Security

Researcher: Drug Infusion Pump Is the "Least Secure IP Device" He's Ever Seen 49

Posted by samzenpus
from the bottom-of-the-barrel dept.
chicksdaddy writes: This is a bad month for the medical equipment maker Hospira. First, security researcher Billy Rios finds a raft of serious and remotely exploitable holes in the company's MedNet software, prompting a vulnerability alert from ICS CERT. Now, one month later, ICS CERT is again warning of a "10 out of 10" critical vulnerability, this time in Hospira's LifeCare PCA drug infusion pump. The problem? According to this report by Security Ledger the main problem was an almost total lack of security controls on the device. According to independent researcher Jeremy Williams, the PCA pump listens on Telnet port 23. Connecting to the device via Telnet, he was brought immediately to a root shell account that gave him total, administrator level access to the pump without authentication. "The only thing I needed to get in was an interest in the pump," he said. Richards found other examples of loose security on the PCA 3: a FTP server that could be accessed without authentication and an embedded web server that runs Common Gateway Interface (CGI). That could allow an attacker to tamper with the pump's operation using fairly simple scripts. Also: The PCA pump stores wireless keys used to connect to the local (medical device) wireless network in plain text on the device. That means anyone with physical access to the Pump (which has an ethernet port) could gain access to the local medical device network and other devices on it. The problems prompted Richards to call the PCA 3 pump "the least secure IP enabled device" he has ever worked with.
Medicine

The Medical Bill Mystery 452

Posted by Soulskill
from the $70-convenience-charge-to-process-the-convenience-charge dept.
HughPickens.com writes: Elisabeth Rosenthal writes in the NY Times that she has spent the past six months trying to figure out a medical bill for $225 that includes "Test codes: 105, 127, 164, to name a few. CPT codes: 87481, 87491, 87798 and others" and she really doesn't want to pay it until she understands what it's for. "At first, I left messages on the lab's billing office voice mail asking for an explanation. A few months ago, when someone finally called back, she said she could not tell me what the codes were for because that would violate patient privacy. After I pointed out that I was the patient in question, she said, politely: 'I'm sorry, this is what I'm told, and I don't want to lose my job.'" Bills variously use CPT, HCPCS or ICD-9 codes. Some have abbreviations and scientific terms that you need a medical dictionary or a graduate degree to comprehend. Some have no information at all. A Seattle resident received a $45,000 hospital bill with the explanation "miscellaneous."

So what's the problem? "Medical bills and explanation of benefits are undecipherable and incomprehensible even for experts to understand, and the law is very forgiving about that," says Mark Hall. "We've not seen a lot of pressure to standardize medical billing, but there's certainly a need." Hospitals and medical clinics say that detailed bills are simply too complicated for patients and that they provide the information required by insurers. But with rising copays and deductibles, patients are shouldering an increasing burden. One recent study found that up to 90 percent of hospital bills contain errors. An audit by Equifax found that hospital bills totaling more than $10,000 contained an average error of $1,300. "There are no industry standards with regards to what information a patient should receive regarding their bill," says Cyndee Weston, executive director of the American Medical Billing Association. "The software industry has pretty much decided what information patients should receive, and to my knowledge, they have not had any stakeholder input. That would certainly be a worthwhile project for our industry."
Medicine

Results Are In From Psychology's Largest Reproducibility Test: 39/100 Reproduced 174

Posted by samzenpus
from the different-directions dept.
An anonymous reader writes: A crowd-sourced effort to replicate 100 psychology studies has successfully reproduced findings from 39 of them. Some psychologists say this shows the field has a replicability problem. Others say the results are "not bad at all". The results are nuanced: 24 non-replications had findings at least "moderately similar" to the original paper but which didn't quite reach statistical significance. From the article: "The results should convince everyone that psychology has a replicability problem, says Hal Pashler, a cognitive psychologist at the University of California, San Diego, and an author of one of the papers whose findings were successfully repeated. 'A lot of working scientists assume that if it’s published, it’s right,' he says. 'This makes it hard to dismiss that there are still a lot of false positives in the literature.'”
Medicine

Who Owns Pre-Embryos? 374

Posted by Soulskill
from the faceless-corporations-of-course dept.
An anonymous reader writes: Scientifically and legally, frozen embryos are not the same as a living child. Nevertheless, they can inspire legal battles that resemble custody disputes. This article follows a case between a couple who had been dating for five months when the woman received a cancer diagnosis. Before beginning chemotherapy, she and her boyfriend of five months decided to harvest and set aside some fertilized eggs, just in case. (If the treatment saved her but destroyed her ability to have kids, and the couple stayed together and decided they wanted kids, the pre-embryos would preserve that option.) She survived, but their relationship didn't. With no explicit contract in place, the disposition/custody of the pre-embryos is now hotly contested. "[R]eading over the case, one gets the sense that there's a fundamental lack of language to describe what's at stake. There may be an emerging field of law and legal precedent, but the terms at hand don't adequately capture the nature of the dispute."
Medicine

Pepsi To Stop Using Aspartame 629

Posted by samzenpus
from the doing-a-different-dew dept.
An anonymous reader writes: Pepsi believes sales of diet soda are falling because of aspartame and how the general public thinks it's a dangerous substance to consume. Even though the FDA describes aspartame as “one of the most thoroughly tested and studied food additives the agency has ever approved,” Pepsi has decided to stop using it. Aspartame removal is being turned into a marketing campaign of sorts, with "Now Aspartame Free" printed on cans.
Businesses

Apple's Next Frontier Is Your Body 98

Posted by samzenpus
from the i-and-you dept.
Lashdots writes: Amid the unveiling of the Apple Watch, Tim Cook's wrist distracted from another new product last month: ResearchKit, an open source iOS platform designed to help researchers design apps for medical studies—and reach millions of potential research subjects through their iPhones. Alongside the company's new frontiers, like the car and the home, Cook told Jim Cramer last month that health "may be the biggest one of all." As Fast Company reports, Cook says Apple's devices could could help pinpoint diseases within decades—and position the company at the center of a "significantly underestimated" mobile-health industry.
Medicine

New Sampling Device Promises To Make Blood Tests Needle-Free 34

Posted by timothy
from the dracula's-little-friend dept.
Zothecula writes: Though the pain they cause is minor and fleeting, a lot of people still find something pretty unsettling about needles. When it comes to conducting a routine blood test, US-based company Tasso Inc. believes that these unpleasant pricks can be removed from the equation completely. Its ping pong ball-sized HemoLink blood sampler can be operated by the patient at home, and needs only to be placed against the skin of the arm or abdomen for two minutes to do its job.
Medicine

Ancient Hangover Cure Discovered In Greek Texts 105

Posted by samzenpus
from the adjusting-your-humors dept.
An anonymous reader writes with good news for people looking for an old cure for an old problem. Trying to ease a bad hangover? Wearing a necklace made from the leaves of a shrub called Alexandrian laurel would do the job, according to a newly translated Egyptian papyrus. The "drunken headache cure" appears in a 1,900-year-old text written in Greek and was discovered during the ongoing effort to translate more than half a million scraps of papyrus known as the Oxyrhynchus Papyri. Housed at Oxford University's Sackler Library, the enormous collection of texts contains lost gospels, works by Sophocles and other Greek authors, public and personal records and medical treatises dating from the first century AD to the sixth century A.D.
Security

Swallowing Your Password 118

Posted by samzenpus
from the eat-and-login dept.
HughPickens.com writes: Amir Mizroch reports at the WSJ that a PayPal executive who works with engineers and developers to find and test new technologies, says that embeddable, injectable, and ingestible devices are the next wave in identification for mobile payments and other sensitive online interactions. Jonathon Leblanc says that identification of people will shift from "antiquated" external body methods like fingerprints, toward internal body functions like heartbeat and vein recognition, where embedded and ingestible devices will allow "natural body identification." Ingestible devices could be powered by stomach acid, which will run their batteries and could detect glucose levels and other unique internal features can use a person's body as a way to identify them and beam that data out. Leblanc made his remarks during a presentation called Kill all Passwords that he's recently started giving at various tech conferences in the U.S. and Europe, arguing that technology has taken a huge leap forward to "true integration with the human body." But the idea has its skeptics. What could possibly go wrong with a little implanted device that reads your vein patterns or your heart's unique activity or blood glucose levels writes AJ Vicens? "Wouldn't an insurance company love to use that information to decide that you had one too many donuts—so it won't be covering that bypass surgery after all?"
Medicine

Study Confirms No Link Between MMR Vaccine and Autism 341

Posted by Soulskill
from the not-that-evidence-is-helpful-with-those-people dept.
An anonymous reader sends word of a new study (abstract) into the relationship between the MMR vaccine and kids who develop autism. In short: there is no relationship, even for kids at high risk of developing autism. From the article: [Researchers] examined records from a large health insurer to search for such an association. They checked the status of children continuously enrolled in the health plan from birth to at least 5 years old during 2001 to 2012. The children also had an older brother or sister continuously enrolled for at least six months between 1997 and 2012. "Consistent with studies in other populations, we observed no association between MMR vaccination and increased ASD risk among privately insured children.We also found no evidence that receipt of either 1 or 2 doses of MMR vaccination was associated with an increased risk of ASD among children who had older siblings with ASD." ... [An accompanying editorial said,] "Taken together, some dozen studies have now shown that the age of onset of ASD does not differ between vaccinated and unvaccinated children, the severity or course of ASD does not differ between vaccinated and unvaccinated children, and now the risk of ASD recurrence in families does not differ between vaccinated and unvaccinated children."
Medicine

Protein Converts Pancreatic Cancer Cells Back Into Healthy Cells 52

Posted by Soulskill
from the cellular-reset-button dept.
An anonymous reader writes: Scientists working in the area of pancreatic cancer research have uncovered a technique that sees cancerous cells transform back into normal healthy cells. The method relies in the introduction of a protein called E47, which bonds with particular DNA sequences and reverts the cells back to their original state. The study (abstract) was a collaboration between researchers at the Sanford-Burnham Medical Research Institute, University of California San Diego and Purdue University. The scientists are hopeful that it could help combat the deadly disease in humans.
Earth

Resistance To Antibiotics Found In Isolated Amazonian Tribe 53

Posted by timothy
from the strong-willed-organisms dept.
sciencehabit writes When scientists first made contact with an isolated village of Yanomami hunter-gatherers in the remote mountains of the Amazon jungle of Venezuela in 2009, they marveled at the chance to study the health of people who had never been exposed to Western medicine or diets. But much to their surprise, these Yanomami's gut bacteria have already evolved a diverse array of antibiotic-resistance genes, according to a new study, even though these mountain people had never ingested antibiotics or animals raised with drugs. The find suggests that microbes have long evolved the capability to fight toxins, including antibiotics, and that preventing drug resistance may be harder than scientists thought.
Medicine

Columbia University Doctors Ask For Dr. Mehmet Oz's Dismissal 320

Posted by timothy
from the that's-just-like-your-opinion-man dept.
circletimessquare writes Dr. Mehmet Oz serves as vice chairman of Columbia University Medical Center's department of surgery. He is a respected cardiothoracic surgeon but his television show has been accused of pushing snake oil. Now other doctors at Columbia University want Dr. Oz kicked off the medical school faculty. Dr. Oz has responded on his Facebook account: "I bring the public information that will help them on their path to be their best selves. We provide multiple points of view, including mine which is offered without conflict of interest. That doesn't sit well with certain agendas which distort the facts. For example, I do not claim that GMO foods are dangerous, but believe that they should be labeled like they are in most countries around the world." In their letter, the doctors accuse Dr. Oz of quackery: "Dr. Oz has repeatedly shown disdain for science and for evidence-based medicine, as well as baseless and relentless opposition to the genetic engineering of food crops. Worst of all, he has manifested an egregious lack of integrity by promoting quack treatments and cures in the interest of personal financial gain."
Medicine

When You're the NFL Commish, Getting E-Medical Record Interoperability's a Cinch 47

Posted by Soulskill
from the it's-good-to-be-the-commish dept.
Lucas123 writes: The NFL recently completed the rollout of an electronic medical record (EMR) system and picture archiving & communication system (PACS) that allows mobile access for teams to player's health information at the swipe of a finger — radiological images, GPS tracking information, and detailed health evaluation data back to grade school. But as NFL football players are on the road a lot, often they're not being treated at hospitals or by specialists whose own EMRs are integrated with the NFL's; it's a microcosm of the industry-wide healthcare interoperability issue facing the U.S. today. The NFL, however, found achieving EMR interoperability isn't so much a technological issue as a political one, and if you have publicity on your side, it's not that difficult. NFL CIO Michelle McKenna-Doyle, who led the NFL's EMR rollout, said a call from a team owner to a hospital administrator typically does the trick. Even NFL Commissioner Roger Goodell once made the call to a hospital CEO, "and things started moving in the next couple of days," McKenna-Doyle said. "They're very aware of the publicity."
Medicine

New Chemical Tools Lead To Targeted Cancer Drugs 21

Posted by Soulskill
from the sniper-scope-built-out-of-proteins dept.
New submitter caudex writes: Proteins are encoded in DNA, and while the degeneracy of the genetic code works to minimize errors, a single DNA basepair mutation can change the structure of the encoded protein. When a mutated protein causes uncontrolled cell growth, we call it cancer. Unfortunately, proteins typically contain hundreds of amino acids, and developing a drug that will target the version of a protein containing one amino acid mutation is difficult. For this reason, most anticancer agents indiscriminately attack both mutant and healthy proteins and tissues. Researchers at Caltech have come up with a potentially general method for selectively drugging only the mutant protein at fault for cancerous activity, even in the crowded and complex milieu of living cells. Their proof of concept study published in Nature Chemistry targets the E17K mutation, which can be the causative mutation of many types of cancer.
Medicine

How Brain Pacemakers Treat Parkinson's Disease 23

Posted by samzenpus
from the keeping-it-under-control dept.
the_newsbeagle writes Pharmaceutical research for neuropsychiatric disorders hasn't produced many breakthroughs lately, which may explain why there's so much excitement around "electroceutical" research. That buzzy new field encompasses deep brain stimulation (DBS), in which an implanted stimulator sends little jolts through the neural tissue. DBS has become an accepted therapy for Parkinson's and other motor disorders, even though researchers haven't really understood how it works. Now, new research may have found the mechanism of action in Parkinson's patients: The stimulation reduces an exaggerated synchronization of neuron activity in the motor cortex.
Businesses

Kludgey Electronic Health Records Are Becoming Fodder For Malpractice Suits 184

Posted by timothy
from the so-it-says-here-you-were-born-in-1709 dept.
Lucas123 writes The inherent issues that come with highly complex and kludgey electronic medical records — and for the healthcare professionals required to use them — hasn't been lost on lawyers, who see the potential for millions of dollars in judgments for plaintiffs suing for medical negligence or malpractice. Work flows that require a dozen or more mouse clicks to input even basic patient information has prompted healthcare workers to seek short cuts, such as cutting and pasting from previous visits, a practice that can also include the duplication of old vital sign data, or other critical information, such as a patient's age. While the malpractice suits have to date focused on care providers, they'll soon target EMR vendors, according to Keith Klein, a medical doctor and professor of medicine at UCLA. Klein has been called as an expert witness for more than 350 state or federal medical malpractice cases and he's seen a marked rise in plaintiff attorney's using EMRs as evidence that healthcare workers fell short of their responsibility for proper care. In one such case, a judge awarded more than $7.5 million when a patient suffered permanent kidney damage, and even though physicians hadn't neglected the patient, the complexity of the EMR was responsible for them missing uric kidney stone. The EMR was ore than 3,000 pages in length and included massive amounts of duplicated information, something that's not uncommon.
Medicine

Being Overweight Reduces Dementia Risk 97

Posted by timothy
from the correlation-is-easy dept.
jones_supa writes Being overweight cuts the risk of dementia, according to the largest and most precise investigation into the relationship (abstract). The researchers were surprised by the findings, which run contrary to current health advice. The team at Oxon Epidemiology and the London School of Hygiene and Tropical Medicine analyzed medical records from 2 million people aged 55 on average, for up to two decades. Their most conservative analysis showed underweight people had a 39% greater risk of dementia compared with being a normal healthy weight. But those who were overweight had an 18% reduction in dementia, and the figure was 24% reduction for the obese. Any explanation for the protective effect is distinctly lacking. There are some ideas that vitamin D and E deficiencies contribute to dementia and they may be less common in those eating more. Be it any way, let's still not forget that heart disease, stroke, diabetes, some cancers and other diseases are all linked to a bigger waistline. Maybe being slightly overweight is the optimum to strike, if the recent study is to be followed.
Medicine

The Democratization of Medical Diagnosis and Discovery 96

Posted by Soulskill
from the next-level-hypochondria dept.
An anonymous reader writes: As wearable fitness devices become popular, we're seeing the beginning of a change in how untrained people can monitor their own health. On top of that, we also have access now to powerful data-sharing tools — if a patient has the means and the interest to look at the data from a doctor's medical scans, she can. A post at the NY Times argues this is leading to the democratization of medical discovery. Physicians and researchers are now saying, "Better-informed patients ... are more likely to take better care of themselves, comply with prescription drug regimens and even detect early-warning signals of illness." These tools also allow easier aggregation of data from large groups of patients (hopefully anonymized), which can provide more accurate assessments of the typical course of disease than current methods, which often rely on interpretations of interpretations.
Security

DHS: Drug Infusion Pumps Vulnerable To Trivial Hacks 37

Posted by samzenpus
from the maintaining-the-proper-dosage dept.
chicksdaddy writes with news of a DHS warning about the vulnerability of a popular brand of drug pumps. "The Department of Homeland Security warned that drug infusion pump management software sold by Hospira contains serious and exploitable vulnerabilities that could be used to remotely take control of the devices.

The MedNet server software manages drug libraries, firmware updates, and configurations of Hospira intravenous pumps. DHS's Industrial Control System Computer Emergency Response Team (ICS-CERT) said in an advisory issued Tuesday that the MedNet software from the firm Hospira contains four critical vulnerabilities – three of them capable of being exploited remotely. The vulnerabilities could allow a malicious actor to run malicious code on and take control of the MedNet servers, which could be used to distribute unauthorized modifications to medication libraries and pump configurations.

The vulnerabilities were discovered by independent security researcher Billy Rios and reported to both Hospira and ICS-CERT. The vulnerabilities vary in their severity. Among the most serious is Rios's discovery of a plaintext, hard-coded password for the SQL database used by the MedNet software (CVE-2014-5405e). By obtaining that password, an attacker could compromise the MedNet SQL server and gain administrative access to the workstation used to manage deployed pumps."