Tag: cybersecurity

MHA and CyberForce|Q In-Person Cybersecurity Workshop

Member News
MHA Events

MHA EventsThe MHA is partnering with Endorsed Business Partner (EBP) CyberForce|Q to offer the in-person workshop Enhancing Your Cybersecurity: Tabletop Training and Incident Response Workshop from 9:00 a.m. to noon, May 22 at the MHA headquarters in Okemos. Led by Alex Sabin, participant success leader, CyberForce|Q , the workshop will guide participants through an engaging, informative and interactive Incident Response Tabletop Exercise.

Throughout the workshop, attendees will explore three critical phases of a simulated cyber-attack:

  1. Intricacies of social engineering aimed at the IT Help Desk.
  2. Complexities of living-off-the-land attacks.
  3. Challenges of detecting and preventing data exfiltration techniques.

By attending this workshop, attendees will:

  • Experience a sense of challenge during tabletop exercises, leading to the identification of potential unnoticed gaps in an Incident Response Plan.
  • Engage in hands-on group activities that will provide a tangible understanding of potential cyber-attacks, enabling collaborative discussions within teams to refine decision-making processes and procedures.
  • Gain a profound understanding of the critical significance of roles, responsibilities and communication protocols in effective incident response.

With over 25 years of experience in providing cybersecurity services, CyberForce|Q has developed and implemented quantifiable programs that assess and execute safety measures for organizations of all sizes, with proven results. Providing a wide range of services to a diverse group of industries, including hospitals and healthcare, CyberForce|Q meets organizations where they are in their cybersecurity journey. Its goal is to enhance the current capabilities of its partners, utilizing technology-agnostic solutions that can be integrated with an organization’s current technologies and systems.

The event is free of charge and open only to MHA member organizations and invitees. Members are encouraged to register, as this event will only be held in-person and seating is limited. Light breakfast and refreshments will be provided. Registrations will be accepted up to one day before the event date, if space is available.

Members with questions should Rob Wood at the MHA. To learn more about CyberForce|Q, contact John Kelley, regional sales director – Midwest, CyberForce|Q.

MHA CEO Report — Cybersecurity Takes Center Stage

MHA Rounds, Issues in Healthcare, Top Issues - Healthcare
MHA Rounds image of Brian Peters

“There are only two types of companies: those that have been hacked, and those that will be.”  Robert Mueller

“Dear Health Care Leaders,

As you know, last month Change Healthcare was the target of a cyberattack that has had significant impacts on much of the nation’s health care system. The effects of this attack are far-reaching; Change Healthcare, owned by UnitedHealth Group (UHG), processes 15 billion health care transactions annually and is involved in one in every three patient records. The attack has impacted payments to hospitals, physicians, pharmacists, and other health care providers across the country. Many of these providers are concerned about their ability to offer care in the absence of timely payments, but providers persist despite the need for numerous onerous workarounds and cash flow uncertainty.”

So began a letter dated March 10 from Xavier Becerra, the Secretary of the U.S. Department of Health and Human Services (HHS), referencing what is emerging as one of the most extensive and impactful cyberattacks in U.S. history. The scrutiny directed at Change’s parent company UnitedHeath Group – from Congress, HHS, the media and others – is only just beginning, and there is no telling what sort of new regulations, penalties and associated policy change will be the end result. In the meantime, the MHA has stepped up to support our members by sharing as much information and intelligence as possible, and by advocating for flexibility and relief from both private payers and the state Medicaid program.

America’s hospitals are no strangers to external events creating seismic upheaval in our daily operations. Sometimes those events emanate from the world of public policy and politics, sometimes they come in the form of a localized natural disaster or tragic mass casualty event, and no one needs to be reminded of the impact of the global COVID-19 pandemic. But in the wake of the Change Healthcare crisis, there is no doubt cybersecurity now deserves to be on the top of the list of concerns for hospital leaders across the country, and right here in Michigan.

For some time now, the FBI has stated that healthcare organizations are the top target of cybercriminals across the globe, and these attacks have increased significantly in the last two years. Data sharing requirements in healthcare and the connectivity of health information – while well-intended – creates many potential risks for cybercriminals to exploit. Hospitals take these attacks extremely seriously. They are threat-to-life crimes because of the impact they can have on patient safety and access to care, and are formally treated as such by the FBI.

Again, this is not a new issue. A year and a half ago, cybersecurity was the topic for my CEO Report, where we expressed the potential for cybercrimes to cripple an organization. At that time, we saw how multi-national organizations with U.S.-based operations were impacted when Ukrainian government and critical infrastructure organizations were victims of cyberattacks during the Russian invasion of Ukraine. Yet again, we saw how the breach of one organization can cause rippling consequences for an entire industry; one that accounts for 17.3% of our nation’s Gross Domestic Product.

This is why the MHA has been engaged on this topic for many years and goes to great lengths to assist our members. The MHA was closely involved in the creation of the Michigan Healthcare Security Operations Center (HSOC) to help monitor and react to cyber risks with participating member organizations. We also partner with MHA Service Corporation Endorsed Business Partner CyberForceQ, a leader in the field, to assist members who need cybersecurity assistance. For the first time, we also have our very own MHA Vice President and Chief Information Security Officer, Mike Nowak, who works closely with the HSOC, our member CISOs and our external partners in this space. And Jim Lee, our senior vice president, data policy & analytics, continues to lead our MHA Health Information Technology Strategy Council, which is providing meaningful insight on the impact of this latest attack.

It can take months for a third-party review to determine what information was breached and ultimately taken. But from the hospital perspective, it is clear the Change Healthcare cyberattack is yet another example of a breach that initiates with an outside vendor, and those vendors are not always completely transparent and forthcoming with those organizations directly impacted by the breach. One thing we know for sure: our hospitals are victims in these situations and should be treated as such. We want to work with state and federal policymakers and regulatory agencies to prevent cyberattacks, and to root out and punish the criminals who perpetrate these crimes. We will be very concerned about any proposals that unfairly punish hospitals or create new barriers to our ability to provide timely access to quality care.

Our members are going to great lengths to mitigate potential risk. However, more can be done at a federal level to thwart bad actors. Hospitals and health systems are part of critical infrastructure, so our law enforcement agencies need the funding and staff to defend against cybercriminals. The American Hospital Association urged the government to use all diplomatic, financial, law enforcement, intelligence and military cyber capabilities to disrupt these criminal organizations, much like what was done in the global fight against terrorism in the wake of 9/11.

Thankfully, it appears our hospitals and health systems in Michigan have been able to manage this crisis better than counterparts in other states. The work of the MHA and our partners has helped make Michigan a leader in this space and to be prepared to respond to these situations. Our cybersecurity efforts are constantly at work, 24/7 year-round, mirroring the same cadence of our hospitals and their patient care. Yet the human component of healthcare is the most vulnerable. It only takes one individual to not notice a phishing or social engineering attempt for yet another failure that can impact hundreds of organizations, thousands of healthcare workers and tens of thousands of patients. This is why we must remain constantly vigilant as the cyber threat landscape continues to grow.

As always, I welcome your thoughts.

Chief Healthcare Executive Quotes Peters on Cybersecurity

MHA In The News, Top Issues - Healthcare, Issues in Healthcare

Chief Healthcare Executive published an article March 5 about the impact of the Change Healthcare cyberattack on hospitals and health systems across the country. The publication spoke with several state hospital associations representing Michigan, Florida, Massachusetts, Pennsylvania and Washington. MHA CEO Brian Peters is quoted in the story discussing why healthcare is a frequent target of cybercrimes and what the effects of the attack have been in Michigan.

“We are aware the cybersecurity event has impacted healthcare services, including patients’ ability to receive prescriptions and hospital billing,” said Peters. “However, the impact varies by organization, depending on each hospital’s or health systems’ existing relationships with Change Healthcare.”

Members with any questions regarding media requests should contact John Karasinski at the MHA.

Peters Appears in CNN & Crain’s Stories

Top Issues - Healthcare, Issues in Healthcare, MHA In The News

MHA CEO Brian PetersThe MHA received media coverage the week of Feb. 26 that includes quotes from MHA CEO Brian Peters appearing in stories by CNN and Crain’s.

CNN published an article Feb. 26 on the Michigan economy and aging population. Included in the story is a section on healthcare emerging as the state’s largest private sector employer. The section highlights how the aging population is leading to an increased need for healthcare services and references the 27,000 job openings in Michigan hospitals.

“Those folks who are headed off to their retirement days, they are the ones who demand more health care services,” said Peters.

Crain’s Detroit Business reported on the Change Healthcare cyberattack in a story published Feb. 29. The story looks at how market consolidation and the growing need for data sharing has led to higher cybersecurity risks for healthcare organizations. Peters mentions how healthcare is the top target for cybercriminals and explains the challenges faced by hospitals.

“These continued cybersecurity challenges stem from the complex and interconnected nature of hospital information technology systems, which often require integration with external software and hardware to support clinical operations, patient care and administrative functions,” said Peters. “Furthermore, hospitals must navigate a regulatory landscape that demands compliance with health information sharing, privacy and security laws, making the management of third-party risks a critical, yet challenging, aspect of their cybersecurity strategy.”

Crain’s Grand Rapids also published an article Feb. 26 on new state laws that increase the penalties for violence committed against healthcare workers or volunteers. The story looks at the increased rates of violence committed against healthcare workers and the issues it creates for workplace safety, recruitment and retention.

“It is flat out inappropriate to physically attack a healthcare employee and there are going to be consequences if and when it happens,” said Peters. “It’s a signal that we’re not going to tolerate this anymore.”

Members with any questions regarding media requests should contact John Karasinski at the MHA.

MHA CEO Report — The State of Healthcare

Issues in Healthcare, Top Issues - Healthcare, MHA Rounds
MHA Rounds image of Brian Peters

“Mankind’s greatest achievements have come about by talking, and its greatest failures by not talking. It doesn’t have to be like this. Our greatest hopes could become reality in the future. With the technology at our disposal, the possibilities are unbounded. All we need to do is make sure we keep talking.”
 Stephen Hawking

The new year always brings two traditional speeches from lawmakers: Gov. Whitmer just recently delivered her annual State of the State address, while President Biden will share the annual State of the Union address on March 7. While the economy, housing, education, border security, climate change and other important issues are featured in these speeches, the reality is that healthcare remains a top concern for millions of Americans, and therefore will continue to be front and center for elected officials and candidates at the state and federal level throughout this election year.

The bottom line is that the fragility of the healthcare continuum was exposed during the pandemic and four years later, the aftershocks can still be felt. Let’s touch on just a few issues that dictate the state of healthcare in 2024:

Healthcare Workforce

Michigan hospitals employ roughly 219,000 people and are desperately trying to hire thousands more in every corner of the state. A survey we conducted last year showed there were over 27,000 job openings in Michigan hospitals. Hospitals are often the largest employer in their respective communities and serve as critical economic engines. It takes longer to deliver care when hospitals don’t have enough staff, impacting the experience of patients and families.

Much like other industries in Michigan, healthcare has a supply and demand issue, but we feel it in a uniquely acute manner: the aging population not only contributes to an exodus of talent from the field, but it increases demand for healthcare services at the same time. And because we are classic “price-takers” when it comes to a huge share of our business (i.e. Medicare and Medicaid tell us what they are going to pay), our ability to pass rising labor (and supply chain) costs along to consumers is extraordinarily limited. The financial performance of hospitals across the state and country has been negatively impacted as a direct result, and it fuels our advocacy efforts related to our ongoing viability.

Healthcare needs to continue to refill the talent pipeline and we’re making progress on these efforts. From the MI Hospital Careers campaign to the individual partnerships created between health system and secondary-education institutions, the effort is being made to increase the supply of future professionals. I’m encouraged to hear Gov. Whitmer’s proposal for tuition-free community college for all Michiganders who graduate from a Michigan high school. We have been active in advocating for such a policy to improve the number of students pursuing these pathways to address the nursing shortage.

Behavioral Health

Behavioral healthcare in Michigan continues to be in crisis. We need to fund, support and reform our systems to better meet the behavioral healthcare needs of our communities.  Responding to MHA advocacy, the Michigan Legislature provided $50 million in grant funding last year to increase access to pediatric inpatient behavioral health services. We are encouraged by what our member hospitals have planned to improve access, but more needs to be done. This will be a focus area for us in Lansing through the rest of the year, specifically looking at solutions that include continuing to expand care locations, clarifying insurance coverage policies and increasing the number of providers.

Prescription Drug Affordability

Increasing prescription drug costs are a key driver of escalating healthcare costs. These increased costs are not just experienced by patients at their local pharmacies, but hospitals are also large purchasers of prescription drugs and are experiencing the same costs, threatening their viability. Data shows drug costs rose by 36.9% from 2019 to 2021 and currently account for the largest portion of healthcare insurance premiums, costing 22.2 cents for every dollar.

With these dramatic cost increases, the 340B drug pricing program has never been more important. This critical program allows safety net hospitals and other community care organizations to access certain outpatient prescription drugs at discounted prices. It does not require any state taxpayer dollars and has contributed to supporting access to care to Michigan’s most vulnerable patients for more than 30 years. We’re hopeful to see legislation passed to protect these hospitals and the benefits they provide, such as supporting OB services, financial assistance programs for low-income patients or lowering the cost of prescription drugs.

Emerging Technology and AI

Technology continues to provide many opportunities and growth for healthcare. It can serve as a “force-multiplier” that allows our staff to work smarter, extending their impact. If used correctly, technology can improve the patient experience, care delivery, worker satisfaction and more. We’re already seeing it with the dramatic growth in the utilization of telehealth and the emergence of artificial intelligence (AI) applications throughout healthcare. Technology can help expand access to care for many of our rural or disadvantaged residents who are confronted with a variety of social barriers.

We’re seeing great innovation when it comes to technology and I expect even more in the years ahead. The “disruptors,” that is to say, the large, global companies known for their technological innovation (and deep financial resources) are increasingly turning their attention toward the $4 trillion American healthcare market. These entities could be viewed as a potential threat to traditional healthcare providers, payors and others in the health ecosystem – but could also be viewed as potential collaborators and strategic partners. Without a doubt, the future delivery and financing model will be shaped in some way by this development.

At the same time, the rise of sophisticated technology and the inter-connectedness between healthcare entities, their patients and the rest of the world gives rise to the specter of cybercrime. This topic is worthy of its own special focus (stay tuned for more on that in the months ahead), but for now, let me just point to the fact that the MHA was proud to be ahead of the game in this regard, helping to launch our own healthcare-focused cybersecurity operations center right here in Michigan with MHA Endorsed Business Partner CyberForceQ.

These are just a few of the countless, complex issues that will impact Michigan healthcare in the year ahead. Plenty to be concerned about, for sure. But I remain fundamentally optimistic and hopeful about the future. Our healthcare workers are committed and resilient. And our policymakers continue to acknowledge the dependent relationship their communities have with healthcare. While I know better than to predict much of anything in an election year, I feel confident in predicting healthcare will continue to help make Michigan a better place, no matter what the political winds bring our way. All we need to do is continue our most human connection – let’s keep talking with each other and craft a positive future together.

As always, I welcome your thoughts.

Headline Roundup: Cybersecurity & Nurse Staffing Ratios

Member News, Issues in Healthcare, MHA In The News

The MHA received media coverage since Jan. 4 related to hospital cybersecurity, proposed legislation mandating hospital nurse staffing ratios and maternal health. Below is a collection of headlines from around the state, which include interviews with MHA CEO Brian Peters.

Friday, Jan. 12

Wednesday, Jan. 10

Sunday, Jan. 7

Thursday, Jan. 4

Members with any questions regarding media requests should contact John Karasinski at the MHA.