for large health companies,” they write.
A surge in cases during the COVID-19 pandemic “was no coincidence,” says Hannah Neprash, an assistant professor of health policy and management at the University of Minnesota. “It was very much a conscious decision on the part of ransomware actors to take advantage of the fact that the health care system was pretty overwhelmed.”
Says John Riggi, the American Hospital Association’s national adviser for cybersecurity and risk, the federal government’s efforts “created a tremendous amount of cyber risk exposure with all this technology that was deployed. So now we’re left with the responsibility to protect the networks and technology that we were incentivized to implement.” It is being left to hospitals and health companies to upgrade systems “to repel these attacks that can delay care, jeopardize patient safety and cost millions to recover from.”
To their credit, the FBI has had some success in countering attacks. “In January, the Justice Department announced the takedown of the Hive ransomware group that had targeted more than 1,500 victims, including hospitals, schools and businesses,” reports USA Today. The report goes on to say that “by entering Hive’s computer systems, authorities captured encryption keys and gave them to 300 entities that were under attack.” According to officials, “the Hive group had already extracted more than $100 million in ransom from victims around the globe, but a federal campaign halted its attempt to extort an additional $130 million. The Justice Department did not announce any arrests nor did it reveal the location of the individuals behind the ransomware attacks.” It is pointed out that these cases are often hard to prosecute “because hackers are often located in nations unwilling to cooperate and extradite the individuals to the United States.”
In the end, the responsibility for repelling the attacks rests with hospitals, health insurers and other health entities who must build robust defenses and train staff to be aware of such threats, says the report. “These attacks often come from a phishing email that count on an unwitting employee to click a link that delivers ransomware to the health system’s computers,” they say.
The Department of Health and Human Services must publicly report data breaches of protected health information affecting 500 or more people. “Those large breaches increased from 663 in 2020 to 714 in 2021 … Hacking accounts for 80% of the large breaches the federal agency has received,” says USA Today.