A cyberattack of an unspecified nature against Nuance takes all of its cloud services – including dictation and transcription – offline. UPDATE: Nuance has since listed those applications that were not affected and the company is providing service updates.
One HIStalk reader reports that the culprit was ransomware. The company’s announcement says the attack originated in Europe.
I reached out to Nuance but my email couldn’t get through because of a Nuance mailserver error that was likely caused by powered-down servers.
Other newly reported ransomware attacks include drug maker Merck and Heritage Valley Health System (PA), which had to take all computers offline. A reader forwarded an email stating that a West Virginia hospital is also under attack.
Early reports suggest that Ukraine-based hackers used a tool developed by the National Security Agency to create the malware, which is also how the WannaCry ransomware was developed. A Ukrainian financial software firm that was infected then apparently inadvertently spread the malware widely via its software update.
Security firms believe the malware is a variant of Petya, which encrypts entire hard drives rather than just the files they contain. Like WannaCry before it, the malware can’t penetrate properly updated Windows computers. Microsoft released a patch MS17-010 in March that closed the exploit used by both WannaCry and Petya.
Preliminary hacker reports suggest that the a “kill switch” has been found that involves creating a file called C:\Windows\perfc. It has also been observed that the hacker message is displayed immediately as the hard drive encryption starts and CHKDSK is invoked, meaning the infected computer can be powered down immediately and left down and intact until the malware can be removed after booting from a Windows OS copy on disk or USB.
From Meghan Roh: “Re: Epic App Orchard reader comment correction. We offer 50 percent off the first year’s fee, and if any member is dissatisfied in the first six months, we’ll refund the program fee. We have not reduced program benefits. For developers who don’t know what we offer, we provide a list of more than 300 APIs during the enrollment process to help them make their decision.” Meghan is director of public affairs for Epic.
From Established Relationship: “Re: health systems implementing Epic. Epic does not require hospitals to follow its hiring practices (tests, interviews, etc.) They recommend testing applicants, but it’s up to hospitals to say yes or no. If a hospital opts to set aside their usual hiring practice and follow one recommended by a software vendor, they have to accept responsibility for losing experienced resources and implementing a system with a high percentage of inexperienced resources.” I think most health systems follow Epic’s model of maddeningly SAT-like tests and competitive interviews for newly their newly created positions that follow Epic’s recommended job descriptions and titles. I’m mixed on the practice, as follows:
- It seems to work in ensuring successful project outcomes, even though it was developed by Epic for hiring new college graduates into their first jobs.
- It’s not really too much different from other IT migrations in which those who maintained the legacy system are seen as one-trick ponies who are put out to pasture once their single skill is no longer needed, marginalizing the value of their non-system skills, experience, and relationships.
- It would be tough as a health system project executive to announce that you’ve decided to ignore Epic’s advice, whether it involves hiring, project reporting, or anything else. You don’t want to be the person identified as having gone rogue when the project stumbles.
- The biggest unsettling fact is that Epic’s model places minimal (actually negative) value on experience with other IT systems, yet its rigid certification and project management requirements nearly always deliver the expected results. That’s threatening to those who equate broad, long experience with better project outcomes.
From Smuggler: “Re: health insurance. Why should the government be allowed to require consumers to buy insurance, or anything else for that matter?” I agree, as long as those invincibles who decide to roll the actuarial dice sign a legally binding waiver acknowledging that they won’t get a penny in benefits from Medicare, Medicaid, or hospitals when something unexpected happens. It’s like homeowner’s insurance, flood insurance, or car insurance – if you opt out of the system, you’re on your own. Whatever’s left of the ACA made insurance available and relatively affordable, so it’s hard to drum up a lot of sympathy for those who could have afforded coverage but chose not pay the taxpayer-subsidized price. All of this would be moot if US healthcare costs weren’t so ridiculously high compared to the rest of the world, the elephant in the room that politicians seem unwilling to address, leaving the only balloon-squeezing choices of covering fewer or healthier people, restricting access to care via ever-narrowing networks or uncovered services, or raising premiums and deductibles.
From KLAS: “Re: reader’s comment about market share. The correct information from the 2016 and 2017 KLAS market share reports is as follows.”
- Acute wins for 2015-2016 for Cerner — 249 (includes one Soarian add-on in 2015).
- Total Millennium losses for 2015 and 2016 – 53.
- Cerner’s net growth — 196 acute hospitals for 2015 and 2016.
HIStalk Announcements and Requests
We provided an iPad Mini for Ms. N’s elementary school class in New York, which is using the tablet for self-assessing their art projects. She reports, “Students are able to take photos of their work give it a title and describe their art, including what materials they used and how they feel their worked turned out. The Mini allows students a sense of independence. Students are better able to share their work with family by using an art app that gives family an opportunity to comment on the artwork.”
Every year I offer a “Summer Doldrums” deal on newly signed sponsorships and webinars, because otherwise it’s pretty quiet and I get nervous that my industry irrelevancy has escalated. Contact Lorre.
Listening: new from San Antonio-based Nothing More, which plays a slick blend of prog rock, Muse-like soaring orchestration, and hook-laden alternative rock.
June 29 (Thursday) 2:00 ET. “Be the First to See New Data on Why Patients Switch Healthcare Providers.” Sponsored by Solutionreach. As patients pay more for their care and have access to more data about cost and quality, their expectations for healthcare are changing. And as their expectations change, they are more likely to switch providers to get them met. In this free webinar, we’ll look at this new data on why patients switch and what makes them stay. Be one of the first to see the latest data on why patients leave and what you can do about it.
July 11 (Tuesday) 1:00 ET. “Your Data Migration Questions Answered: Ask the Expert Q&A Panel.” Sponsored by Galen Healthcare Solutions. Presenters: Julia Snapp, manager of professional services, Galen Healthcare Solutions; Tyler Suacci, principal technical consultant, Galen Healthcare Solutions. This webcast will give attendees who are considering or in the process of replacing and/or transitioning EHRs the ability to ask questions of our experts. Our moderators have extensive experience in data migration efforts, having supported over 250+ projects, and migration of 40MM+ patient records and 7K+ providers. They will be available to answer questions surrounding changes in workflows, items to consider when migrating data, knowing what to migrate vs. archive, etc.
Previous webinars are on our YouTube channel. Contact Lorre for information on webinar services.
Women’s Care Florida chooses the Healow patient engagement mobile app from EClinicalWorks to help women manage their pregnancies, integrated with the OB/GYN group’s ECW EHR.
Kyruus hires Soojin Chung (Caradigm) as general counsel and chief administrative officer.
Jennifer Rouse (IBM) joins ClearData as VP of marketing.
Announcements and Implementations
A new TransUnion Healthcare survey finds that two-thirds of patients with hospital bills of under $500 don’t pay off the full balance, a big jump from 2014 as deductibles increased. The company projects that 95 percent of patients won’t pay their bills in full by 2020, noting also that the percentage of patients who pay nothing at all toward their balances is increasing.
An HFMA/Navigant survey of 125 health system CFOs and revenue cycle management executives finds that 74 percent are increasing their revenue cycle technology budgets, but are struggling to keep up with EHR upgrades and optimization. Consumer-facing tools such online payment portals and cost-estimation tools are common, but few health systems run propensity-to-pay models for individual patients.
Long-term care software vendor Cantata Health chooses Ability Network as its preferred revenue cycle management software vendor.
Baxter International integrates its DoseEdge Pharmacy Workflow Manager with Epic’s Willow pharmacy system to meet CMS requirements for documenting IV preparation accuracy.
Craneware announces GA of Trisus Claims Informatics, which automates claims review for completeness, accuracy, and conformance to normal charging behavior.
St. Joseph Hospital (NH) goes live on the EarlySense continuous monitoring inpatient system that uses an under-mattress sensor to monitor heart rate, respiratory rate, and motion.
In Canada, Waypoint Centre for Mental Health Care goes live on Meditech 6.1.
The State of Connecticut and the Connecticut State Medical Society will launch competing HIEs the next few months, with both organizations hoping users will be willing to pay for their services.
An Advisory Board analysis finds that the average 350-bed hospital fails to capture $22 million in revenue.
Government and Politics
The chairs of the Senate Veterans Affairs and Armed Services committees urge the VA to ask the DoD about lessons learned in its EHR procurement and implementation, expressing concern about potential VA cost overruns, implementation delays, lack of standardized processes, and excessive customization.
A GAO report says the VA’s clinical productivity metrics provide incomplete and possibly misleading information, noting that those metrics fail to capture information from contract physicians and advanced practice providers; don’t adequately incorporate clinical workload intensity; and are hampered by providers who don’t log their time and activities consistently. The lack of good data prevents the VA from identifying and promoting best practices, GAO concludes.
A hospital scrub nurse in Australia develops Scrubit, which improves OR setup by automating preference cards, setups, and lists of required equipment.
British military doctors blame the Ministry of Defence’s IT system for their mis-prescribing of antimalarial drugs for soldiers being shipped out to Afghanistan. They say the system is slow and can’t always bring up patient histories, meaning soldiers may be inappropriately prescribed mefloquine, which can cause depression and suicidal thoughts. The decade-old DMICP system is a customized version of EMIS PCS, provided by Canada-based vendor CGI, which has been the key player in quite a few IT screw-ups including Healthcare.gov.
MIT Technology Review says IBM is overhyping Watson, but the product still has the best chance among AI competitors of delivering healthcare value assuming that IBM can gain access to the data the system requires. The article says IBM has a leg up on startups because conservative large health systems trust it more than any other company. It notes that both IBM and MD Anderson raised expectations unreasonably before the organizations recently shuttered their joint $39 million project (budgeted for only $2.4 million). A snip:
To train Watson to go through giant pools of data and pull out the few pieces of information important to a single patient, someone has to do it by hand first, for thousands and thousands of cases. To recognize genes linked to disease, Watson needs thousands of records of patients who have specific diseases and whose DNA has been analyzed. But those gene-and-patient-record combinations can be hard to come by. In many cases, the data simply doesn’t exist in the right format—or in any form at all. Or the data may be scattered throughout dozens of different systems, and difficult to work with … To really help doctors get better outcomes for patients, however, Watson will need to find correlations between what it reads in health records and what Tang calls “all the social determinants of health.” Those factors include whether patients are drug-free, avoiding the wrong foods, breathing clean air, and on and on. But Tang concedes that today almost no hospitals or medical practices get that data reliably for a significant percentage of patients. Part of the problem is that hospitals have been slow to take up modern, data-driven practices. “Health care has been an embarrassingly late adopter of technology,” says Manish Kohli, a physician and health-care informatics expert with the Cleveland Clinic.
Researchers find that less than 1 percent of pathology specimens provide incorrect results due to mishandling (either switching samples between patients or “floater” cross-contamination), but DNA fingerprinting can eliminate those problems, albeit at a cost of $300 per test. Private insurance generally pays the cost to avoid higher bills for unnecessary or delayed treatment, but Medicare doesn’t. One urology practice starting using the error prevention system after being threatened by a lawsuit after it removed a man’s cancer-free prostate based on another patient’s specimen.
A study finds that a combination of wireless smart pill bottles, lottery-based incentives, and social support did not improve medication adherence or readmissions for post-MI patients.
A drug company whose opiate addiction treatment drug was getting little market traction hires lobbyists and makes political contributions to influence drug court judges, who then order offenders to be treated with the product that is injected monthly. The resulting sales have increased the company’s market cap to $9 billion. On the positive side, the drug seems to work well in blocking the pleasurable effect of opiates, it’s not addicting, and it’s long lasting. The negatives are lack of proof of long-term efficacy and its $1,000 per month cost.
- The local paper recognizes AssessURhealth Director of Operations and veteran Kyle Mynatt for his community contributions.
- Besler Consulting releases a new podcast previewing HFMA ANI 2017.
- Glassdoor.com recognizes CoverMyMeds CEO Matt Scantland as a highest-rated CEO.
- The General Services Administration (GSA) awards Audacious Inquiry (Ai) the 8(a) STARS II Governmentwide Acquisition Contract (GWAC).
Mr. H, Lorre, Jenn, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates. Send news or rumors.