Dell’s security business finds that the going rate for hiring a hacker to penetrate Gmail, Hotmail, or Yahoo email accounts is $129, while breaching a corporate email account runs $500. They will hack into a Facebook or Twitter account for $129, provide a complete US identity (driver’s license, Social Security Card, and utility bill) for $90, or provide a Visa or MasterCard for $7. They’ll even turn over a US bank account with a $1,000 balance for just $40.
The enterprise price list is even more sobering – hackers will launch a denial-of-service attack for as little as $5 or will install a remote access Trojan for $5 to $10. Security sites have noted that hackers are selling Ransomware as a Service for $50 plus a 10 percent commission on the ransom money paid, allowing non-technical criminals to easily and immediately launch their own extortion business.
From Twidiots: “Re: [publication name omitted]. Stole your story about the DoD’s EHR project name without giving credit. I’m going to email them.” It’s common for sites to miss subtle but significant news items until they read about them on HIStalk, but it’s obvious this time because I ran the Tuesday evening announcement in my Thursday night news and suddenly everybody’s running it first thing Friday, pretending they found the days-old announcement themselves. That’s OK, but it’s still lazy to reword the DoD’s announcement without linking to it and to cite the published quotes as “US Department of Defense officials said” like some general called them up with a scoop. I guess they get lots of readers, just like those clueless “9 things you need to know” sites that rarely contain anything you might actually need to know. I think HIStalk readers are smarter than that, so there’s no need to email the publication.
From Vince Ciotti: “Re: Leapfrog’s tests that showed CPOE systems missed 39 percent of harmful drug orders and 13 percent of potentially fatal ones. That means they flag 61 percent and 87 percent, respectively – great progress since paper charts caught none of them!” Leapfrog took a measured approach in describing its findings as it does every year during Medication Safety Awareness Week, noting that CPOE warnings are doing a pretty good job. It’s nice that we’ve moved from questioning whether such warnings work at all to urging that it work 100 percent of the time.
From boyfrommer: “Re: Decision Resources Group. CEO Jim Lang quit and will be replaced with Jon Sandler of IndUS Group, the private equity arm of the group that purchased (and overpaid for) DRG in 2012. Jon has no operating experience and neither does his COO, who also comes from IndUS.” I’ve never heard of the company, which appears to provide medically related research reports.
From The PACS Designer: “Re: ICD-10-PCS. It’s an exciting time for healthcare as the ICD-10-PCS Procedure Codes will be updated with 3,651 additions by CMS to further enhance it starting October 1. Here’s a sample: 0273356 Dilate 4+ Cor Art, Bifurc, w 2 Drug-elut, Perc (abbreviated version) or Dilation of Coronary Artery, Four or More Arteries, Bifurcation, with Two Drug-eluting Intraluminal Devices, Percutaneous Approach.”
HIStalk Announcements and Requests
Poll respondents would fell safest having their medical information in the hands of Apple and an EHR vendor, placing the least trust with Microsoft and an HIE. My suspicion is that the spate of health system breaches of many kinds has cause people in general (and healthcare IT people in particular) to lose faith that their information will remain confidential. New poll to your right or here: have you had a virtual visit in the past 12 months?
Ms. Chestnut from Indiana says her fourth graders are becoming better world citizens by studying the library of nearly 100 books we provided in funding her DonorsChoose grant request.
Also checking in is Mrs. P from Virginia, who says she has “been laminating like a mad woman and our new printer is SO FAST” in describing some of the supplies that we provided, from which her elementary school students are creating their own math and reading games that they play independently.
Listening: The Raconteurs, the possibly defunct Detroit-Nashville supergroup foursome that includes Jack White, formerly of The White Stripes. It’s catchy, has big horns, and pushes into acid rock/Led Zeppelin in its experimentation. That sent me back (as happens frequently) to one the greatest (and most intelligent) live rock and roll bands in the world, Sweden’s Howlin’ Pelle Almqvist and The Hives.
Last Week’s Most Interesting News
- The Department of Defense gives its Cerner project the name MHS Genesis.
- MedStar Health (MD) disputes reports that its ransomware attack was made possible by unpatched server software.
- HHS asks for suggestions for interoperability measures that it should incorporate into MACRA objectives.
- Massachusetts General Hospital (MA) and two hospitals of NYC Health + Hospitals go live on Epic.
- At least two more hospitals are taken offline by ransomware attacks, this time in California and Indiana.
One of the best (and most timely) webinars we’ve done was last week’s “Ransomware in Healthcare: Tactics, Techniques, and Response” by Sensato CEO John Gomez. We had a big, engaged crowd that asked John so many questions that we didn’t have time to address them all in our scheduled one hour. It’s worth watching — we asked John to put this together purely as a public service, so there’s zero pitch or commercial influence involved.
Acquisitions, Funding, Business, and Stock
Medical equipment and workflow vendor Midmark Corporation will acquire RTLS vendor Versus Technology to enhance its clinical workflow offerings.
Asset, facilities, and real estate management software vendor Accruent acquires Mainspring Healthcare Solutions, which offers equipment maintenance and asset management systems.
Oncology EHR vendor Flatiron Health announces strategic partnerships with its drug company customers Celgene and Amgen, both of which participated in the company’s $175 million funding round in January 2016.
St. Peter’s Health Partners (NY) promotes interim VP/CIO Chuck Fennell to the permanent position.
Announcements and Implementations
IBM and drug company Pfizer will collaborate to remotely monitoring sensor data from people with Parkinson’s disease to look for new diagnostic and treatment insights.
Privacy and Security
Einstein Healthcare Network (PA) notifies 3,000 people who filled out a web form requesting information that their entries were exposed when the form’s underlying database was inadvertently opened up to the Internet.
Target says in a securities filing that it has spent $300 million cleaning up the mess from its 2013 data breach, of which it expects only $90 million to be covered by cyberinsurance.
Adobe urges computer users to upgrade to the latest level of Flash released last week after finding flaws that allow delivery of ransomware. Steve Jobs was right when he said in 2010, “Symantec recently highlighted Flash for having one of the worst security records in 2009. We also know first hand that Flash is the number one reason Macs crash. We have been working with Adobe to fix these problems, but they have persisted for several years now. We don’t want to reduce the reliability and security of our iPhones, iPods, and iPads by adding Flash.”
Want to make it obvious you don’t really know healthcare IT? Refer to inpatient drug “orders” as “prescriptions.”
Wired profiles artificial intelligence technology vendor Sentient Technologies, which has raised $143 million in funding since 2008 to create financial applications. The company is developing an “AI nurse” that can predict patient condition changes. The co-founder describes how such a system can teach humans:
One of the good things about evolutionary AI is that — if you know how to read it — you can actually see the rule sets. In the case of traders or of AI nurses (on which we are working, too), they are fairly complex beings. A trader may have up to 128 rules, each with up to 64 conditions. Same thing for an AI nurse. So, they are pretty complex systems and the interplay among these rules is not always linear. But if you spend some time on it, you can still understand what this thing is doing, because it’s declaratory — it says what it is doing, in other words. So we can certainly take this and learn from this what works and what doesn’t work when it comes to solving a certain problem. AI can teach people to make better decisions.
Authors from Kaiser Permanente describe what the organization has learned from having many of its patients use its patient portal over several years.
- Seventy percent of KP’s eligible adult patients, 5.2 million people, have registered to use its Epic MyChart-powered portal called My Health Manager.
- KP providers and patients exchanged 23 million secure emails in 2015, representing one-third of all PCP encounters in the first half of 2015.
- Use of secure email was associated with a 2 to 6.5 percent improvement in HEDIS measures and a 90 percent approval rate by users with chronic conditions.
- My Health Manager users are 2.6 times more likely to remain KP members.
- KP is studying the disparities introduced by e-health technologies after its studies found that a disproportionate number of users are white, older, and better educated.
Weird News Andy says he’s a sucker for stories like this. Wichita, KS police arrest a 36-year-old man for child abuse after the two-year-old son of his 21-year-old girlfriend is brought to the ED not breathing due to a two-inch dead octopus blocking his throat. The boyfriend claims the child swallowed the octopus while the mother was at work. Police say it wasn’t a pet – it was intended for sushi. The child is OK.
- DrFirstwill exhibitat the 2016 International MUSE Conference May 31 – June 3 in Orlando, FL.
- T-System will exhibit at the UCAOA National Urgent Care Convention April 17-20 in Orlando.
- TierPoint will host a seminar on Emerging Threats & Strategies for Defense April 13 in Liberty Lake, WA.
- TransUnion CMO Julie Springer is inducted into Direct Marketing’s 2016 Marketing Hall of Femme.
- Valence Health will exhibit at the First Illinois HFMA Spring Symposium April 11-12 in Chicago.
- Visage Imaging will exhibit at the 2016 Spring Radiology & Imaging Conference April 13-15 in Atlanta.
- VitalWare will exhibit at the 2016 Vizient Supplier Summit April 11-13 in Las Vegas.
- Huron Consulting Group will exhibit at the 2016 AAPL Annual Meeting and Spring Institute April 11-17 in Washington, DC.
- West Corp. will exhibit at the World Health Care Congress April 10-13 in Washington, DC.
- Key benefits of e-prescribing controlled substances (DrFirst)
- People are Talking Patient Flow at AONE & AORN (TeleTracking)
- Decompressing Post-HIMSS16 (Verisk Health)
- Key benefits of e-prescribing controlled substances (DrFirst)
- Bouncing Back at AONE 2016 (Voalte)
- “Master” Your Claims Submission Process (ZirMed)
- People, Not Patients – It’s More Than Semantics (Zynx Health)