Home » News » Currently Reading:

News 4/1/16

March 31, 2016 News 10 Comments

Top News


Insiders and the FBI confirm that ransomware is behind the MedStar Health total downtime that continues after several days. The 10-hospital system says it has regained read-only access to its clinical systems and hopes to restore them completely. The hackers are demanding $1,250 per PC to remove the encryption they installed or $18,500 to restore access to all of them. The hacker’s message says the information will be permanently destroyed after 10 days.

MedStar says it has been able to treat patients in all but a few cases, although doctors there report that faxes are flying back and forth as they try to re-create patient records manually. The Washington Post contacted nine MedStar ED departments and four of them indicated that their systems were still offline as of Wednesday evening.


Sources indicate that the ransomware involved is SamSam or Maktub, which are the subject of a March 25 urgent alert from the FBI. They appear to specifically target hospitals. The malware probes the network looking for unpatched enterprise servers and requires no communication with external systems once installed, so unlike most forms of malware, it does not use phishing attacks. SamSam allows communication between the hackers and their victims, allowing them to negotiate payment terms. Hackers appear to be experimenting with the value of their services, pricing initial attacks low but escalating to see how much victims are willing to pay to restore their data.

An apparent network entry point is JexBoss, a testing tool for JBoss application servers.



As of Thursday afternoon, MyMedStar.org is down despite status updates whose links refer to it.

Note that if your backups are attached to the network, ransomware is often smart enough to find and delete them. Also, an astonishing percentage of organizations perform backups without actually testing whether they can be restored. Any time you see hospitals down for days you can assume their backups weren’t easily restorable. There’s also the issue of how to re-image encrypted PCs that could number in the hundreds or thousands, so recovering from a ransomware attack isn’t easy even when good backups are available.

Reader Comments

From Annoyed: “Re: vendor spam. Someone must have sold my hospital email address because all I’m doing lately is unsubscribing from mass vendor solicitations. I opened one email just to click the unsubscribe link – the vendor emailed me saying they noticed I opened their email and wanting to schedule a call. Do vendors really think this aggressive tactic will make me consider their product?” Send me the email you’re referring to and I’ll run it here for everyone to see. Perhaps that will elicit a company explanation.

From Salty Dog: “Re: 3M 360 CAC encoder. It has a memory leak that is causing issues with implementations via Citrix. They are aware of the issue and have yet to produce a fix. This has to be impacting multiple users across the US. We need this fixed now … it is impacting revenue.” Unverified.


From Epic QA: “Re: Epic’s arbitration clause. Employment contracts have been updated to require arbitration rather than litigation for concerns about wages and hours. The company will apparently cover all fees except for the initial filing fee of the employee initiating arbitration. It’s an opt-out change – if you haven’t quit by April 12, you have agreed to the changes by default. This is apparently the last group of employees to be affected and is in response to a previous class action lawsuit about whether QA is entitled to overtime pay.”

HIStalk Announcements and Requests

image image

Mrs. Sowers from Oklahoma says her elementary school class is using the STEM projects boxes we provided in funding her DonorsChoose grant request, providing new activities for her literacy station and science time.


Also checking in is Ms. Mohlman from Florida, who reports, “Thanks to your donations, the students have found their love of reading and math again. My boys love the completing the center that deals with cars and helicopters. Most of my girls enjoy the ‘Read All About It’ center. They love doing Reader’s Theater to each other during our small group time. They’re favorite educational game in the pack was Bingo. They love trying to get blackout, where they have to have their card all covered. It really helps practice their basic math and reading skills.”

This week on HIStalk Practice: CVS Health awards $1.5 million in grants to community health centers and free clinics. Office-based physicians outperform Teladoc MDs when it comes to appropriate prescribing practices. National Association of ACOs urges CMS to incorporate regional cost data into MSSP ACO benchmarking. Vice and Vanilla Ice inspire inaugural HIStalk Practice Headline of the Day awards. Dr. Gregg pontificates upon settled dust and workflow friendliness post-HIMSS16. Healthcare community celebrates National Doctors Day. Illinois Cancer Specialists relies on quality and cost data for new oncology medical home pilot. Dominic Mack, MD outlines his plans for the Morehouse School of Medicine’s National Center for Primary Care.


April 1 (Friday) 1:00 ET. “rise of the small-first-letter vendors … and the race to integrate HIS & MD systems.” Sponsored by HIStalk. Presenters: Frank L. Poggio, president and CEO, The Kelzon Group; Vince Ciotti, principal, HIS Professionals. Vince and Frank are back with their brutally honest (and often humorous) opinions about the rise of the small-first-letter vendors. Athenahealth and eClinicalWorks are following a growing trend toward real integration between hospital and physician systems, but this is not a new phenomenon. What have we learned from these same efforts over the last 30 years? What are the implications for hospital and ambulatory clients? What can clients expect based on past experience?

April 8 (Friday) 1:00 ET. “Ransomware in Healthcare: Tactics, Techniques, and Response.” Sponsored by HIStalk. Presenter: John Gomez, CEO, Sensato. Ransomware continues to be an effective attack against healthcare infrastructure, with the clear ability to disrupt operations and impact patient care. This webinar will provide an inside look at how attackers use ransomware; why it so effective; and recommendations for mitigation.

Contact Lorre for webinar services. Past webinars are on our HIStalk webinars YouTube channel.

Acquisitions, Funding, Business, and Stock


New Zealand-based Orion Health will lay off 36 of its US-based employees, around 10 percent of its US workforce, in a cost-cutting effort. The company says implementations and upgrades take less time than before and thus require fewer FTEs. CEO Ian McCrae also says having employees spread throughout the US, including some who work from home, hasn’t been successful. The company will centralize its US workforce in Phoenix, AZ while maintaining small branch offices in Boston, Nashville, and Santa Monica.



Onslow Memorial Hospital (NC) chooses PatientSafe Solutions for clinical communications and workflow.

PinnacleHealth (PA) chooses Strata Decision’s StrataJazz for financial analytics and performance.


University Hospitals (OH) will expand its use of Allscripts Sunrise Clinical Manager and will install it in five recently acquired hospitals, also increasing its rollout of Allscripts dbMotion.

In England, Salford Royal NHS Foundation Trust chooses Allscripts CareInMotion population health management system.



The SSI Group names Eric Nilsson (NexTech) as CTO.

Announcements and Implementations


The FHIR team announces changes and new features that will be included in the May release.

HCS announces its readiness for the April 1 CMS LTCH CARE Data Set Version 3.00 for long-term acute care hospitals.

Privacy and Security


Department of Homeland Security’s ICS-CERT finds hundreds of remotely exploitable security vulnerabilities in end-of-life versions of CareFusion’s Pyxis SupplyStation, most of them attributable to outdated third-party software such as Windows XP, SQL Anywhere 9, and pcAnywhere 10.5. CareFusion urges customers to upgrade from its old versions, with specific recommendations to:

  • Isolate the products from the Internet.
  • Use a VPN when remote access is required.
  • Monitor network traffic.
  • Close unused device ports.
  • Make sure the devices are behind firewalls and isolated from the business network.
  • Update Microsoft patches.
  • Require strong, expiring passwords and enable password history tracking.


Apple admits that despite its promise not to collect user data from ResearchKit for its own purposes, it has starting doing so. Apple will collect and store de-identified information from some studies, which it explains as, “For certain ResearchKit studies, Apple will be listed as a researcher, receiving data from participants who consent to share their data, so we can participate with the larger research community in exploring how our technology could improve the way people manage their health.” Two apps, including Mole Mapper from OHSU, have amended their terms to list Apple as a secondary researcher.

Innovation and Research


In the UK, University of East Anglia launches a four-year study of provider data to identify factors affecting how long people live, including medical treatments, conditions, and lifestyle choices. The researchers will focus on the effect on lifespan of specific chronic disease treatments.

Researchers that include Harvard’s Ken Mandl, MD, MPH and Zak Kohane, MD, PhD of the SMART Platform develop SMART PCM, a prototype precision medicine app created by Vanderbilt University that connects to any SMART- or FHIR-enabled EHR to compare a patient’s gene mutations to those of a comparable population.



Southcoast Health (MA) will lay off 95 employees, 1.3 percent of its workforce, after reporting a $10 million Q1 loss that it blames on unbudgeted expenses in its $100 million Epic implementation. The hospital says the unplanned costs have continued into the current quarter, with the president and CEO adding, “These financial challenges are attributable to higher-than-budgeted operating expenses, largely a result of our Epic implementation.”

An analysis of clinical decision support systems at Brigham and Women’s Hospital (MA) finds that CDS malfunctions are common and are often undetected. Examples include a drug setup changes that caused alerts to stop firing; a rule editing mistake that caused a lead screening alert to stop working; an EHR upgrade that triggered numerous inappropriate alerts; and a change to a vendor’s drug file that caused the system to recommend antiplatelet drugs for patients already on them. The authors surveyed CMIOs and found that 93 percent worked for a hospital that experienced at least one CDS malfunction, with two-thirds of them reporting problems at least once per year.


I visited Epic’s site to see if they’ve planted any hints about their always-witty April 1 fake news items. They haven’t, but I noticed that they have made major site changes with a lot of casual stories, photos, a “Art at Epic” series that explains some of the campus artwork, and even recipes from the campus culinary team. Some of their folks may be too busy for April Fool’s pranks given that NYC Health + Hospitals will be going live early Saturday morning.

Sponsor Updates

  • PDR will exhibit at Computer Rx April 1-2 in Oklahoma City, OK.
  • LifeImage will exhibit at SBI 2016 April 7-9 in Austin, TX.
  • A Spok case study finds that Presbyterian Healthcare Services reduced nurse response time to under three minutes and reduced communication-related complaints by 75 percent by using Spok Messenger for clinical alerting.
  • Clockwise.MD will exhibiting at the UCAOA Spring Convention in Kissimmee, FL April 17-19.
  • MedData will host a job fair April 7 in Grand Rapids, MI.
  • NVoq will exhibit at ACC 2016 April 2-4 in Chicago.
  • Obix Perinatal Data System will exhibit at the Annual Iowa Conference on Perinatal Medicine April 5-6 in Des Moines.
  • CloudWave joins the CHIME Cooperative Member Services Program.

Blog Posts


Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates.
Send news or rumors.
Contact us.


View/Print Text Only View/Print Text Only

HIStalk Featured Sponsors


Currently there are "10 comments" on this Article:

  1. Re: Spam

    Don’t open emails or click Unsubscribe links if you know it is spam. Most of the time you will only end up with more spam because they will be able to target the unsubscribe list since they know you are at least reading their emails. The best thing to do is to just create a filter rule from that address so that you won’t get more spam from them.

    Plus, you never know where those unsubscribe links will actually take you.

  2. OK, so here’s a question that inquiring minds would like to know. With all this recent news and talk about Ransom Ware, etc. at hospitals, I can’t help but think about my own healthcare and recent activity with doctors and hospitals. Is there anything I could/should do as a patient to download my own medical records from a provider and have them ready in case such an incident happens to my providers?

  3. The Epic April 1st site is up. They even mention HIStalk, excerpt:

    WATERTOWN, Mass., April 1 – In a recent interview with health information technology blog HIStalk, CEO Jonathan Bush of the electronic health record vendor athenahealth revealed that he uses – and admires – the MyChart patient portal application developed by one of his company’s competitors, Epic.

  4. I know it’s late (9pm central time) but check the Epic site again. The April Foolishness includes:

    Clinton Campaign Slogan Error: ‘I’m with EHR’ Auto-Corrected to ‘I’m with HER’ “I’m With EHR” Was To Express
    Support for Health IT Sector

    athenahealth CEO Reveals Enthusiastic Use of Epic’s MyChart
    Jonathan Bush Inadvertently Uses, Praises Patient Portal

    and my personal favorite:

    Epic Rebrands Reporting Suite
    Cogito Is Persona Non Grata; Renamed “Je Pense Donc Je Suis,” or “Je Pense” for short.

  5. #cds

    It warns of the obvious, misses the absurd, and is consistently inconsistent.
    Re: epic, cerner, siemens now cerner, allscripts, and others.

    This cds circa 2016 is not to be trusted or relied on.

  6. From the full of shit department, “having employees spread throughout the US, including some who work from home, hasn’t been successful.”

    I think what he’s trying to say is that selling nothing in 2015 hasn’t been successful.

    Having employees spread throughout the US seems to be a competitive advantage to just about EVERY OTHER HIT vendor, service provider, care provider, and that little thing called, “telehealth.”

  7. Good point, Anonymous. I’ll definitely have to start (or stop) doing that – I have a bad habit of opening spam emails just to delete them because it’s easier than clicking the checkbox beside the email. I had no idea they could actually see that I’ve opened their email!

  8. I was able to be 100% spam-free for all my employer email accounts for the last 10 years. Just never give it out to anyone, but work related. Works well. Then I put my email address into WebEx, when logging into one (probably with a Vendor), and within a week the spam started coming. So now I put in a fake email address, but horse is already out of the barn and my spam filter is chugging all day long. Not sure if this is your problem, but I believe it’s what caused mine.

  9. I have always declined to supply an e-mail address or used a fake one, in contexts that are transactional and do not require contact. Even if I trust the organization or person, I cannot trust that they won’t be hacked and release my e-mail and more.

    The only ones who get a real e-mail address are trusted vendors with whom I have a long-term relationship with.

    I’ve even severed relationships or altered my usage patterns with several media sites. Most don’t permit anonymous or pseudo-anonymous posting anymore.

Subscribe to Updates



Text Ads

Report News and Rumors

No title

Anonymous online form
Rumor line: 801.HIT.NEWS



Vince Ciotti’s HIS-tory of Healthcare IT

Founding Sponsors


Platinum Sponsors


















































Gold Sponsors
















Reader Comments

  • Eddie T. Head: Coffee Talk: ZDogg MD is neither a real dog, nor a real MD. Discuss amongst yourselves......
  • Eddie T. Head: Anyone entering and exiting China would have the appropriate stamps in their passport. The travel restrictions wouldn't ...
  • JT: HIMSS is allowing registrants from Level 3 alert countries (China and South Korea) to cancel. NICE OF THEM! Orlando I...
  • ZDogg and SnoopDog: Both seem to be jerk this year. Why doesn't he stay in the business and create a revolution with something actually b...
  • Brendan: From Takeoff U. Hoser: “Re: UCSF Health. Has sent a letter to HHS supporting the proposed interoperability rule. The s...
  • Grant: "Because in 14 years of attending, I never once saw actual research, just a bunch of cherry-picked stats provided by a ...
  • Dr. Z: If you want to hear a physician's response to the CBS Epic Story, here it is: https://www.youtube.com/watch?v=qoQs162Yw...
  • Kermit: Wow, that's some first class writing, Mr. H. Thanks for an entertaining morning read. The tips are pretty good too....
  • Woodstock Generation: Re: Give me some advice Absolutely this is a conflict of interest! Shame on the state health system hiring Vendor A...
  • HIT Girl: Holding HIMSS during what is normal flu season seems like a bad idea generally. Last year all but I think three of the p...

Sponsor Quick Links