Raleigh Housing Authority IT Systems Locked Out

Hackers strike demanding ransom payment

On April 29th, the Raleigh Housing Authority fell victim to a cyber attack that shut down their computer system. The attack disrupted the agency’s ability to access their email, files, and financial records, leaving the organization struggling to conduct their day-to-day operations.

The RHA provides affordable housing for low-income individuals and families in the Raleigh area. The cyber attack has had a significant impact on the agency’s ability to fulfill its mission of providing safe and affordable housing. In the aftermath of the attack, the RHA has been forced to rely on manual processes to complete their work, causing delays in critical services for their clients.

Cyber attacks have become increasingly common in recent years, with hackers targeting organizations of all sizes and industries. These attacks can result in the loss of sensitive data, financial losses, and damage to a company’s reputation. In the case of the RHA, the attack has disrupted the lives of the low-income families who rely on their services.

To prevent cyber attacks, organizations must prioritize cyber security. This includes implementing strong password policies, regularly updating software and systems, and educating employees on how to recognize and report suspicious activity. Additionally, organizations should consider investing in cyber security insurance to mitigate the financial impact of an attack.

When a cyber attack does occur, it’s important to have a plan in place to respond quickly and effectively. This includes identifying and isolating affected systems, restoring data from backups, and conducting a thorough investigation to determine the cause of the attack and prevent future incidents.

In the case of the RHA, they have taken steps to restore their computer systems and minimize the impact of the attack. However, the incident serves as a reminder of the importance of cyber security and the devastating consequences that can result from a successful cyber attack.

In conclusion, the cyber attack on the Raleigh Housing Authority is a sobering reminder of the importance of cyber security for organizations of all types and sizes. By prioritizing cyber security, organizations can protect their data, their financial stability, and the well-being of their clients.

Preoperative Care and Informed Consent: An audit trail’s role in retrospective assessment

Informed consent prior to a procedure should be documented in the patients chart and visible on an audit trail.

by Dr. Aikaterina Assimacopoulos

Informed consent is a must prior to any elective procedure. After all risks, benefits and alternatives (r/b/a’s) are thoroughly explained consent can be given. An informed patient is one who understands the nature and purpose of the procedure as well as postoperative expectations of pain, recovery time, need for physical therapy, and any changes to physical appearance. Signed consent should be found in the patients EMR.

Informed Risk Assessment

Common surgical risks include the risk of infection, bleeding or damage to surrounding organs. If a minimally invasive approach is planned, the possibility to convert to an open procedure should be discussed. If the patient is to have an exploratory surgery, a risk is the possibility that nothing is found on exploration. In some cases, there is a potential the surgeon recognizes additional measures must be taken upon viewing the patient’s anatomy. In these cases, the surgeon is usually aware of this potential and should obtain consent and discuss r/b/a’s.

Doctor Washing Hands Before Operating. Hospital Concept.

The benefit or likelihood of a positive outcome should be clearly and realistically defined. The patient should be aware of any alternative options and their r/b/a’s. This includes both more conservative methods of treatment such as medications, physical therapy, or injections as well as any alternative surgical approaches that may vary in method or invasiveness. For example, a vaginal vs. abdominal approach to hysterectomy or LINX vs. Nissen fundoplication methods for gastroesophageal reflux.

A signed consent form and statement should be uploaded in the chart. For example, “r/b/a’s discussed, patient expressed understanding, all questions asked and answered” should be documented in the chart. However, this does not necessarily mean the patient was properly informed. Often this statement is included as part of a provider’s template, without being consciously documented. Therefore, this raises the question of whether or not the conversation actually took place.

Because this discussion is verbal, it is difficult to use an audit trail to prove whether appropriate informed consent was obtained. However, an audit trail can be used to analyze other aspects of preoperative care which, if deficient, or incomplete, could support the notion informed consent was deficient as well.  

What to look for in an audit trail

If surgical complications arose and the physician was concerned about the preoperative care provided, the physician could enter the patient chart after the fact and make additions to the patient’s chart. This is why it is necessary to get an audit trail that extends through the date the EMR is generated. Providers can alter a patients EMR at any time. These changes might not be visible on the EMR but will be on the audit trail.

In most cases, evidence of the following actions should exist in both the printed patient chart and the audit trail:

  • A clinic visit in which the patient’s need for surgery is assessed.
  • Any attempt to manage symptoms with more conservative first-line measures. For example, prescription orders or referrals to physical therapy or a pain specialist.
  • A diagnosis made prior to surgery and added to the patient’s problem list.
  • In some cases, evaluation of the patient’s personal risk due to any comorbid conditions is done using a ‘risk calculator’ and results should be documented.
  • A preoperative physical/assessment for higher risk patients.
  • A complete history and physical note (H&P) within the 30 days prior to surgery.
  • Procedure-specific labs and imaging which should be viewed by the surgeon prior to surgery.

Vehicle Heists Skyrocket – Villains Hack Fobs

As motor vehicle theft rates increase, criminals use of technology to open and start vehicles without breaking in may be accelerating the rate of theft.

Smash and grab is no longer required to open a motor vehicle and drive off.

Vehicle theft over the years has largely been on the decline. Technology has improved, therefore, Anti-Theft Systems have gotten more advanced. Beginning around 1983, keyless entry systems began appearing on American Motors vehicles. By the mid to late 2000s, many fobs enabling remote ignition start became more common place on higher end vehicles. However, as this technology advances, criminals are finding new ways to break through.

Security researchers first reported security vulnerabilities in motor vehicle fobs around 2016. This could allow an unauthorized person to unlock and even start a vehicle by intercepting radio frequency (“RF”) emissions from a driver’s fob. Once intercepted, the unauthorized party could use the intercepted signals to conduct a replay attack. As a result, a successful attack on these identified vulnerabilities can allow the unauthorized person to unlock and start a vehicle.

RF Relay Attack Reported in 2017

On November 28, 2017, Police in West Midlands, UK released video footage showing criminals stealing a car by relaying a signal from the fob key inside the home to the car in the driveway. This fob replay attack effectively allows thieves to unlock a vehicle and start the ignition then are able to drive off with the vehicle undamaged. Later on, the thieves swap out the VINs, and reprogram new key fobs to work with the stolen vehicle.

Defcon Cyber Security and Hacker Conference Focus on Vehicle Exploitation in 2018

In 2018, Defcon, a popular cybersecurity event, attended by black and white hat hackers, featured its first Car Hacking Village. During that convention, a good deal of technology related vulnerabilities on vehicles were shared. Both White and Black Hat hackers attend these events. The Black Hats are the bad guys that seek to use security vulnerabilities to exploit weaknesses and commit crimes.

Motor Vehicle Theft Jumps in 2020

Data obtained from: https://www.iii.org/fact-statistic/facts-statistics-auto-theft

Motor Vehicle Theft data sets have yet to be released for 2021 for the entire United States. Early indicators show these types of crimes are experiencing rapid growth across the US.

High end vehicles are more likely to have keyless entry and remote ignition starting capabilities. They can also fetch a higher dollar amount when resold outside the US. As a result, according to New Jersey state police officer Cory Rodriguez, “Car theft in 2021 is up over 21% year-to-date for total thefts and about 44% for high-end vehicles.” Reports have indicated that thieves are using technology to execute vehicle thefts more efficiently and without immediate detection.

Chicago Motor Vehicle Thefts Climb with Fewer Arrests Made in 2021

Chicago Police Officers have witnessed thieves using laptops and other cyber tools to accelerate their ability to quickly steal locked vehicles. Data compiled from the City of Chicago website shows that “Motor Vehicle Thefts” across the city are accelerating at an alarming rate. The problem isn’t specific to Chicago and vehicle thefts appears to be increasing across the country as well.

Doorbell video: Car thieves use computing device to steal SUV in Metropolitan ChicagolandElmhurst – Video by WGN News

In Chicago, February 2021 crime statistics reported a total of 627 Motor Vehicle Theft incident reports filed. Of those reports, only 26 (4.1%) resulted in an arrest. Comparatively, last month in January 2022, there were 1,073 Motor Vehicle Theft related police reports filed, with only 20 (1.8%) of those resulting in an arrest.

Cyber Motor Vehicle Theft using technology
https://data.cityofchicago.org/Public-Safety/Crimes-Map/dfnk-7re6

Our data analysis of Chicago Crime statistics for the 12 month period beginning February 2021 until January 2022 indicates that there were a total of 10,823. Motor Vehicle Theft incidents reported. This equates to 395 per 100,000 persons based on Chicago’s 2021 estimated population of 2,739,797.

Vehicle thefts on the rise throughout the USA

Vehicle theft isn’t just rising in Chicago. In fact, Chicago doesn’t even rank among the top 20 US cities in vehicle thefts. For example, California, Texas and Florida are continually among the top states in vehicle theft per capita. Bakersfield, California has been the top city in vehicle thefts since 2019 and in the top 10 even longer. The rate of vehicle theft went up almost 25% from 2019 in Bakersfield in 2020.

Other cities are following similar trends. For instance, San Francisco’s rates rose almost 27% while Seattle’s rose almost 26% from 2019 to 2020. Additionally, the city with one of the largest 2019 to 2020 changes being Denver, which rose over 50%.

Conclusion

Above all, it’s important to remain cautious with your vehicle. Furthermore, there are steps you can take to help ensure your vehicle doesn’t get stolen and recovery steps for your vehicles safe return if it does. Despite the overwhelming decrease in motor vehicle thefts throughout the years, this recent upward reversal of the historical trend should be alarming to vehicle owners everywhere.

(Denver statistics filtered for reports coded as any of the following; “burg-auto-theft-busn-no-force”, “burg-auto-theft-busn-w-force”, “burg-auto-theft-resd-no-force”, “burg-auto-theft-resd-w-force”, “robbery-car-jacking “, “theft-items-from-vehicle”, and “theft-of-motor-vehicle”)
California, Texas and Florida lead the states with the greatest number of vehicle thefts and accounted for 37% of all Motor Vehicle Thefts in the nation, based on 2020 National Insurance Crime Bureau statistics.

The Pandemic Causing Increased Attacks on Corporate Security

Since the start of the pandemic, there has been much disruption in some industries. Many businesses have been challenged during the pandemic as a result of the difficulty of managing cyber and data security. Data breaches relating to remote workers and hacking of corporations continue to escalate at an alarming rate, require prompt response to mitigate the fallout.

There have been several significant shifts in the ways that businesses operate and their reliance on digital systems. Many businesses moved to a largely remote working model. Some have had to focus more on online activities in order to keep their brands active and visible. Businesses in a number of industries began to deliver products and services online for the first time. Meanwhile, those that already existed in online spaces saw an increase in business. All of these changes have meant that various security issues have arisen and become more prominent for businesses everywhere.

Increase in corporate data breaches

Cybercriminals have been taking advantage of the unprecedented circumstances caused by the pandemic, exploiting the vulnerabilities of businesses everywhere. Verizon carried out a recent study called ‘Analyzing the COVID-19 data breach landscape‘, which looks at 36 confirmed data breaches that were directly related to the pandemic. In addition, there was 474 data breaches between March and June 2020. Using this data, they determined that many cybercriminals were using the same methods to obtain data as before the pandemic while exploiting the disruption experienced by many businesses.

Remote Teleworkers facing cyber attacks threatening corporate security

One way in which corporate data breaches have been impacted by the pandemic is through increased use of ransomware. Seven of the nine malware incidents from Verizon’s 36 COVID-19 data breach cases demonstrated a spike in ransomware usage. Another change is in the way that criminals use phishing emails to play on the emotions of users. In a time when stress is high and mental health problems have increased, many people are more susceptible to phishing emails. Phishing was already a popular and often successful form of cyber attack before and even more so now.

Cost of data breaches for companies hit a record high in 2021

The cost of a data breach also hit a record high during the pandemic, according to IBM Security. They revealed the results of a global study showing the average cost of data breaches for companies surveyed was $4.24 million per incident. This is a 10% increase from the previous year. When remote work was a factor in the breach, data breaches cost an average of $1 million more. Stolen user credentials were the most common cause of data breaches. However, the study also showed the use of methods such as AI, security analytics, and encryption helped to reduce costs.

The COVID-19 pandemic has affected corporate data breaches due to a number of shifts in the way businesses are working, user behavior, and more. It’s vital for companies to take the right steps to prevent breaches and protect themselves.


If your company recently fell victim to a cyber attack, such as ransomware, or suspected data exfiltration by an unknown hacker, call Enigma Forensics today. We offer emergency incident response services and can help preserve available data, identify the origins of the attacker, and assist with the restoration of company services. Our experts have experience testifying and helping to mitigate risk and maximize your potential of recovering damages and lost data. Call us today at 312-668-0333 for a complimentary consultation.

Pegasus Apple iPhone Spyware Leads to Litigation

Apple has filed a lawsuit against NSO Group relating to their installation of Pegasus spyware on Apple users’ devices. Apple wishes to hold NSO Group accountable for their surveillance of users.

Apple has taken the significant step to begin notifying individuals about the threat of state-sponsored attacks on their accounts and devices. Apple is suing NSO Group and its parent company to attempt to hold them accountable for surveillance of Apple users. Their lawsuit, filed November 23, 2021, seeks an injunction to ban NSO Group permanently from using any Apple software, services, or devices. It comes after NSO Group has been shown to have infected Apple users’ devices with Pegasus spyware.

Apple’s Actions to Notify Impacted Users

Apple threat notifications are intended to provide warnings to individuals who may have been targeted by state-sponsored attacks. They use two different methods to notify the user through their account. When logging into appleid.apple.com, there will be a Threat Notification displayed at the top of the page. Additionally, the user will receive an email and an iMessage notification to the email addresses and phone numbers associated with their Apple ID account. The notifications offer advice on the steps that they can take to improve their security and protect their devices and personal information.

In a press release, Apple’s senior vice president of Software Engineering, Craig Federighi, said, “State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change.”

NSO Group Allegations

The legal complaint from Apple reveals new information about the activities of NSO Group. It highlights FORCEDENTRY, which exploited a former vulnerability to gain access to Apple devices and install the NSO Group’s spyware Pegasus. The lawsuit from Apple intends to both ban NSO Group from having access to Apple products and services and to seek action on the violation of federal and state law by the NSO Group.

WhatsApp Similar Litigation

In 2019, WhatsApp also brought a court case aiming to hold NSO Group accountable for distributing their spyware through the app. A group of other tech companies, including Google and Microsoft, lent their official support to WhatsApp to encourage the ​​United States Court of Appeals for the Ninth Circuit to hold NSO Group accountable.

Apple responds by funding Cyber Threat Research

Apple has also announced a $10 million contribution in support of cyber-surveillance researchers and advocates. Any damages from the lawsuit have also been pledged to organizations in these areas. Apple is also supporting Citizen Lab, a research group at the University of Toronto that originally discovered the exploit that NSO Group used, by providing technical, threat intelligence, and engineering assistance at no charge. They will also provide assistance to other organizations doing work in the same field, where appropriate.

Ron Deibert, director of the Citizen Lab at the University of Toronto said, “Mercenary spyware firms like NSO Group have facilitated some of the world’s worst human rights abuses and acts of transnational repression, while enriching themselves and their investors. I applaud Apple for holding them accountable for their abuses, and hope in doing so Apple will help to bring justice to all who have been victimized by NSO Group’s reckless behavior.”In response to the complaint, NSO Group replied, “Thousands of lives were saved around the world thanks to NSO Group’s technologies used by its customers”. They said, “Pedophiles and terrorists can freely operate in technological safe-havens, and we provide governments with the lawful tools to fight [them]. NSO group will continue to advocate for the truth.”

Related Posts

Cell Phone Privacy – San Bernardino
Cell Phone and Social Media Forensics

Decoding EMR Logs: Synapse PACS Database Table Names

Where do I start?

TABLE_NAME:

A   B   C   D   E   F  G  H   I   J   K   L   M
N   O   P   Q   R   S   T   U   V   W   X   Y   Z

A

  • ACCESSOR
  • ACCESSOR_ACTIVE_DIRECTORY
  • ACCESS_ITEM
  • ACCESS_RESTRICTION
  • ACR
  • ADD_TO_QUEUE_JOB_STATUS
  • AFFINITY_DOMAIN
  • ALIAS_PATIENT
  • ANATOMIC_REGION
  • AUDIT_INSTALL
  • AUDIT_ROWCOUNT

B

  • BACKFILL_PROCESS_TYPE
  • BACKFILL_QUEUE_PRIORITY
  • BACKFILL_QUEUE_STATUS
  • BACKUP_CONFIG
  • BACKUP_LOG
  • BERMUDA_GSPS_CSPS_CNT_UPD_CTL
  • BERMUDA_STUDY_INS_EUID_UPD_CTL
  • BODY_PART
  • BROADCAST_MESSAGE
  • BUTTON

C

  • CALIBRATE_SEQUENCE
  • CANNED_NOTE
  • CASCADED_DICOM_SR
  • CASCADED_IMAGE
  • CASCADED_SERIES
  • CASCADED_STUDY
  • CASCADED_VISIT
  • CHANGE_NOTIFICATION
  • CODING_SCHEME
  • COMMAND
  • COMMAND_CLASS
  • COMMAND_COL
  • COMMAND_COL_OP
  • COMMAND_COMMAND_CLASS
  • COMMAND_COND
  • COMMAND_FILTER
  • COMMAND_INTERFACE
  • COMMAND_INTERFACE_CLIENT
  • COMPONENT_CLASS
  • COMPRESSION
  • CONFERENCE_WORKFLOW_STATUS
  • CONFIG_JSON

D

  • DASHBOARD_CACHE
  • DATA_AGGREGATION_NAME
  • DATA_GUARD_COMMANDS
  • DATA_MAINTENANCE_LOG
  • DB_CHARACTER
  • DB_MEMORY_SIZING_BREAKUP
  • DB_RECOVERY_CONFIG
  • DB_STATISTICS_CONFIG
  • DB_STATS_APRIL_WK#_1
  • DB_STATS_APRIL_WK#_2
  • DB_STATS_APRIL_WK#_3
  • DB_STATS_APRIL_WK#_4
  • DB_STATS_CBO
  • DB_STATS_CBO_CONFIG
  • DB_STATS_JUNE_WK#_1
  • DB_STATS_MARCH_WK#_2
  • DB_STATS_MARCH_WK#_3
  • DB_STATS_MARCH_WK#_4
  • DB_STATS_MAY_WK#_1
  • DB_STATS_MAY_WK#_2
  • DB_STATS_MAY_WK#_3
  • DB_STATS_MAY_WK#_4
  • DB_STATS_MAY_WK#_5
  • DELETED_DICOM_SR
  • DELETED_IMAGE
  • DELETED_PATIENT
  • DELETED_SERIES
  • DELETED_STUDY
  • DELETION_REJECT
  • DEPARTMENT
  • DIAGNOSTIC_CODE
  • DICOM_BACKFILL_QUEUE
  • DICOM_CONFIG
  • DICOM_DESTINATION
  • DICOM_GROUP
  • DICOM_QR_ATTRIBUTE_INFO
  • DICOM_QR_DATE_CLAUSE_INFO
  • DICOM_QR_MATCHING_INFO
  • DICOM_QR_SELECT_INFO
  • DICOM_RETRIEVAL
  • DICOM_SR
  • DICOM_STORAGE
  • DICOM_STORAGE_BACKUP
  • DICOM_TAG
  • DICOM_VALUE_REP
  • DICT_NOTIFY_BANNER
  • DISPLAY
  • DOCUMENT
  • DOCUMENT_TYPE_CONFIG

E

  • EBF_DASHBOARD_SUMMARY
  • EMAIL_CONFIG
  • EMAIL_TYPE
  • ERBF_SFQ_STAT_TRANS
  • ERF_PROFILE_ACTION_TYPE
  • ERF_PROFILE_VERIF_METHOD
  • ERROR_MESSAGE
  • ERROR_TRACE_LOG
  • EVENT_LOG
  • EVENT_TYPE_CONFIG
  • EXTERNAL_IMAGE
  • EXTERNAL_IMAGE_DELETED

F

  • FCR_CODE
  • FCR_TO_CR_QUEUE
  • FCR_TO_CR_QUEUE_CTL
  • FETCH_QUEUE
  • FOLDER
  • FOLDER_COLUMN_LIST
  • FOLDER_COLUMN_PROPERTY
  • FOLDER_ETAG
  • FOLDER_FILTER
  • FOLDER_GROUP_COLUMN
  • FOLDER_ITEM
  • FOLDER_JSON
  • FOLDER_LOCALE
  • FOLDER_MERGE
  • FOLDER_MIGRATION
  • FOLDER_OBJECT
  • FOLDER_TEMP_OAK_PATCH2
  • FOLDER_TEMP_OAK_PATCH3
  • FOLDER_TEMP_STARBOARD
  • FORWARDING_PROFILE
  • FORWARDING_QUEUE_RESPONSE
  • FORWARDING_QUEUE_STATUS
  • FRAME_BOOKMARK
  • FUJIRDS_LOG

I

  • IMAGE
  • IMAGE_CALCULATION
  • IMAGE_DISPLAY
  • IMAGE_OVERLAY
  • IMAGE_REALLOCATE_ACTIVITY
  • IMAGE_RETRIEVAL_OPTION
  • IMAGE_STORAGE
  • IMAGE_VERSION
  • IMAGE_VERSION_DELETED
  • IMAGE_VERSION_MIGRATE_CTL
  • IOCM_REASON
  • IOCM_REJECTNOTE
  • IOCM_STUDY_LAST_REJECT
  • IPP
  • IPPSET_REF
  • IPP_CURVE

K

  • KEYWORD

L

  • LINK_FOLDER
  • LINK_FOLDER_CONTENT
  • LOCALE
  • LOCALIZATION
  • LOCALIZATION_LOCALE
  • LOCALIZATION_TEMP
  • LOCAL_AE
  • LOCATION
  • LOCK_INFO
  • LOCK_TYPE
  • LOG_ACTIVITY
  • LOG_CATEGORY
  • LONG_TERM_EVENT_LOG
  • LOOKUP

M

  • MANUAL_FOLDER_MIGRATION_LOG
  • MANUFACTURER_MODEL
  • MATCH_WEIGHT
  • MENU_CODE
  • MODALITY
  • MONTHLY_EVENT_VOLUME
  • MPPS

O

  • OAK_FOLDER
  • OAK_FOLDER_COLUMN_PROPERTY
  • OAK_PATCH2_FOLDER
  • OAK_POST_UPGRADE
  • OBJECT_TYPE
  • OBSOLETED_IMAGE
  • OP5_POST_UPGRADE
  • OS_REGION

P

  • PATIENT
  • PATIENT_MERGE_ACTIVITY
  • PERMANENT_DELETED_STUDY
  • POST_PROCESS_QUEUE
  • POST_UPGRADE
  • POWERJACKET_SETTING
  • PREFETCH_CFG
  • PREFETCH_QUEUE
  • PRESET
  • PRIORITY
  • PRIVILEGE
  • PRIVILEGE_COM_COM_CLASS
  • PROCEDURE_INFO
  • PROCEDURE_INFO_FCR
  • PROC_INFO_BODY_PART
  • PROPERTY

Q

  • QBE_FOLDER

R

  • RADIATION_DOSE
  • READING_PROTOCOL_OLD
  • READING_SPECIALTY
  • READING_SPECIALTY_PROC_INFO
  • RECYCLE_BIN
  • RECYCLE_BIN_DELETED
  • REFERENCE_RECONCILE_QUEUE
  • REFERENCE_RECONCILE_STATUS
  • REJECT_DICOM_SR
  • REJECT_IMAGE
  • REJECT_TYPE
  • RELATED_PROCEDURE_SYSTEM
  • RELATED_PROCEDURE_USER
  • REMOTE_AE
  • REMOTE_AE_NET_CONFIG
  • REMOTE_AE_SOP_STORAGE
  • REPORT_STATUS
  • RIS_CONFIG

S

  • SBP0_POST_UPGRADE
  • SCHOONER_POST_UPGRADE
  • SCRIPT
  • SECURE_URL_KEY
  • SECURITY_HIERARCHY
  • SECURITY_KEY_3D
  • SERIES
  • SERIES_DESCRIPTION_DOWNLOAD
  • SERIES_DESCRIPTION_REPORT
  • SERIES_REALLOCATE_ACTIVITY
  • SERVICE_PATH
  • SERVICE_PATH_PARAM
  • SERVICE_TRACELOG
  • SESSION_AGGREGATION
  • SESSION_AGGREGATION_DETAIL
  • SESSION_INFO
  • SFI_TEMP_TABLE
  • SGA_CACHE_TABLES
  • SHORTCUT
  • SITE
  • SOP_CLASS
  • SOP_CLASS_STORAGE
  • SSO_CLIENT
  • SSO_CLIENT_PROPERTY
  • SSO_CLIENT_SECRET
  • SSO_EXTERNAL_PROVIDER
  • SSO_REFRESH
  • SSO_SCOPE
  • SSO_SCOPE_CLAIM
  • SSO_TRANSIENT_DATA
  • STANDARD_PROCEDURE
  • STARBOARD_FOLDER
  • STATUS_CHANGE_QUEUE
  • STORAGE
  • STORAGE_BACKUP
  • STUDY
  • STUDY_ANOMALY
  • STUDY_DISPLAY_HISTORY
  • STUDY_DISPLAY_STATE
  • STUDY_DOCUMENT
  • STUDY_FOLDER_INTERSECTION
  • STUDY_FORWARDING_QUEUE
  • STUDY_IMAGE_SENDER
  • STUDY_MEDICAL_EVENT
  • STUDY_MEDICAL_EVENT_ACTIVITY
  • STUDY_MERGE_ACTIVITY
  • STUDY_OPEN_SESSION
  • STUDY_PRODUCTIVITY
  • STUDY_REALLOCATE_ACTIVITY
  • STUDY_SERIES_DESC
  • STUDY_SESSION_MONITOR
  • STUDY_STATUS
  • STUDY_STATUS_LOCALE
  • STUDY_TAT_HISTORY
  • STUDY_WF_EVENT_ACTIVITY
  • STUDY_WF_EVENT_LOG
  • SUBSCRIPTION
  • SYMON_ALERT
  • SYMON_MA_DEFINITION
  • SYMON_MA_TRIGGER
  • SYMON_SAMPLE
  • SYSMODEL_SERVER
  • SYSTEM_CONFIG
  • SYSTEM_VERSION

T

  • TAG_LOOKUP
  • TAT_AGGREGATION_DETAIL
  • TAT_AGG_MODALITY
  • TAT_AGG_MODALITY_PROC
  • TAT_AGG_MODALITY_STAT
  • TAT_AGG_MODALITY_STAT_LOC
  • TAT_AGG_TIME_PERIOD
  • TAT_AGG_USER_RAD
  • TAT_AGG_USER_TECH
  • TAT_AGG_VISIT_CLASS_STAT
  • TAT_AGG_VISIT_LOC_STAT
  • TEMP_LOCALIZATION_NEW
  • TEMP_LOCALIZATION_OLD
  • TEMP_LOCALIZATION_OLD_NEW
  • THINK_LOG
  • THINK_LOG_KEYWORD
  • TIMEZONE
  • TIME_PERIOD
  • TRANSFER_SYNTAX

U

  • USER_DEBUG_LOG
  • USER_DEBUG_LOG_DETAIL
  • USER_INFO
  • USER_PREFERENCES
  • USER_SESSION
  • USER_SESSION_MONITOR

V

  • VISIT
  • VISIT_MERGE_ACTIVITY
  • VISUALIZATION_METRIC
  • VIZ_METRIC_AGGREGATION
  • VIZ_METRIC_AGGREGATION_DETAIL

W

  • WORKFLOW
  • WORKLIST_COL_LOCALE_MODIFIER
  • WORKLIST_FAVORITE
  • WORKSTATION_SPECIAL_PATH
  • WS_PLUGIN
  • WS_PLUGIN_PARAM
  • WS_PLUGIN_TYPE
  • WS_PLUGIN_TYPE_PARAM

X

  • XDS_AUTHOR
  • XDS_AUTHORITY
  • XDS_BODYPART_EVENTCODE
  • XDS_BPPC_EVENTCODE_OPT
  • XDS_BPPC_PRIVACY_OPTION
  • XDS_CODES
  • XDS_CODETYPE
  • XDS_COMMENTS_POLICY
  • XDS_FORMATCODES_FILETYPE
  • XDS_MODALITY_EVENTCODE
  • XDS_PERSONLINK
  • XDS_PERSON_ID
  • XDS_PERSON_NAME
  • XDS_PIX
  • XDS_PROFILE
  • XDS_PROFILE_CONFIDENTIALITY
  • XDS_PROFILE_RECIPIENT_ORG
  • XDS_PROFILE_RECIPIENT_PERSON
  • XDS_PROFILE_SHARINGOPTION
  • XDS_RECIPIENT_ORGANIZATION
  • XDS_RECIPIENT_PERSON
  • XDS_RECIP_PERSON_ORG_MAP
  • XDS_REPOSITORY
  • XDS_REPOSITORY_DOCUMENT
  • XDS_SHARINGOPTION
  • XDS_SUBMISSION
  • XDS_TYPECODES_PROCCODE
  • XDS_USERROLE_MAP

A Cautionary Tale of Audio Forensics and Trade Secrets

One private firm’s artificial-intelligence system is deemed insufficient evidence

ShotSpotter, a gunshot detection firm contracted by police departments nationwide, has recently received criticism for its audio forensics system that, it claims, incorporates “sensors, algorithms, and AI” to identify gunshots and locate their source. While several precincts have praised the company for increasing police response to incidents of gun violence, its accuracy as evidence in court remains questionable.

There are two primary reasons for skepticism: 1) studies have indicated that its algorithm has a propensity for generating false positives, and 2) employees are able to modify the database after alerts come in. Since its system is protected as a trade secret, it has been generally inscrutable from oversight.

As seen in this Associated Press investigation, a State’s Attorney’s Office used ShotSpotter’s data for evidence in a case against a Chicago man. This left him in prison for 11 months before the judge dismissed the case. The report eventually released by ShotSpotter showed that the alert in question was identified differently at first. It alerted to a “firecracker” several blocks away from the alleged scene of the crime — but an employee later revised the identification and location. As a result, prosecutors decided that the “evidence was insufficient to meet [their] burden of proof.”

How could it be improved?

This case emphasizes the importance of accountability in regards to digital evidence on either side of a case. The Health Information Portability and Accountability Act (HIPAA), for example, requires retention of Electronic Medical Records (EMR) stored in Health Information Systems (HIS). Healthcare firms must record a permanent record of all additions, changes and deletions of EMR, including the time and person making those changes.

While ShotSpotter obviously isn’t in healthcare, its system would still benefit from similar transparency. It would help improve the reliability of such information. In this case, such logs would have revealed human intervention earlier on. This would have saved the defendant from the 11 he spent months in prison. In other cases, transparency could support prosecution. Regardless, it would bolster ShotSpotter’s credibility when used as evidence.

It’s possible that we could examine information recorded — when the stored data was originally entered and changes to that stored data — without violating trade secret status to a software provider’s algorithms.  HIS software providers have trade secret protection to their software. Still, they are required to disclose all record EMR, as well as the revision history to those records.

Where we can help.

Asking the right questions and gathering all available digital evidence is important to achieving an equitable outcome. Enigma Forensics has experience auditing and authenticating digitally stored electronic evidence. We can assist with validating such claims as genuine.

Preparing to Work with an EMR Expert

Learn what details to provide when hiring a data forensic expert during medical malpractice litigation to increase efficiency and cost effectiveness.

Prepare a summary of the following:

  • Develop timeline of notable events
  • Organize case documents and provide to your experts
  • Copy of the Complaint
  • Requests to produce
  • Interrogatories filed
  • Replies to Interrogatories
  • EMR Produced
  • Audit Logs Produced

Ask Your EMR Data Expert to Prepare the EMR for efficient review by attorneys & medical experts

  1. OCR the produced EMR (Allows for keyword searching)
  2. Convert the EMR to a spreadsheet format where practical
  3. Identify key events and providers
  4. Consider filtering for key dates, workers, or concepts
  5. Produce subset pdf documents / spreadsheets that are more easily reviewable
  6. Consider having pivot tables created showing overviews

In-Person Direct access provides additional information

  • Routing History
  • What the notes looked like at various points in time
  • Access to deleted records
  • Communications between healthcare workers
  • Example Screenshots from Popular HIS Systems follow

Enigma Forensics EMR Data Forensics Experts provide detailed analysis and interpretation of an EMR Audit Trail to assist Medical Malpractice Attorneys during litigation. We help win cases! Hire an Expert (HAE)! Call 312-668-0333

To Learn More about the EMR process

EPIC Software

Epic software is used by many hospitals that is HIPPA compliant. It is used to track all additions, modifications, and ensures the complete patient history is recorded. Check out this blog to learn more about EPIC software!

EPIC software is used by many hospitals to track patient care and manage the overall patient experience.  When something goes wrong during a patient stay that leads to long-term injuries or death of the patient, it is highly common that medical malpractice litigation ensues. 

Health Information Personal Privacy Act, HIPPA

The Health Information Personal Privacy Act, commonly referred to as HIPPA, places several important requirements on health care providers.  HIPPA requires that all access to a patient’s electronic medical record commonly referred to as EMR, track all addition, modifications, and allow access while ensuring the complete revision history of the EMR is maintained. 

EMR Audit Log

Audit logs or audit trails are required to ensure that reconstruction of the complete revision history can be established.  EPIC printed reports of patient’s EMR can be produced using various filters that result in a less than complete production of the patient’s full electronic medical records.  Some of the filters that are routinely used include:

  • Date filter to show only the time the patient was receiving care at the healthcare provider
  • Production of only non-confidential notations
  • Production of only the final version of the EMR without the detailed revision history
  • Filter notes exclusive to the named defendant health care providers
  • Filter by department

These filters described previously when used in producing a patient’s EMR result in an incomplete production of the EMR.

Sticky Notes

EPIC has a communication platform known as Sticky Notes. This serves as an instant messaging mode of communication between healthcare workers discussing a specific patient.  EPIC lacks a report that can allow easy printing or export of these notes. This creates a common misperception among health providers that these notes are not part of the legal discoverable record.  In fact, there are other ways to access these sticky notes, which are an important part of documenting the patient care provided.  An in-person inspection of the EMR using a camera to record the user’s screen can allow for obtaining these important communications. These sticky notes are part of the EMR and are subject to preservation by HIPPA. 

On-Site Inspection

During an onsite inspection to obtain the complete EMR, it is important to ensure that the user accessing EPIC has full administrative rights to the system.  In some health care organizations, sticky notes may be accessible only to physicians.  Regardless, obtaining these important communications can be a vital source of information to reveal important events leading up to a lifelong injury or death.

Enigma Forensics has assisted in numerous medical malpractice cases working with either the plaintiff or defendant’s side of litigation. Our experts dig through each record to analyze ultimately to find the “smoking gun!” We call ourselves the data detectives! If you are working on a medical malpractice case and would like to win, call Enigma Forensics at 312-668-0333.

To learn more about Electronic Medical Records check out these blogs.

In-Person Direct Access Provides Additional Information

An in-person on-site discovery will allow you to view what the EMR notes look like at different points in time, and gain access to inactive or deleted records. Check out this blog to learn more!


In-person direct access is what is often required to be able to get a complete view of what happened, because some of the data doesn’t show when you’re just looking at the produced printed charts. Such missing items may include: routing history, what the notes look like at different points in time, access to inactive or deleted records, and communications. Below is a screenshot from a popular Health Information System, Epic.

EPIC

Epic Notes View

So this is Epic and here you see the notes view and when you’re entering into the system, there’s routing which can give you additional detail about what happened in terms of the routing of the notes. You have a note time, a filed time, and a note time. In this case, all these records with exception of this one down here, the 10:04 AM note time was filed 15 minutes later. So it’s important to have both date and timestamps because sometimes, the file times are many days after discharge or nowhere contemporaneously to the events and that’s important if notes are being entered into this EMR days after something awful happened, you really want to know when those notes were filed. If they’re filed long after things went wrong, oftentimes, that suggests that fabrication of the EMR took place. You can see here, here’s some of the routing, it allows for you to specify different recipients and so knowing that routing of information, that’s important because it’s not always evident when you’re looking at the chart. Here’s an example of adding a note and you can see here, there’s the ability to copy and paste different notations. The date and time on these notes when you first go to create a note, default to the current computer’s clock time but it’s totally possible to change the date and time to put it back in time by dates or hours and that information is relevant. Here’s an example of the Cerner notes. Again, Cerner allows the user to change the date to something other than the current date and time. And it still stores, again, the creation time of that note, even if the note purports to be days earlier. And there are also different filters here, when you’re looking at the EMR with power notes on Cerner, there are different filters, such as my notes only, there’s inactive, active, and so on.

Watch other videos making up this 4 part series, Unlocking the EMR Audit Trail.

Part 1 of 4: “The Keys to Unlocking Electronic Medical Records”
https://enigmaforensics.com/blog/keys-to-unlocking-the-emr-audit-trails-electronic-medical-records/
Part 2 of 4: “HIPAA”
https://enigmaforensics.com/blog/health-insurance-portability-and-accountability-act-of-1996-hipaa/
Part 3 of 4: “Navigating to Trial or Settlement”
https://enigmaforensics.com/blog/navigating-to-trial-or-settlement/
Part 4 of 4: “In-Person Direct Access”
https://enigmaforensics.com/blog/in-person-direct-access-provides-additional-information/