An unprecedented ransomware attack affects 48 of England’s 248 trusts in waves of infections that spread globally on Friday. All but six trusts say they have returned to normal operations after they were forced to divert ambulances, cancel appointments, revert to paper, and order employees to unplug network cables from PCs and telephones.
The WannaCry ransomware, which demands a $300 ransom per infected Windows machine, initially affected computers primarily in Russia, Ukraine, and Taiwan. It uses the EternalBlue exploit that was made publicly available by hackers in mid-April. At least one hospital in Canada said it was threatened by WannaCry, but its antivirus software blocked it. Two hospitals in Indonesia were also hit as well as one in Taiwan and another in Scotland.
Microsoft issued a Windows patch to protect against the exploit in March, but many machines worldwide have not been updated. NHS is still running many Windows XP PCs, for which Microsoft’s extended support and security updates ended in 2014. Microsoft has responded to the attacks by providing an unprecedented public security update for Windows XP, Windows 8, and Windows Server 2003 to address WannaCry. Both Kaspersky and Bitdefender antivirus programs already protected against it.
The Russia-based hacker group that claims responsibility for the attack says it used cyber tools that were stolen from the US National Security Agency.
A 22-year-old security researcher apparently stopped the worldwide spread of WannaCry when his tests revealed that the malware was accessing an unregistered Internet domain, which he then registered to perform further testing. In doing so, he found that the ransomware stopped activating itself around the globe. The researcher theorizes that the hackers used the domain as a “kill switch” to prevent experts from analyzing in a sandbox environment. However, he cautions that the hackers could simply change the domain name the program checks, making it imperative that Windows PCs be brought up to date on patches.
A PC can be infected via a hyperlink spread by a phishing email, a web link or advertisement, or a document link.
John Gomez of Sensato offers these tips for health systems:
- Apply the SMB patch (MS17-010) to all Microsoft systems.
- Close ports 22, 23, 3389, TCP 139 and 145/UDP 137 and 138.
- Test backups and store them offline.
- Warn users not to open attachments.
- Restrict access to file-sharing sites.
- Review ransomware response protocols.
HIStalk Announcements and Requests
Eighty percent of poll respondents are not happy that the House passed the American Health Care Act. Frustrated says people should actually read the bill instead of parroting the opinions of others, adding that no healthcare system can survive if only sick people sign up and both the ACA and AHCA address that. Just a Nurse Analyst wonders about the backroom deals that were struck to pass it and questions the zeal to undo anything President Obama did regardless of the impact on Americans. Cosmos says every step of the process lacked moral discipline and integrity – the headlong rush and repeated attempts to repeat the ACA, the backroom negotiations, voting without CBO analysis, and a two-vote majority that suggests compromises undeserving of the resulting White House victory party. Malvern says that our healthcare cost of $10,000 per person each year can’t be solved by attacking coverage and premiums alone. Disgusted says it’s the most cynical, heartless pieces of legislation ever, especially the Medicaid cuts and the requirement of continuous coverage to have pre-existing conditions accepted. Printgeek thinks it’s a shame that the two political parties can’t even initiate a dialogue about healthcare. Bill says at least AHCA eliminates the word “affordable” as Congress finances access by increasing the federal deficit. HITgeek says healthcare requires a community health insurance risk pool to spread the cost of involuntary events, adding, “I am sick and tired of compassionless insurance, abetted by politics, being the gatekeeper for US healthcare.”
New poll to your right or here: What’s the most important factor in reducing US healthcare costs? The presence of the word “most” means I’m not oblivious to the desirability of an easy-out “all of the above” response, although I provided an “other” box in case my mental checklist of options is incomplete.
We funded the DonorsChoose grant request of Ms. L in Michigan, who asked for Chromebooks, headphones, and academic software subscriptions for her fourth grade class. She reports, “I am a fourth grade teacher on paper, but in reality, I teach students anywhere from a first grade to a fourth grade level. This poses a very real challenge that both my students and I deal with head-on. Technology is one way to successfully mitigate this particular hardship and thanks to you, our class was able to get the technology we need to be successful! Students have grown tremendously through these online platforms; we track and celebrate their progress weekly! It also makes students feel that they are valued. They have something BRAND NEW, that people whom they will never meet gave to them. That sense of value and feeling appreciated is HUGE and cannot be overstated. Thank you, thank you, thank you for making our class feel important!”
This Week in Health IT History
One year ago:
- Theranos says 2014-2015 lab test results from samples it ran using its proprietary Edison analyzer should not be trusted.
- The VA releases a software development kit for its open source Enterprise Health Management Platform.
- Competing Missouri HIEs argue over connectivity, member charges, and unnamed special interests.
Five years ago:
- Partners HealthCare announces plans to implement Epic at a cost of $600 million.
- Greenway Medical Technologies is the largest percentage gainer on the New York Stock Exchange, with shares up 20 percent since the company’s February IPO.
- NextGen parent Quality Systems acquires EDIS vendor The Poseidon Group.
- 3M makes its Healthcare Data Dictionary available worldwide at no cost.
- California’s HHS moves oversight of the Cal eConnect HIE to the Institute for Population Health Improvement.
- Allscripts appoints Paul Black to its board.
- A report finds that one-third of prescriptions are being sent electronically.
- Fairview Health Services admits that it was getting extensive negative feedback from its employees about the strong-arm collection tactics of Accretive Health.
Weekly Anonymous Reader Question
I’m delighted that my anonymous reader question surveys are getting so many responses that they don’t fit nicely into the Monday Morning Update. I’ve posted the two most recent sets of results at these links:
This week’s survey: What is the most customer-unfriendly term or condition you’ve seen in a healthcare software contract that the customer approved? This would be a good opportunity to warn others about items they shouldn’t accept.
Meanwhile, if you have ideas for future surveys, let me know – it’s an easy way to learn what your peers are seeing or thinking.
Last Week’s Most Interesting News
- ONC appoints Genevieve Morris, MA (Audacious Inquiry) to Principal Deputy National Coordinator for Health Information Technology.
- Memorial Hermann Health System (TX) pays $2.4 million to settle HIPAA charges after naming an arrested patient in a press release.
- Specialty EHR vendor Modernizing Medicine raises $231 million in funding.
- A contractor’s error exposes patient records of Bronx-Lebanon Hospital Center (NY) to the Internet due to a misconfigured backup.
Acquisitions, Funding, Business, and Stock
Google parent Alphabet invests $130 million in San Francisco insurance startup Clover Health, raising its total to $425 million and valuing the company at more than $1 billion. Clover manages claims for just 25,000 Medicare Advantage customers in New Jersey and competes against much larger insurers, but says its forte is mining patient data to identify potential problems that can be addressed via a Clover-managed home visit or other intervention.
- Memorial Hospital of Lafayette County (WI) will switch from Medhost to Epic in November 2017.
- Kaweah Delta Health Care District (CA) will replace Cerner/Siemens Soarian with Cerner Millenium in November 2017.
- Haxtun Hospital District (CO) switched from NextGen Healthcare to Athenahealth in April 2017.
- Platte Valley Medical Center (CO) will go live with Infor human resources in May 2017.
These provider-reported updates are supplied by Definitive Healthcare, which offers a free trial of its powerful intelligence on hospitals, physicians, and healthcare providers.
Allscripts promotes Dennis Olis to interim CFO following the resignation of Melinda Whittington, who is leaving the company for unstated reasons after just over a year on the job .
Government and Politics
MedSolutions CareCore – now part of specialty benefits manager EviCore — will pay $54 million to settle an HHS fraud lawsuit in which the company authorized Medicare and Medicaid payments for procedures it had not validated as medically necessary. The company admits that its executives monitored a dashboard of medical review cases, and when the list got too long, ordered clinical reviewers to approve requests for prior authorization even though nothing had changed, which the Department of Justice says resulted in improper payment in up to 300,000 cases. EviCore was rumored earlier this month to be reviewing a sale of the company or an IPO, with its $300 million in 12-month EBITDA valuing it at up to $4 billion.
A former podiatrist pleads guilty to defrauding Medicare of $6 million by implementing an EHR in his 16-state long-term care practice to generate false patient documentation that would earn payments, such as falsely describing toenail conditions as “painful to such a degree as to affect ambulation and balance.”
Privacy and Security
The local paper reports that Erie County Medical Center (NY) is still trying to recover its systems more than a month after an apparent ransomware attack.
The New York Times questions advertising drugs directly to consumers – legal in only two countries, the US and New Zealand — in noting TV commercials for a drug for an uncommon neurological condition for which it can stop uncontrolled crying or laughing. It notes that the commercial will likely pique the interest of overly emotional people well outside the drug’s target market who will pester their doctors to prescribe them the $700 per month drug.
Interesting: Dexter Holland – singer/songwriter of punk rock band The Offspring for more than 30 years – earns his PhD in molecular biology from USC with his dissertation titled “Discovery of Mature MicroRNA Sequences within the Protein-Coding Regions of Global HIV-1 Genomes: Predictions of Novel Mechanisms for Viral Infection and Pathogenicity.” As a clearly Renaissance man, he also has his own brand of hot sauce, is the former owner of a record label, and is a certified flight instructor who made a solo trip around the world in 10 days. Dr. Holland isn’t the first punk rocker to earn a PhD – Bad Religion founder Greg Graffin earned a Cornell doctorate in zoology and has taught and written on academic topics.
In Canada, Island Health tells nine internists who are refusing to use its Cerner-powered EHR because of patient safety concerns that they will no longer provide other doctors to enter their paper orders electronically. The CEO of Island Health says it’s OK that ED and ICU doctors haven’t used the systems – citing similar concerns – because they never fully transitioned to the EHR, but it’s too late for the internists to go back to paper. One of the protesting doctors, who is also president of the hospital’s medical staff, says the decree puts him in a difficult position because “it has the effect of barring me from practicing … without actually suspending me.”
Weird News Andy says that even though Sir Winston does not approve, he suggests ICD S01.22XS. In England, cocaine users are “getting Winstoned” when they use new, stiffer five-pound bank notes bearing the image of Winston Churchill to snort their drug of choice, leaving them with nose cuts.
- Gartner names Salesforce a leader for the ninth consecutive year in its Magic Quadrant for the CRM Customer Engagement Center.
- The SSI Group will exhibit at the HFMA Spring Joint Conference May 17 in St. Louis.
- TierPoint will host a grand opening for its Dallas-Allen data center on May 18 in Allen, TX.
- The Chartis Group publishes a white paper titled “The Impact of the American Health Care Act on Children’s Hospitals: Preparing for the Road Ahead.”
- TransUnion publishes a new white paper, “Uncompensated Care is on the Rise.”
- Conduent reports first quarter 2017 financial results.
- ZirMed publishes a new infographic, “ZirMed Denials by the Numbers.”
- 4 Reasons to Centralize Patient Access (Sagacious Consultants)
- Two Reasons a Check-In Tablet Improves the Patient Experience (Solutionreach)
- The True Value in Integration: Total Control of Your Data (Summit Healthcare)
- Managed Office 365: 4 Myth Busters about Office 365 (TierPoint)
- Are you playing “whack-a-mole” with your performance improvement initiatives? (Verscend Technologies)
- What have you done for yourself today? (Voalte)
- The Acceleration of Customer Experience (West Corp.)