Samwise Healthcare IT Newsletter
Wednesday, May 6, 2026
Senators Demand Stronger Oracle EHR Accountability as VA Begins 2026 Rollouts
Senators called on the Department of Veterans Affairs on May 6 to strengthen Oracle Health accountability provisions in its annual contract renegotiation, after discovering that a February 2026 pharmacy-focused software update contained code errors. Three Democratic senators urged the VA to use the contract review to add performance penalties and tighter oversight of Oracle deployments. The call for action comes as the VA moved forward with an ambitious 2026 rollout, deploying the Oracle EHR at four Michigan medical centers in April. A Government Accountability Office report found the department has not fully implemented previous recommendations, including updating total cost estimates and improving communications about system updates.
Sources: Healthcare IT News
Healthcare AI Investments at Risk Without Data Infrastructure to Support Them
Most health systems lack the data architecture, governance, monitoring, and workflow integration that artificial intelligence requires to operate safely at scale, according to a May 5 analysis in Healthcare IT News. Only 4 percent of chief information officers surveyed in a new Qventus report said they have scaled AI with measurable outcomes, while 45 percent cited difficulty moving beyond pilot projects. The analysis argues that hospitals investing in AI tools before resolving foundational infrastructure gaps are setting themselves up for failure. Authors recommend organizations prioritize clean, governed data pipelines before deploying clinical or operational AI systems to avoid costly rework and patient safety risks.
Sources: Healthcare IT News
DOJ, DEA and FBI Launch Coordinated Healthcare Fraud Task Force for West Coast
The Department of Justice launched a coordinated West Coast healthcare fraud enforcement initiative on May 5, combining resources from the DEA, FBI, and HHS to dismantle technology-enabled fraud schemes across Arizona, Nevada, and California. Dedicated prosecutors and investigators will target telehealth fraud, controlled substance schemes, and billing irregularities amplified by digital platforms. The initiative expands on earlier federal enforcement efforts, which included the largest-ever healthcare fraud takedown involving 324 defendants and $14.6 billion in alleged schemes. Officials said the West Coast regions have seen disproportionate growth in fraud operations that exploit telemedicine infrastructure and electronic prescribing systems.
Sources: Healthcare IT News
Former Hospital Pharmacist Indicted After Eight-Year Cyber Spying Campaign on Coworkers
A former pharmacy clinical specialist at the University of Maryland Medical Center was indicted by a federal grand jury on May 1 on charges of unauthorized computer access and aggravated identity theft after allegedly running an eight-year surveillance operation against nearly 200 coworkers. Matthew Bathula allegedly installed keylogging software on hundreds of hospital workstations, harvesting credentials for personal accounts including home surveillance systems, dating applications, and Google Nest devices. He then used those credentials to access webcams and monitor employees in their private residences. If convicted, Bathula faces up to ten years for computer fraud and two additional years for aggravated identity theft.
Sources: GovInfoSecurity
Health-ISAC Warns U.S. Hospitals to Fortify Systems Against Iran-Linked DDoS Attacks
The Health Information Sharing and Analysis Center has warned American hospitals to harden cybersecurity defenses against distributed denial-of-service attacks linked to the U.S.-Iran military conflict. Pro-Iranian hacktivist groups are targeting hospital websites, patient portals, VPN gateways, and other internet-facing systems, aiming to disrupt operations and create psychological impact rather than steal patient data. Hospitals are urged to inventory and secure internet-facing assets, enforce multifactor authentication, and rehearse clinical downtime procedures. The alert follows a March 11 attack by the pro-Iran group Handala on Stryker, a Michigan-based medical device company, which wiped over 200,000 devices and disrupted hospital operations globally.
Sources: Healthcare IT News
94% of Healthcare CIOs Say AI Scaling Delays Create Competitive Disadvantage
Nine out of ten healthcare chief information officers surveyed in a 2026 Qventus report said that failing to scale artificial intelligence creates a significant competitive disadvantage, yet only 4 percent have achieved scaled AI with measurable outcomes. The report documents how health systems are transitioning from AI experimentation to enterprise-wide implementation, with the largest barrier being EHR dependencies and fragmented technology integrations. Sixty-two percent of leaders cited revenue generation as a top metric, with 59 percent focused on hard cost savings. Half identified agentic and automated care platforms for scheduling, patient flow, and care gap management as the highest-return AI investment category available in 2026.
Sources: Healthcare IT News
VA Defends Oracle EHR Rollout Despite GAO Report Flagging Unresolved Safety Issues
The Department of Veterans Affairs is pushing back against reports of Oracle Health EHR glitches ahead of its accelerated 2026 deployment schedule, calling safety risk characterizations cherry-picked. Staff have reported disappearing patient notes and incorrect prescription dosages after software updates, though VA officials cite a 96.68 percent incident-free rate over the prior 18 months. A Government Accountability Office report found the agency has not updated total project cost estimates or resolved most prior watchdog recommendations. With four Michigan medical centers launched in April, nine additional sites are scheduled for 2026, including in Ohio and Indiana, amid continuing congressional and inspector general scrutiny of Oracle Health performance.
Sources: Healthcare IT News
DHS Warns Healthcare Sector of Iranian Cyber Actors Targeting U.S. Infrastructure
The Department of Homeland Security has warned healthcare organizations that Iran-linked cyber actors are actively targeting internet-facing operational technology systems across U.S. critical infrastructure. Iranian threat groups including Pioneer Kitten have a history of exploiting VPN flaws and remote access tools before selling network access to ransomware gangs such as ALPHV. Healthcare organizations are urged to audit internet-facing assets, prioritize VPN security patches, enforce identity-based access controls, and maintain clinical downtime protocols. The DHS warning aligns with broader federal guidance following the March 2026 Stryker attack, in which pro-Iran hackers wiped 200,000 devices across healthcare and defense networks worldwide.
Sources: Healthcare IT News
Curated by JD · samwise.agency