Insiders and the FBI confirm that ransomware is behind the MedStar Health total downtime that continues after several days. The 10-hospital system says it has regained read-only access to its clinical systems and hopes to restore them completely. The hackers are demanding $1,250 per PC to remove the encryption they installed or $18,500 to restore access to all of them. The hacker’s message says the information will be permanently destroyed after 10 days.
MedStar says it has been able to treat patients in all but a few cases, although doctors there report that faxes are flying back and forth as they try to re-create patient records manually. The Washington Post contacted nine MedStar ED departments and four of them indicated that their systems were still offline as of Wednesday evening.
Sources indicate that the ransomware involved is SamSam or Maktub, which are the subject of a March 25 urgent alert from the FBI. They appear to specifically target hospitals. The malware probes the network looking for unpatched enterprise servers and requires no communication with external systems once installed, so unlike most forms of malware, it does not use phishing attacks. SamSam allows communication between the hackers and their victims, allowing them to negotiate payment terms. Hackers appear to be experimenting with the value of their services, pricing initial attacks low but escalating to see how much victims are willing to pay to restore their data.
An apparent network entry point is JexBoss, a testing tool for JBoss application servers.
As of Thursday afternoon, MyMedStar.org is down despite status updates whose links refer to it.
Note that if your backups are attached to the network, ransomware is often smart enough to find and delete them. Also, an astonishing percentage of organizations perform backups without actually testing whether they can be restored. Any time you see hospitals down for days you can assume their backups weren’t easily restorable. There’s also the issue of how to re-image encrypted PCs that could number in the hundreds or thousands, so recovering from a ransomware attack isn’t easy even when good backups are available.
From Annoyed: “Re: vendor spam. Someone must have sold my hospital email address because all I’m doing lately is unsubscribing from mass vendor solicitations. I opened one email just to click the unsubscribe link – the vendor emailed me saying they noticed I opened their email and wanting to schedule a call. Do vendors really think this aggressive tactic will make me consider their product?” Send me the email you’re referring to and I’ll run it here for everyone to see. Perhaps that will elicit a company explanation.
From Salty Dog: “Re: 3M 360 CAC encoder. It has a memory leak that is causing issues with implementations via Citrix. They are aware of the issue and have yet to produce a fix. This has to be impacting multiple users across the US. We need this fixed now … it is impacting revenue.” Unverified.
From Epic QA: “Re: Epic’s arbitration clause. Employment contracts have been updated to require arbitration rather than litigation for concerns about wages and hours. The company will apparently cover all fees except for the initial filing fee of the employee initiating arbitration. It’s an opt-out change – if you haven’t quit by April 12, you have agreed to the changes by default. This is apparently the last group of employees to be affected and is in response to a previous class action lawsuit about whether QA is entitled to overtime pay.”
HIStalk Announcements and Requests
Mrs. Sowers from Oklahoma says her elementary school class is using the STEM projects boxes we provided in funding her DonorsChoose grant request, providing new activities for her literacy station and science time.
Also checking in is Ms. Mohlman from Florida, who reports, “Thanks to your donations, the students have found their love of reading and math again. My boys love the completing the center that deals with cars and helicopters. Most of my girls enjoy the ‘Read All About It’ center. They love doing Reader’s Theater to each other during our small group time. They’re favorite educational game in the pack was Bingo. They love trying to get blackout, where they have to have their card all covered. It really helps practice their basic math and reading skills.”
This week on HIStalk Practice: CVS Health awards $1.5 million in grants to community health centers and free clinics. Office-based physicians outperform Teladoc MDs when it comes to appropriate prescribing practices. National Association of ACOs urges CMS to incorporate regional cost data into MSSP ACO benchmarking. Vice and Vanilla Ice inspire inaugural HIStalk Practice Headline of the Day awards. Dr. Gregg pontificates upon settled dust and workflow friendliness post-HIMSS16. Healthcare community celebrates National Doctors Day. Illinois Cancer Specialists relies on quality and cost data for new oncology medical home pilot. Dominic Mack, MD outlines his plans for the Morehouse School of Medicine’s National Center for Primary Care.
April 1 (Friday) 1:00 ET. “rise of the small-first-letter vendors … and the race to integrate HIS & MD systems.” Sponsored by HIStalk. Presenters: Frank L. Poggio, president and CEO, The Kelzon Group; Vince Ciotti, principal, HIS Professionals. Vince and Frank are back with their brutally honest (and often humorous) opinions about the rise of the small-first-letter vendors. Athenahealth and eClinicalWorks are following a growing trend toward real integration between hospital and physician systems, but this is not a new phenomenon. What have we learned from these same efforts over the last 30 years? What are the implications for hospital and ambulatory clients? What can clients expect based on past experience?
April 8 (Friday) 1:00 ET. “Ransomware in Healthcare: Tactics, Techniques, and Response.” Sponsored by HIStalk. Presenter: John Gomez, CEO, Sensato. Ransomware continues to be an effective attack against healthcare infrastructure, with the clear ability to disrupt operations and impact patient care. This webinar will provide an inside look at how attackers use ransomware; why it so effective; and recommendations for mitigation.
Acquisitions, Funding, Business, and Stock
New Zealand-based Orion Health will lay off 36 of its US-based employees, around 10 percent of its US workforce, in a cost-cutting effort. The company says implementations and upgrades take less time than before and thus require fewer FTEs. CEO Ian McCrae also says having employees spread throughout the US, including some who work from home, hasn’t been successful. The company will centralize its US workforce in Phoenix, AZ while maintaining small branch offices in Boston, Nashville, and Santa Monica.
Onslow Memorial Hospital (NC) chooses PatientSafe Solutions for clinical communications and workflow.
PinnacleHealth (PA) chooses Strata Decision’s StrataJazz for financial analytics and performance.
University Hospitals (OH) will expand its use of Allscripts Sunrise Clinical Manager and will install it in five recently acquired hospitals, also increasing its rollout of Allscripts dbMotion.
In England, Salford Royal NHS Foundation Trust chooses Allscripts CareInMotion population health management system.
The SSI Group names Eric Nilsson (NexTech) as CTO.
Announcements and Implementations
The FHIR team announces changes and new features that will be included in the May release.
HCS announces its readiness for the April 1 CMS LTCH CARE Data Set Version 3.00 for long-term acute care hospitals.
Privacy and Security
Department of Homeland Security’s ICS-CERT finds hundreds of remotely exploitable security vulnerabilities in end-of-life versions of CareFusion’s Pyxis SupplyStation, most of them attributable to outdated third-party software such as Windows XP, SQL Anywhere 9, and pcAnywhere 10.5. CareFusion urges customers to upgrade from its old versions, with specific recommendations to:
- Isolate the products from the Internet.
- Use a VPN when remote access is required.
- Monitor network traffic.
- Close unused device ports.
- Make sure the devices are behind firewalls and isolated from the business network.
- Update Microsoft patches.
- Require strong, expiring passwords and enable password history tracking.
Apple admits that despite its promise not to collect user data from ResearchKit for its own purposes, it has starting doing so. Apple will collect and store de-identified information from some studies, which it explains as, “For certain ResearchKit studies, Apple will be listed as a researcher, receiving data from participants who consent to share their data, so we can participate with the larger research community in exploring how our technology could improve the way people manage their health.” Two apps, including Mole Mapper from OHSU, have amended their terms to list Apple as a secondary researcher.
Innovation and Research
In the UK, University of East Anglia launches a four-year study of provider data to identify factors affecting how long people live, including medical treatments, conditions, and lifestyle choices. The researchers will focus on the effect on lifespan of specific chronic disease treatments.
Researchers that include Harvard’s Ken Mandl, MD, MPH and Zak Kohane, MD, PhD of the SMART Platform develop SMART PCM, a prototype precision medicine app created by Vanderbilt University that connects to any SMART- or FHIR-enabled EHR to compare a patient’s gene mutations to those of a comparable population.
Southcoast Health (MA) will lay off 95 employees, 1.3 percent of its workforce, after reporting a $10 million Q1 loss that it blames on unbudgeted expenses in its $100 million Epic implementation. The hospital says the unplanned costs have continued into the current quarter, with the president and CEO adding, “These financial challenges are attributable to higher-than-budgeted operating expenses, largely a result of our Epic implementation.”
An analysis of clinical decision support systems at Brigham and Women’s Hospital (MA) finds that CDS malfunctions are common and are often undetected. Examples include a drug setup changes that caused alerts to stop firing; a rule editing mistake that caused a lead screening alert to stop working; an EHR upgrade that triggered numerous inappropriate alerts; and a change to a vendor’s drug file that caused the system to recommend antiplatelet drugs for patients already on them. The authors surveyed CMIOs and found that 93 percent worked for a hospital that experienced at least one CDS malfunction, with two-thirds of them reporting problems at least once per year.
I visited Epic’s site to see if they’ve planted any hints about their always-witty April 1 fake news items. They haven’t, but I noticed that they have made major site changes with a lot of casual stories, photos, a “Art at Epic” series that explains some of the campus artwork, and even recipes from the campus culinary team. Some of their folks may be too busy for April Fool’s pranks given that NYC Health + Hospitals will be going live early Saturday morning.
- PDR will exhibit at Computer Rx April 1-2 in Oklahoma City, OK.
- LifeImage will exhibit at SBI 2016 April 7-9 in Austin, TX.
- A Spok case study finds that Presbyterian Healthcare Services reduced nurse response time to under three minutes and reduced communication-related complaints by 75 percent by using Spok Messenger for clinical alerting.
- Clockwise.MD will exhibiting at the UCAOA Spring Convention in Kissimmee, FL April 17-19.
- MedData will host a job fair April 7 in Grand Rapids, MI.
- NVoq will exhibit at ACC 2016 April 2-4 in Chicago.
- Obix Perinatal Data System will exhibit at the Annual Iowa Conference on Perinatal Medicine April 5-6 in Des Moines.
- CloudWave joins the CHIME Cooperative Member Services Program.
- Reducing Improper Access of Patient Records by 98% (Iatric Systems)
- Local SEO & Listings Management are Essential in Healthcare Marketing (Influence Health)
- 5 Strategies for Effective Patient Engagement (NextGen Healthcare)
- The Disconnect in our Healthcare Economy (InstaMed)
- How are companies managing risks in the new data-centric world? (Liaison Technologies)
- The Impact of Increased Patient Referrals and Retention Rates (Nordic)
- Meaningful Use – What do we do now? (Aprima)
- Embracing ICD-10.1 (PatientKeeper)
- Balancing Act: Making data security a priority in daily nursing routines (PerfectServe)
- Annual Obstetric Malpractice Review (PeriGen)
- Why the “Silicon Prairie” is Working (Phynd)
- There’s No Stopping I-STOP (Point-of-Care Partners)
- For True HIT Interoperability, Get on the (Service) Bus! (Streamline Health)
- I-STOP Legislation Takes Effect in New York, Spurs Provider eRx and EPCS Adoption (Surescripts)