The Florida Department of Health is facing system outages affecting the distribution of birth and death certificates following an alleged ransomware attack, in which hackers claimed to have stolen 100GB of personal data. Although the department has not confirmed the cyberattack, it has acknowledged temporary disruptions in its Vital Statistics system. This has delayed funerals and caused financial issues for individuals awaiting death certificates for legal and financial processes. Health officials are collaborating with law enforcement, funeral homes, and healthcare facilities to continue operations manually during the outage. The attack highlights the increasing vulnerability of healthcare systems to cyber threats, with significant risks posed by the exposure of sensitive patient data. Residents are advised to monitor their financial and credit records for unusual activity as a precaution.

Hack on Florida's Vital Statistics is just the latest cyberattack on health-related systems health.wusf.usf.edu

Hackensack Meridian Health promptly filed a lawsuit against HHS Secretary Xavier Becerra on the same day the Supreme Court overturned Chevron deference. The New Jersey-based health system challenges the formula for disproportionate share hospital payments, criticizing CMS' interpretations that have affected their Medicare reimbursements. Audrey Murphy, VP and chief legal officer, emphasized that the Supreme Court's decision allows for stricter adherence to congressional payment policies, which is crucial for the financial stability of nonprofit health systems like Hackensack. The lawsuit aims to ensure accurate future Medicare payments and clarity on supplemental security income reimbursements, signaling Hackensack's proactive stance in protecting its financial interests.

Why Hackensack Meridian acted quickly in post-Chevron landscape Becker's Hospital Review

Healthcare industry groups, including hospitals, insurers, and information management executives, have voiced strong objections to the Cybersecurity and Infrastructure Security Agency’s (CISA) proposed rule for cybersecurity incident reporting. The rule, designed to enhance and expedite reporting for entities deemed critical infrastructure under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), is criticized for its redundancy with existing federal regulations and the significant burden it places on organizations already managing cyberattacks. Industry representatives argue that the 72-hour reporting requirement is excessive and diverts essential resources during crises. They also express concerns over the substantial data retention mandates and the potential risks associated with sharing sensitive cybersecurity strategies. Calls for simplified, harmonized regulations are widespread, with suggestions to expand or clarify the rule’s scope to include more third-party vendors directly involved in the healthcare ecosystem.

Healthcare industry rails against CISA's 'redundant' and 'burdensome' cyber incident reporting proposal Fierce Healthcare

MultiCare is implementing a new billing policy for responses to MyChart messages that require over five minutes of clinical time and medical expertise, starting July 1, 2024. This change addresses the increased volume of messages substituting for in-person or virtual visits, which demand significant provider time. While most messages will remain free, patients may incur costs ranging from $0 to $35, depending on their insurance. Further details, including the types of billable messages and cost breakdowns by insurance type, are available for readers.

MyChart Messaging MultiCare