News, Analysis, Trends, Management Innovations for
Clinical Laboratories and Pathology Groups

Hosted by Robert Michel

News, Analysis, Trends, Management Innovations for
Clinical Laboratories and Pathology Groups

Hosted by Robert Michel
Sign In

Healthcare Cyberattacks at Two Hospitals Prompt Tough Decisions as Their Clinical Laboratories Are Forced to Switch to Paper Documentation

Recent intrusions into the hospitals’ IT systems resulted in blocked medical records including medical laboratory data

Healthcare cyberattacks continue to be a threat that bring potentially costly business consequences for clinical laboratories. Just in the past month, two hospital systems had their health information technology (HIT) systems disrupted due to security incidents. In response, the hospitals’ medical laboratories were forced to switch from digital to paper documentation and, in at least one case, the organization reportedly had difficulty accessing electronic laboratory test results.

The incidents took place at 772-bed Tallahassee Memorial HealthCare (TMH) in Florida and 62-bed Atlantic General Hospital (AGH) in Berlin, Maryland.

At Tallahassee Memorial, an “IT security issue” on Feb. 2 resulted in the organization shutting down its IT systems for 13 days, including at its clinical laboratory. The hospital’s computer network went back online on Feb. 15, according to a news release.

At Atlantic General Hospital, according to an AGH news release, IT personnel discovered a ransomware attack on Jan. 29 that affected the hospital’s central computer system. As a result, the walk-in outpatient laboratory was closed until Feb. 14.

These recent cyberattacks underscore the importance for clinical laboratory leaders to have plans and procedures already in place prior to a disruption in access to critical patient data.

Ben Denkers

Healthcare cyberattacks can be a “complete blindside for a lot of organizations that think they have protections in place because they bought a product or they developed a policy,” said Ben Denkers (above), Chief Innovation Officer at CynergisTek, an Austin, Texas-based cybersecurity company, in an exclusive interview with The Dark Report. Since clinical laboratory test results make up about 80% of a patient’s medical records, disruption of a hospital’s IT network can be life threatening. (Photo copyright: The Dark Report.)

Laboratory Staff Unable to View Digital Diagnostic Results at Tallahassee Memorial

Though the exact nature of the incident at Tallahassee Memorial HealthCare has not been divulged, hospital officials did report the incident to law enforcement, which suggests a cyberattack had occurred.

Electronic laboratory test results were among the casualties of the IT difficulties at TMH. “Staff have been unable to access digital patient records and lab results because of the shutdown,” a source told CNN.

Attempts by Dark Daily to reach a medical laboratory manager for comment at TMH were unsuccessful. However, in a news release posted online shortly after the cyberattack, the health system advised staff members on dealing with the IT outages.

“Patients and families may notice the switch to paper documentation during registration, admission, or during their care, as our providers will be using paper forms, prescription pads, handwritten notes, or other similar paper methods where they may usually use an electronic process,” the news release stated. “We apologize for any delays this may create. We practice for situations like this, and we are prepared to provide safe, high-quality care to our patients during computer system downtimes.”

Atlantic General Hospital Reports Ransomware Incident to the FBI

At Atlantic General Hospital, the outpatient walk-in laboratory and outpatient imaging department both temporarily closed because of the ransomware attack.

Staff members throughout the hospital were “forced to manually check patients in and out of appointments and record all other information by hand instead of online,” Ocean City Today reported.

The hospital immediately informed the FBI of the ransomware incident and continues to work with an incident response team to determine whether criminals accessed any sensitive data. It was not clear whether the organization ultimately paid a ransom to unlock its systems.

The hospital’s medical laboratory director did not respond to an email from Dark Daily seeking further comment.

Healthcare Cyberattacks Attempt to Gain Access to Data

As we covered in “Ransomware Strikes Hospitals, Clinical Laboratories, and Medical Clinics without Warning and Is Now a Major Threat to all Healthcare Organizations,” healthcare organizations have increasingly been a target of cybercriminals and hackers who are after valuable patient data. For example, the healthcare and public health sector accounted for 25% of ransomware complaints as of October 2022, according to data from the FBI, as reported by the federal Cybersecurity and Infrastructure Security Agency.

Therefore, it is critical that clinical laboratory and hospital staff work with their IT counterparts to verify that technology and processes are in place to protect access to patient data.

In “Labs Must Audit Their Cybersecurity Measures,” Ben Denkers, who at that time was Chief Innovation Officer at CynergisTek, a cybersecurity firm based in Austin, Texas, told The Dark Report, “Testing, validating, and auditing whether measures are working as designed is a change of mentality for a lot of organizations.” (If you don’t subscribe to The Dark Report, try our free trial.)

An IT network attack is an attempt by a cybercriminal to gain unauthorized access to devices that contain and exchange data within an organization. Although this information may be on individual devices or on servers, network attacks are often only possible after a hacker enters a system through an endpoint, such as an individual’s email inbox.

“It’s important to understand that while the network server itself might have ultimately been the target, that doesn’t necessarily mean that it was compromised first,” Denkers told The Dark Report. “Phishing is a perfect example of a way an attacker could first gain access to a workstation, and then from there move laterally to a server.”

The final cost of a healthcare cyberattack often exceeds the ransom. Media coverage can lead to an organization’s diminished reputation within the community, and if protected health information (PHI) is accessed by the criminals, a hospital or health system may need to pay for identity theft monitoring for affected patients.

There also are regulatory repercussions that can be costly depending on the circumstances surrounding a cyberattack. For example, on Feb. 2, the US Department of Health and Human Services’ Office for Civil Rights announced a settlement with Banner Health Affiliated Covered Entities (Banner Health), a nonprofit health system headquartered in Phoenix, to resolve a data breach resulting from a hacking incident in 2016. That incident disclosed PHI for 2.81 million patients.

As part of the settlement, Banner Health paid a $1.25 million penalty and will carry out a corrective action plan to protect PHI in the future and resolve any alleged HIPAA violations, according to the HHS Office for Civil Rights.

This hefty penalty is a reminder to pathologists and clinical laboratory managers that—when it comes to cyberattacks—the classic adage “an ounce of prevention is worth a pound of cure” is appropriate advice.

—Scott Wallask

Related Information:

FBI Working with TMH to “Assess the Situation;” Computers Still Offline after Cyber Incident

TMH: Progress on IT Security Event Wednesday, Feb. 15, 2023

Tallahassee Memorial Managing IT Security Issue

CISA: Alert (AA22-294A)

Apparent Cyberattack Forces Florida Hospital System to Divert Some Emergency Patients to Other Facilities

Atlantic General Mum on Ransomware Event Details after System Are Restored

Atlantic General Hospital System Still Down Following Ransomware Attack

Atlantic General Hospital Fully Operational Following Cybersecurity Event

Nearly One Million Patient Records of Hospitals, Health Clinics, Medical Laboratories, and other Providers Stolen in Ransomware Attack on Medical Records Company

Ransomware Strikes Hospitals, Clinical Laboratories, and Medical Clinics without Warning and Is Now a Major Threat to all Healthcare Organizations

Across the nation, healthcare attorneys and others report that ransomware attacks are happening weekly, and that once providers’ data systems are encrypted, they have few options to regain control of their information systems

Ransomware is now the single biggest threat to your hospital, clinical laboratory, and anatomic pathology group’s ability to operate a viable business. Few practice administrators and managers are fully aware of this threat. And yet, many still have not taken even basic steps to protect their organizations from ransomware attacks.

Encryption attacks that shut down a hospital or lab’s information services come without warning, rendering the provider unable to access electronic healthcare records (EHRs), to schedule appointments, or conduct most other normal business activities.

Further, negotiating with the ransomware attackers to obtain a de-encryption key can take weeks. During that time, the hospital or lab cannot access its essential information systems and that disrupts or even stops patient care.

Think this cannot happen to your hospital or lab? Think again.

Just this spring, Scripps Health of San Diego was hit with a ransomware attack. Key information systems were encrypted, and it did not take patients long to notice that they could not email their physicians, access their medical records, or see their test results.

The ransomware attack became the headline story on the San Diego nightly news. Scripps would only admit that many essential information systems had been encrypted and that the organization was using paper to conduct business.

The ransomware attack on Colonial Pipeline of Houston, which took place one week after the Scripps Health attack, also became global news. Colonial Pipeline supplies gasoline and similar fuels to 14 states—from Georgia in the South to New York and New Jersey in the North. Dark Daily readers living along the Atlantic Coast personally experienced the shortage of gasoline in their communities because of the ransomware attack on Colonial Pipeline.

No Ransom Payment, No De-encryption Key

Ransomware is probably the single biggest threat to every hospital and every clinical lab in this country. But few healthcare organizations are taking the essential steps needed to make their information systems more resistant to an encryption attack. Even fewer hospitals and labs have policies or procedures in place that outline how management should react when an encryption attack is first discovered. Yet these attacks are hitting medical providers every week across the US.

Dark Daily surveyed several major law firms that have sizeable healthcare practices. Each firm stated it is contacted weekly by one or more hospitals, labs, and medical clinics that have had their digital systems encrypted, followed by a demand for ransom. The healthcare providers were told by the hackers that if they did not pay the ransom, they would not receive the de-encryption key required to bring their software, apps, and digital systems back into service.

“This is the biggest story in healthcare, yet it gets little attention,” stated Robert L. Michel, Editor-in-Chief of Dark Daily’s sister publication The Dark Report. “The reason why you don’t read more news stories about ransomware attacks on hospitals and labs is simple. If it becomes known that a hospital or a lab paid ransom to obtain the de-encryption key needed to restore access to its information systems, that encourages other hackers to attack the organization as well, since the hackers know the organization will pay the ransom. They figure if the provider paid the ransom once, the same provider will likely pay it again.”

Payment of Ransom Does Not Guarantee Restoration of Critical Systems

As bad as a ransomware attack on a hospital, lab, or a medical clinic can be—it can get worse. “Experts involved in helping hospitals and labs respond to a ransomware attack say there is no guarantee the de-encryption key provided by the hackers after payment of ransom will restore access to the encrypted systems,” Michel noted. “We hear reports of hospitals and labs that spent more on their efforts to bring the encrypted systems back online and functioning than they did on the actual ransom.”

To help laboratory managers, CIOs, IT directors, safety and compliance officers, and anatomic pathology laboratory managers and administrators better understand the legal issues triggered by—and your obligation in response to—a ransomware attack, Dark Daily is conducting “Ransomware Protection and Response for Clinical Labs, Hospitals, and Pathology Groups: Effective Steps for Protecting Your LIS, EHR, and Other IT from an Encryption Attack,” on Thursday, August 19, 2021, from 1-2:30 pm Eastern.

This is a must-attend webinar—not only for you—but for everyone in your hospital, health system, or clinical laboratory who will be working to prevent ransomware attacks, or who is involved in restoring digital services following such an attack.

Two experts who are contacted each week by multiple hospitals, labs, and medical clinics that were attacked, had their digital systems encrypted, and received a ransom demand for hundreds of thousands—even millions—of dollars from hackers, will be sharing their knowledge and experience in the legal implications of—and the recovery from—ransomware attacks.

Emily Johnson and Paul Caron

The panelists (above) are:

Johnson and Caron will cover best practices designed to provide crucial training and decision-making skills for handling a ransomware attack on hospital and health system clinical laboratories and anatomic pathology practices. These best practices include:

  • Legal issues triggered by a ransomware attack: What to do when an incident is a breach and when it is not.
  • Your obligations in response to a ransomware attack: HIPAA privacy and other regulatory rules, contractual arrangements (e.g., reference labs), and crisis communication to patients and other stakeholders.
  • Responding to and negotiating with ransomware perpetrators—including the expected “etiquette” in dealing with cybercriminals—and collaborating with consultants who are experienced in how to deal with ransomware demands.
  • And much more.

The roundtable discussion will help you understand how a security incident can occur with or without a breach of protected health information (PHI). Johnson and Caron also will discuss how knowing what to do in each scenario is essential to reducing collateral damage to both patients and your organization, and how to educate your hospital, lab and the broader medical community to address—both proactively and in response—the surging risk of ransomware attacks.

Act now to guarantee your place at this critical webinar. Click HERE to register, or copy and paste the URL https://info.darkdaily.com/ransomware-protection-response-for-clinical-labs-hospitals-and-pathology-groups into your browser.

And because so many healthcare administrators, physicians, and pathologists are working remotely, Dark Daily has arranged special group rates for hospitals, practices, and physicians that would like their essential leaders to participate in this important webinar and roundtable discussion on protecting against—and recovering from—ransomware attacks.

Inquire at info@darkreport.com or call 512-264-7103.

—Michael McBride

Related Information

Ransomware Protection and Response for Clinical Labs, Hospitals, and Pathology Groups

Scripps CEO Says Cyberattack Was Result of Ransomware

Colonial Pipeline Ransomware Attack

American Society for Clinical Pathology Website Was Hacked Last Year, Possibly Exposing Credit Card Information of Members and Online Shoppers

Thousands of pathologists and medical technologists may have had their private data stolen, though ASCP investigators did not confirm this as having happened

For a “limited time period” in 2020, the American Society for Clinical Pathology (ASCP) was the target of a cyberattack that “potentially exposed payment card data as it was

being entered” on the ASCP website, according to a letter sent by McDonald Hopkins PLC to then Attorney General of the New Hampshire Department of Justice (DOJ) Gordon MacDonald.

In “World’s Largest Pathologists Association Discloses Credit Card Incident,” Bleeping Computer, an information security and technology news publication, reported that on March 11 of this year, ASCP employees discovered their system had been hacked. They discerned that between March 3, 2020, and November 6, 2020, the attackers had access to personal information being entered on the ASCP website.

Bleeping Computer noted that “[the ASCP’s] member list includes over 100,000 medical laboratory professionals, clinical and anatomic pathologists, residents, and students.”

In a statement, the ASCP said, “We have recently been informed that our e-commerce website was the target of a cybersecurity attack that, for a limited time period, potentially exposed payment card data as it was entered on our website.”

The information that may have been stolen includes data pertaining to individual credit cards, names, credit or debit card numbers, expiration dates, and security codes (CVV) associated with the cards.

“We engaged external forensic investigators and data privacy professionals and conducted a thorough investigation into the incident,” the ASCP said in the statement.

What Type of Cyberattack?

Evidence collected regarding the ASCP data breach indicates the attack was part of a web-skimming assault. This involves installing malicious software, such as Magecart, onto an e-commerce website. The software acts like a credit card skimmer enabling hackers to steal the payment and personal information of customers who are actively inputting data on the attacked website. The data is then sent to remote servers where it is used for identity theft or sold to others.

ASCP says it does not permanently store any of its customers’ payment card data on its servers, Bleeping Computer reported, which greatly reduces the potential risk of data exposure. In addition, the ASCP has implemented extra security measures to prevent similar incidents from happening in the future.

“We resolved the issue that led to the potential exposure on the website. We implemented additional security safeguards to protect against future intrusions. We continue ongoing intensive monitoring of our website, to ensure that it exceeds industry standards to be secure of any malicious activity,” the ASCP said in a statement, Bleeping Computer reported.

Peter-Blum-Group-Product-Manager-Google
In an interview with TechRepublic, Peter Blum (above), Group Product Manager at Google, discussed steps companies can take to proactively manage the threat of Magecart cyberattacks. “The best defense against Magecart attacks is preventing access,” Blum said. “Online companies need a solution that intercepts all of the API [application programming interface] calls your website makes to the browser and blocks access to sensitive data you have not previously authorized. This prevents any malicious script, or any non-critical third-party script, from gaining access to information your customers enter on your website. This same system should also have a monitoring component to alert companies when a third-party attempts to access sensitive information.” (Photo copyright: LinkedIn.)

Federal Rules and Regulations Concerning HIPAA and PHI

The ASCP stated they have no evidence that any customer data was misused after the incident occurred. As of May 14, the organization has not made an official, public statement regarding the situation on their website, but affected individuals and jurisdictions were sent letters to inform them of the data breach.

With over 130,000 current members, Chicago-based ASCP is the largest professional organization for pathologists and clinical laboratory professionals in the world. The organization did not respond to Dark Daily’s inquiries regarding the data breach.

Although no reported violations under the Health Insurance Portability and Accountability Act (HIPAA) occurred in this ASCP data breach, it should be noted that there are rules under HIPAA for data breaches where Protected Health Information (PHI) may have been compromised.

Under the HIPAA Breach Notification Rule, entities that were hacked must perform the following steps:

  • Notify affected individuals within 60 days of the discovery of the breach. Notification should include a brief description of the breach, the types of information that may have been compromised, steps affected individuals should take to protect themselves from potential harm, and a description of what the organization is doing to investigate the breach, mitigate the harm, and prevent further breaches.
  • Hacked entity must inform the Secretary of Health and Human Services (HHS) within 60 days of the breach discovery if 500 or more individuals were affected. For breaches affecting less than 500 people, the breached entity may notify the Secretary of such breaches on an annual basis.
  • For breaches affecting more than 500 individuals, the hacked entity must also provide a notification to prominent media outlets, typically via a press release, that serve the state or jurisdiction.

This breach of credit card information belonging to a sizeable number of pathologists and clinical laboratory professionals using the ASCP website should be a warning to all clinical laboratories and anatomic pathology groups—along with colleges, societies, and associations—that their websites and digital systems can be attacked at any time. As well, clinical laboratory and pathology professionals should be on the alert and take all necessary precautions to minimize the possibility of data breaches.

—JP Schlingman

Related Information:

World’s Largest Pathologists Association Discloses Card Incident

American Society for Clinical Pathology—Incident Notification

ASCP Disclosed Payment Card Web Skimming Incident

Magecart Attack: What It is, How it Works, and How to Prevent It

What is Magecart? How This Hacker Group Steals Payment Card Data

A Deep Dive into Magecart: What Is Magecart?

Compliance Perspectives: State Enforcement Raises Liability Risks of Data Breaches

Three Federal Agencies Warn Healthcare Providers of Pending Ransomware Attacks; Clinical Laboratories Advised to Assess Their Cyberdefenses

University of California San Diego Researchers Demonstrates How Easily Medical Laboratory Systems and Devices Can Be Compromised, Putting Patient Lives at Risk

WannaCry Ransomware Holds Critical Data Hostage Worldwide, Including UK’s National Health Service and Russia’s Interior Ministry

XPRIZE Founder Diamandis Predicts Tech Giants Amazon, Apple, and Google Will Be Doctors of The Future

Strategists agree that big tech is disrupting healthcare, so how will clinical laboratories and anatomic pathology groups serve virtual healthcare customers?

Visionary XPRIZE founder Peter Diamandis, MD, sees big tech as “the doctor of the future.” In an interview with Fast Company promoting his new book, “The Future Is Faster Than You Think,” Diamandis, who is the Executive Chairman of the XPRIZE Foundation, said that the healthcare industry is “phenomenally broken” and that Apple, Amazon, and Google could do “a thousandfold” better job.

Diamandis, who also founded Singularity University, a global learning and innovation community that uses exponential technologies to tackle worldwide challenges, according to its website, said, “We’re going to see Apple and Amazon and Google and all the data-driven companies that are in our homes right now become our healthcare providers.”

If this prediction becomes reality, it will bring significant changes in the traditional ways that consumers and patients have selected providers and access healthcare services. In turn, this will require all clinical laboratories and pathology groups to develop business strategies in response to these developments.

Amazon Arrives in Healthcare Markets

Several widely-publicized business initiatives by Amazon, Google, and Apple substantiate these predictions. According to an Amazon blog, healthcare insurers, providers, and pharmacy benefit managers are already operating HIPAA-eligible Amazon Alexa for:

  • Appointments at urgent care facilities,
  • Tracking prescriptions,
  • Employee wellness incentive management, and
  • Care updates following hospital discharge.

For example, the My Children’s Enhanced Recovery After Cardiac Surgery (ERAS Cardiac) program at Boston Children’s Hospital uses Amazon Alexa to share updates on patients’ recovery, the blog noted.

Alexa also enables HIPAA-compliant blood glucose updates as part of the Livongo for Diabetes program. “Our members now have the ability to hear their last blood glucose check by simply asking Alexa,” said Jennifer Schneider, MD, President of Livongo, a digital health company, in a news release.

And Cigna’s “Answers By Cigna” Alexa “skill” gives members who install the option responses to 150 commonly asked health insurance questions, explained a Cigna news release

Google Strikes Agreements with Health Systems 

Meanwhile, Google has agreements with Ascension and Mayo Clinic for the use of Google’s cloud computing capability and more, Business Insider reported.

“Google plans to disrupt healthcare and use data and artificial intelligence,” Toby Cosgrove, Executive Advisor to the Google Cloud team and former Cleveland Clinic President, told B2B information platform PYMNTs.com.

PYMNTs speculated that Google, which recently acquired Fitbit, could be aiming at connecting consumers’ Fitbit fitness watch data with their electronic health records (EHRs).

“Ultimately what’s best is human and AI collaboratively,” Peter Diamandis, MD, founder of XPRIZE Foundation and Singularity University told Fast Company. “But I think for reading x-rays, MRIs, CT scans, genome data, and so forth, that once we put human ego aside, machine learning is a much better way to do that.” (Photo copyright: SALT.)

Apple Works with Insurers, Integrating Health Data

In “UnitedHealthcare Offers Apple Watches to Wellness Program Participants Who Meet Fitness Goals; Clinical Laboratories Can Participate and Increase Revenues,” Dark Daily noted that by “leveraging the popularity of mobile health (mHealth) wearable devices, UnitedHealthcare (UHC) has found a new way to incentivize employees participating in the insurer’s Motion walking program.” UHC offered free Apple Watches to employees willing to meet or exceed certain fitness goals.

The Apple Watch health app also enables people to access medical laboratory test results and vaccination records, and “sync up” information with some hospitals, Business Insider explained.

Virtual Care, a Payer Priority: Survey

Should healthcare providers feel threatened by the tech giants? Not necessarily. However, employers and payers surveyed by the National Business Group on Health (NBGH), an employer advocacy organization, said they want to see more virtual care solutions, a news release stated.

“One of the challenges employers face in managing their healthcare costs is that healthcare is delivered locally, and change is not scalable. It’s a market-by-market effort,” said Brian Marcotte, President and CEO of the NBGH, in the news release. “Employers are turning to market-specific solutions to drive meaningful changes in the healthcare delivery system.

“Virtual care solutions bring healthcare to the consumer rather than the consumer to healthcare,” Marcotte continue. “They continue to gain momentum as employers seek different ways to deliver cost effective, quality healthcare while improving access and the consumer experience.”

More than 50% of employers said their top initiative for 2020 is implementing more virtual care solutions, according to NBGH’s “2020 Large Employers Health Care Strategy and Plan Design Survey.”

AI Will Affect Clinical Laboratories and Pathology Groups

Diamandis is not the only visionary predicting big tech will continue to disrupt healthcare. During a presentation at last year’s Executive War College Conference on Laboratory and Pathology Management in New Orleans, Ted Schwab, a Los Angeles-area healthcare strategist and entrepreneur, said artificial intelligence (AI) will have a growing role in the healthcare industry.

“In AI, there are three trends to watch,” said health strategist Ted Schwab (above) while speaking at the 2019 Executive War College. “The first major AI trend will affect clinical laboratories and pathologists. It involves how diagnosis will be done on the Internet and via telehealth. The second AI trend is care delivery, such as what we’ve seen with Amazon’s Alexa—you should know that Amazon’s business strategy is to disrupt healthcare. And the third AI trend involves biological engineering,” he concluded. (Photo copyright: Dark Daily.)

Schwab’s perspectives on healthcare’s transformation are featured in an article in The Dark Report, Dark Daily’s sister publication, titled, “Strategist Explains Key Trends in Healthcare’s Transformation.”

“If you use Google in the United States to check symptoms, you’ll get five-million to 11-million hits,” Schwab told The Dark Report. “Clearly, there’s plenty of talk about symptom checkers, and if you go online now, you’ll find 350 different electronic applications that will give you medical advice—meaning you’ll get a diagnosis over the internet. These applications are winding their way somewhere through the regulatory process.

“The FDA just released a report saying it plans to regulate internet doctors, not telehealth doctors and not virtual doctors,” he continued. “Instead, they’re going to regulate machines. This news is significant because, today, within an hour of receiving emergency care, 45% of Americans have googled their condition, so the cat is out of the bag as it pertains to us going online for our medical care.”

Be Proactive, Not Reactive, Health Leaders Say

Healthcare leaders need to work on improving access to primary care, instead of becoming defensive or reactive to tech companies, several healthcare CEOs told Becker’s Hospital Review.

Clinical laboratory leaders are advised to keep an eye on these virtual healthcare trends and be open to assisting doctors engaged in telehealth services and online diagnostic activities.

—Donna Marie Pocius

Related Information:

2020 Executive War College on Lab and Pathology Management – April 28-29

Amazon and Apple Will Be Our Doctors in the Future, Says Tech Guru Peter Diamandis

Introducing New Alexa Healthcare Skills

Livongo for Diabetes Program Releases HIPAA-Compliant Amazon Alexa Skill

“Answers by Cigna” Skill for Amazon Alexa Simplifies, Personalizes Healthcare Information

2020 Predictions for Amazon, Haven, Google, Apple

Health Strategies of Google, Amazon, Apple, and Microsoft

How Big Tech Is Disrupting Big Healthcare

Large Employers Double Down on Efforts to Stem Rising U.S. Health Benefit Costs which are Expected to Top $15,000 per Employee in 2020: Employers cite virtual care and strategies to manage high cost claims as top initiatives for 2020

How to Compete Against Amazon, Apple, Google: Three Healthcare CEOS on How to Compete Against the Industry’s Most Disruptive Forces

UnitedHealthcare Offers Apple Watches to Wellness Program Participants Who Meet Fitness Goals; Clinical Laboratories Can Participate and Increase Revenues

Strategist Explains Key Trends in Healthcare’s Transformation

AdventHealth Gives 10,000 Floridians Free Genetic Tests, Sees Genomics as the Future of Precision Medicine

Many other healthcare systems also are partnering with private genetic testing companies to pursue research that drive precision medicine goals

It is certainly unusual when a major health network announces that it will give away free genetic tests to 10,000 of its patients as a way to lay the foundation to expand clinical services involving precision medicine. However, pathologists and clinical laboratory managers should consider this free genetic testing program to be the latest marketplace sign that acceptance of genetic medicine continues to move ahead.

Notably, it is community hospitals that are launching this new program linked to clinical laboratory research that uses genetic tests for specific, treatable conditions. The purpose of such genetic research is to identify patients who would benefit from test results that identify the best therapies for their specific conditions, a core goal of precision medicine.

The health system is AdventHealth of Orlando, Fla., which teamed up with Helix, a personal genomics company in San Mateo, Calif., to offer free DNA sequencing to 10,000 Floridians through its new AdventHealth Genomics and Personalized Health Program. A company news release states this is the “first large-scale DNA study in Florida,” and that it “aims to unlock the secret to a healthier life.”

The “WholeMe” genomic population health study screens people for familial hypercholesterolemia  (FH), a genetic disorder that can lead to high cholesterol and heart attacks in young adults if not identified and treated, according to the news release.

Clinical laboratory leaders will be interested in this initiative, as well other partnerships between healthcare systems and private genetic testing companies aimed at identifying and enrolling patients in research studies for disease treatment protocols and therapies. 

The Future of Precision Medicine

Modern Healthcare reported that data from the WholeMe DNA study, which was funded through donations to the AdventHealth Foundation, also will be used by the healthcare network for research beyond FH, as AdventHealth develops its genomics services. The project’s cost is estimated to reach $2 million.

“Genomics is the future of medicine, and the field is rapidly evolving. As we began our internal discussions about genomics and how to best incorporate it at AdventHealth, we knew research would play a strong role,” Wes Walker MD, Director, Genomics and Personalized Health, and Associate CMIO at AdventHealth, told Becker’s Hospital Review.

“We decided to focus on familial hypercholesterolemia screening initially because it’s a condition that is associated with life-threatening cardiovascular events,” he continued. “FH is treatable once identified and finding those who have the condition can lead to identifying other family members who are subsequently identified who never knew they had the disease.”

The AdventHealth Orlando website states that participants in the WholeMe study receive information stored in a confidential data repository that meets HIPAA security standards. The data covers ancestry and 22 other genetic traits, such as:

  • Asparagus Odor Detection
  • Bitter Taste
  • Caffeine Metabolism
  • Cilantro Taste Aversion
  • Circadian Rhythm
  • Coffee Consumption
  • Delayed Sleep
  • Earwax Type
  • Endurance vs Power
  • Exercise Impact on Weight
  • Eye Color
  • Freckling
  • Hair Curl and Texture
  • Hand Grip Strength
  • Height
  • Lactose Tolerance
  • Sleep Duration
  • Sleep Movement
  • Sleeplessness
  • Sweet Tooth
  • Tan vs. Sunburn
  • Waist Size

Those who test positive for a disease-causing FH variant will be referred by AdventHealth for medical laboratory blood testing, genetic counseling, and a cardiologist visit, reported the Ormond Beach Observer.

One in 250 people have FH, and 90% of them are undiagnosed, according to the FH Foundation, which also noted that children have a 50% chance of inheriting FH from parents with the condition.

AdventHealth plans to expand the free testing beyond central Florida to its 46 other hospitals located in nine states, Modern Healthcare noted.

Other Genetics Data Company/Healthcare Provider Partnerships

In Nevada, Helix partnered with the Renown Health Institute for Health Innovation (IHI) and the Desert Research Institute (DRI) to sequence 30,000 people for FH as part of the state’s Healthy Nevada Project (HNP).

Helix (above) is one of the world’s largest CLIA-certified, CAP-accredited next-generation sequencing labs. The partnership with AdventHealth offered study participants Exome+: a panel-grade medical exome enhanced by more than 300,000 informative non-coding regions; a co-branded ancestry + traits DNA product for all participants; secure storage of genomic data for the lifetime of the participant; infrastructure and data to facilitate research; and in-house clinical and scientific expertise, according to Helix’s website. (Photo copyright: Orlando Sentinel.)

Business Insider noted that Helix has focused on clinical partnerships for about a year and seems to be filling a niche in the genetic testing market.

“Helix is able to sidestep the costs of direct-to-consumer marketing and clinical test development, while still expanding its customer base through predefined hospital networks. And the company is in a prime position to capitalize on providers’ interest in population health management,” Business Insider reported.

Another genomics company, Color of Burlingame, Calif., also has population genomics programs with healthcare networks, including NorthShore University Health System in Ill.; Ochsner Health System in La.; and Jefferson Health in Philadelphia.

Ochsner’s program is the first “fully digital population health program” aimed at including clinical genomics data in primary care in an effort to affect patients’ health, FierceHealthcare reported.

In a statement, Ochsner noted that its innovationOchsner (iO) program screens selected patients for:

  • Hereditary breast and ovarian cancer due to mutations in BRCA1 and BRCA2 genes;
  • Lynch syndrome, associated with colorectal and other cancers; and
  • FH.

Color also offers genetic testing and whole genome sequencing services to NorthShore’s DNA10K program, which plans to test 10,000 patients for risk for hereditary cancers and heart diseases, according to news release.

And, Jefferson Health offered Color’s genetic testing to the healthcare system’s 33,000 employees, 10,000 of which signed up to learn their health risks as well as ancestry, a Color blog post states.

Conversely, Dark Daily recently reported on two Boston healthcare systems that started their own preventative gene sequencing clinics. The programs are operated by Brigham and Women’s Hospital and Massachusetts General Hospital (MGH).

And a Precision Medicine Institute e-briefing reported on Geisinger Health and Sanford Health’s move to offer genetic tests and precision medicine services in primary care clinics.

“Understanding the genome warning signals of every patient will be an essential part of wellness planning and health management,” said Geisinger Chief Executive Officer David Feinberg, MD, when he announced the new initiative at the HLTH (Health) Conference in Las Vegas. “Geisinger patients will be able to work with their family physician to modify their lifestyle and minimize risks that may be revealed,” he explained. “This forecasting will allow us to provide truly anticipatory healthcare instead of the responsive sick care that has long been the industry default across the nation.”

It will be interesting to see how and if genetic tests—free or otherwise—will advance precision medicine goals and population health treatments. It’s important for medical laboratory leaders to be involved in health network agreements with genetic testing companies. And clinical laboratories should be informed whenever private companies share their test results data with patients and primary care providers. 

—Donna Marie Pocius

Related Information:

It May Be Your DNA: First Large-Scale DNA Study in Florida Aims to Unlock the Secret to a Healthier Life

AdventHealth Offers Free DNA Tests to 10,000 Floridians

How AdventHealth Orlando is Building a Future in Genomics

Helix Partners with AdventHealth to Offer 10,000 Genetic Screenings in Florida

AdventHealth to Launch Large Genetic Study for High Cholesterol

Ochsner Health System Teaming Up with Genetic Testing Company Color in Population Genomics

The Healthy Nevada Project: from Recruitment to Real-World Impact

Ochsner Health System to Pilot Genetic Screening Program in Partnership with Color

North Shore and Color Unlock the Power of Genomics in Routine Care

Jefferson Heath and Color Advancing Precision Health Through Clinical Genomics and Richer Data

Two Boston Health Systems Enter the Growing Direct-to-Consumer Gene Sequencing Market by Opening Preventative Genomics Clinics, But Can Patients Afford the Service

Geisinger Health and Sanford Health Ready to Offer Genetic Tests and Precision Medicine Services in Primary Care Clinics

;