The San Diego newspaper reports that Alvarado Hospital Medical Center (CA) has been hit by an unspecified “malware disruption.” The hospital declines to say whether it was ransomware, but states that it has not paid a ransom. The FBI is investigating. The hospital is owned by Prime Healthcare Services, which had two other of its hospitals recently disrupted by ransomware.
Meanwhile, Kings Daughters Health (IN) is hit by ransomware, with some systems remaining down since Wednesday morning. A hospital user opened an email attachment infected with the Locky malware.
The US Department of Homeland Security’s US-CERT, in collaboration with the Canadian Cyber Incident Response Centre, issues a ransomware alert that specifically calls out hospitals. It recommends that individuals and organizations:
- Perform and test backups and store them offline.
- Use application whitelisting that allows only specified programs to run.
- Apply patches and antivirus updates.
- Restrict user install and run privileges.
- Block suspicious attachments and avoid enabling macros from all email attachments.
- Don’t click unsolicited Web links.
From Jack: “Re: MedStar Health. Has a major portion of their infrastructure and server management outsourced to Dell, which manages them with offshore IT people. I find myself wondering if Dell is at risk here, and if so, are there others who are vulnerable to ransomware attacks.” Unverified.
From Kermit: “Re: whales. Sure, they get personal health records. Just not us.” Researchers propose creating electronic records for the 84 endangered whales that live in Puget Sound from spring to fall, explaining, “The goal is to really start getting a lot of data and pull them together in a way that permits easier analysis. Ultimately, the real benefit of any health record is to help make management decisions.”
From Boy Blunder: “Re: Epic 2015. I was on the call when an Epic support executive asked us to delay, with similar talking points to what was stated on HIStalk. He tried to minimize things, saying they’ve found fewer problems for each project released in 2015 and that waiting for a couple of fix packages would be better. That doesn’t square with the situation since we were discouraged from pursuing 2015 when it was released and have been warned on various pieces of broken functionality for months. An experienced TS’er said her colleagues testing these packages are worried about unrealistic timelines and the likelihood of newly created problems. She also expressed a lot of skepticism about the message we’d been getting from Epic’s leadership about things being on the right track given how long 2015 has been on the market, and encouraged us to consider delaying a bit further. It concerns me greatly that I’m getting a more realistic view of what’s happening from people that aren’t leading Epic than from those that are.” Unverified.
From Just HIT On: “Re: healthcare IT. I’m an undergrad in an unrelated major and just accepted a job with a big health IT vendor’s corporate development arm. I asked an associate there what I should read as a helpful daily news source and he suggested HIStalk. Do you recommend books or starter material so I can get my feet wet before starting?” I haven’t seen any books that would be a timely overview of the entire health IT industry. I would probably suggest reading all HIStalk posts going back six months or so – headlines, news posts, interviews, Dr. Jayne, our posts from the HIMSS conference, etc. Make notes about concepts that are unclear – say, clinical decision support or patient identifiers – and then search to find previous HIStalk posts on those topics. That will give you an immersion into what’s going on right now with some context and often a link to an article that I found acceptably authoritative. I’ll offer readers the chance to weigh in as well.
From Lantana: “Re: Epic. I’d to offer a shout-out to the Open.Epic team and give them credit for their openness (pun intended) in responding to another vendor’s very detailed requests related to how they integrate, in this case related to pushing CCDs. Unlike so many other vendors, they’re willing to invest time, answer progressively more detailed questions, and, it seems, always do so with a smile. This was all done simply through the website, with no clients involved and no clients even named. Simply open information sharing. So many other vendors, though not all, approach integration grudgingly and usually would only engage with another vendor if required or paid by their client. I’m grateful Epic has taken a different tack.” Verified, as this report came from a non-anonymous vendor executive.
HIStalk Announcements and Requests
Thanks to the following sponsors, new and renewing, that recently supported HIStalk, HIStalk Practice, and HIStalk Connect. Click a logo for more information.
Fifty-nine percent of non-profit employees admire and respect their organization’s highest-ranking executive, while in the for-profit world, it’s a 71 percent approval rating. That might be surprising to folks who assume that non-profit leaders earn more respect. New poll to your right or here: who would you trust most to protect your personal health data?
Ms. Lacey says her Texas elementary school class is using the two tablets we provided in funding her DonorsChoose request for before-school skills practice, in activity stations, and in after-school tutorials, with students asking her even before she arrives in the classroom if they can use them.
Also checking in is Ms. Alley of Virginia, whose elementary school class received an iPad Mini and accessories via our donation. Students are required to spend 20 minutes with the Imagine Learning program and previously could rarely get time with the school’s few iPads. They are also using it to practice math skills and she is using an app called Class Dojo to communicate with parents. She concludes, “The iPad mini has become an integral part of our classroom. I can’t imagine the days before we had it. Thank you so much for your generosity. You have truly made a huge difference to our classroom and our lives.”
Last Week’s Most Interesting News
- MedStar Health becomes the latest health system to have its systems taken down by ransomware.
- Orion Health lays off 10 percent of its US workforce.
- Southcoast Hospital (MA) will lay off 95 employees after a Q1 loss of $10 million that it blames on Epic project cost overruns.
- Dell announces that it will sell its IT services business, the former Perot Systems, to Japan’s NTT Data for $3.05 billion, 20 percent less than it paid for the business in 2009.
- Mandatory electronic prescribing takes effect statewide in New York.
April 8 (Friday) 1:00 ET. “Ransomware in Healthcare: Tactics, Techniques, and Response.” Sponsored by HIStalk. Presenter: John Gomez, CEO, Sensato. Ransomware continues to be an effective attack against healthcare infrastructure, with the clear ability to disrupt operations and impact patient care. This webinar will provide an inside look at how attackers use ransomware; why it so effective; and recommendations for mitigation.
Here’s the recording of Vince and Frank doing “rise of the small-first-letter vendors.”
Acquisitions, Funding, Business, and Stock
E-MDs closes its acquisition of McKesson’s ambulatory PM/EHR products.
Valence Health lays off 75 employees, half of them in Chicago. Nathan Gunn, MD, president of the company’s population health and risk services, has left for unspecified reasons.
The bond ratings agency of Baptist Health Care Corporation (FL) affirms its A- rating, but notes that profits will be hit by EHR training costs. Its Allscripts project will require $40 million in capital over the next five years for a March 2017 go-live, with Allscripts providing a $22 million, 10-year, interest-free loan.
The Cincinnati newspaper notes that Major League Baseball’s EHR allows players or their doctors to send their electronic health information to wherever they like, allowing a team’s physician to review a player’s medical history before recommending that the team acquire him. A snippet:
But in 2010, MLB introduced its Electronic Medical Records system, housing medical information on every player on every team in one centralized, online location. When a trade is being discussed, one team doctor can give another an electric key to access the records of a specific player. (Players are also given this key to distribute to whomever they wish once they reach free agency.) Access to such records usually shuts off after 24 hours, underlining how streamlined MLB has made a process that used to take at least several days. “We could do it the same day now,” Kremchek said. “The girls who work in my office can pull it up on a computer, and I can do it in the matter of 10 minutes.”
Those records are also dizzyingly complete. All available medical information on every player at every level of every organization is included, and go far beyond the scans taken when players first report to spring training each February. If a player sought treatment for any issue at any point in the season – even if he was issued two ibuprofen for a headache – that information is included. That’s a stark contrast from years ago, when a team didn’t know much about its own players, much less anyone else’s. “Twenty years ago when we started doing this, we had our own minor-league players showing up who had surgeries,” Kremchek said. “We never knew who had what, and they’d show up and have bandages on.”
Boston Children’s Hospital will roll out an Amazon Echo voice-powered system in the next few weeks that will “embed Children’s Hospital know-how” in the device.
Hospitals in Croatia entertain pediatric patients by having clown-physicians put on shows via Skype every Thursday at 5:00 p.m.
The Boston newspaper discovers that the Massachusetts Department of Health cited Brigham and Women’s Hospital (MA) last year for breaking its own policies in caring for a Middle Eastern prince who brought his personal chef and a seven-person entourage along with him for a seven-month stay in two penthouse suites. In a good example of VIP Syndrome, the patient had a drug-resistant infection but hospital management ordered employees not to wear mandatory protective gowns because the prince found them “offensive.” The hospital allowed him to leave for overnight hospital stays and allowed members of his entourage to administer his medications and clean his IV site. Employees were also alarmed by the large number of narcotics ordered for him and delivered to his penthouse.
Epic’s April Fool’s home page makeover was even wittier than usual, featuring clever humor from obviously well-read recent liberal arts grads. A faux news item involving a rebranding of the company’s Cogito ergo sum reporting system to its French translation of Je Pense Donc Je Suis explained with the drollest of humor, “Most customers simply found it too challenging to pronounce correctly a phrase from an irrelevant lingua mortua – ergo the name change …There was a certain a priori knowledge of Latin that was, ipso facto, just not present for most people.” An article citing an HIStalk interview with Athenahealth’s Jonathan Bush claims he’s been using MyChart while thinking it’s his own company’s portal, commending its “chill vibe” and adding, “I pulled my phone out after my duet with Erykah Badu at SXSW because I remembered I needed to schedule some vaccinations. Tom Hardy and I are running an ultramarathon in Madagascar next month. Anyway, I had them scheduled in under a minute. See, this kind of positively disruptive patient empowerment is exactly what Athenahealth is about.”
Another pretty good April Fool’s thing is Twine Health’s “Introducing Snapchart,” the EHR that immediately destroys the information you enter (if you’re over 30, Snapchat text messages self-destruct once read). It would have been nearly perfect had they wired CEO John Moore, MD, PhD with a lapel mike or used a directional one for better audio. Watch for cameos by John Halamka and ZDoggMD.
- TeleTracking will exhibit at the AORN Surgical Conference & Expo 2016 April 3-5 in Anaheim, CA.
- Zynx Health announces call for nominations for the 2016 Clinical Improvement Through Evidence Award.
- Highlights from CMS’ 2017 Advance Notice (Verisk Health)
- A new door opens. (Voalte)
- Be the Lexus of Healthcare (West Corp.)
- Side Effects May Include … Better Engagement (Xerox Healthcare)
- Final Four: Data Science and ZirMed March Madness (ZirMed)