Home » News » Currently Reading:

Monday Morning Update 4/11/16

April 10, 2016 News 6 Comments

Top News


Dell’s security business finds that the going rate for hiring a hacker to penetrate Gmail, Hotmail, or Yahoo email accounts is $129, while breaching a corporate email account runs $500. They will hack into a Facebook or Twitter account for $129, provide a complete US identity (driver’s license, Social Security Card, and utility bill) for $90, or provide a Visa or MasterCard for $7. They’ll even turn over a US bank account with a $1,000 balance for just $40.


The enterprise price list is even more sobering – hackers will launch a denial-of-service attack for as little as $5 or will install a remote access Trojan for $5 to $10. Security sites have noted that hackers are selling Ransomware as a Service for $50 plus a 10 percent commission on the ransom money paid, allowing non-technical criminals to easily and immediately launch their own extortion business.

Reader Comments

From Twidiots: “Re: [publication name omitted]. Stole your story about the DoD’s EHR project name without giving credit. I’m going to email them.” It’s common for sites to miss subtle but significant news items until they read about them on HIStalk, but it’s obvious this time because I ran the Tuesday evening announcement in my Thursday night news and suddenly everybody’s running it first thing Friday, pretending they found the days-old announcement themselves. That’s OK, but it’s still lazy to reword the DoD’s announcement without linking to it and to cite the published quotes as “US Department of Defense officials said” like some general called them up with a scoop. I guess they get lots of readers, just like those clueless “9 things you need to know” sites that rarely contain anything you might actually need to know. I think HIStalk readers are smarter than that, so there’s no need to email the publication.


From Vince Ciotti: “Re: Leapfrog’s tests that showed CPOE systems missed 39 percent of harmful drug orders and 13 percent of potentially fatal ones. That means they flag 61 percent and 87 percent, respectively – great progress since paper charts caught none of them!” Leapfrog took a measured approach in describing its findings as it does every year during Medication Safety Awareness Week, noting that CPOE warnings are doing a pretty good job. It’s nice that we’ve moved from questioning whether such warnings work at all to urging that it work 100 percent of the time.

From boyfrommer: “Re: Decision Resources Group. CEO Jim Lang quit and will be replaced with Jon Sandler of IndUS Group, the private equity arm of the group that purchased (and overpaid for) DRG in 2012. Jon has no operating experience and neither does his COO, who also comes from IndUS.” I’ve never heard of the company, which appears to provide medically related research reports.

From The PACS Designer: “Re: ICD-10-PCS. It’s an exciting time for healthcare as the ICD-10-PCS Procedure Codes will be updated with 3,651 additions by CMS to further enhance it starting October 1. Here’s a sample: 0273356 Dilate 4+ Cor Art, Bifurc, w 2 Drug-elut, Perc (abbreviated version) or Dilation of Coronary Artery, Four or More Arteries, Bifurcation, with Two Drug-eluting Intraluminal Devices, Percutaneous Approach.”

HIStalk Announcements and Requests


Poll respondents would fell safest having their medical information in the hands of Apple and an EHR vendor, placing the least trust with Microsoft and an HIE. My suspicion is that the spate of health system breaches of many kinds has cause people in general (and healthcare IT people in particular) to lose faith that their information will remain confidential. New poll to your right or here: have you had a virtual visit in the past 12 months?

image image

Ms. Chestnut from Indiana says her fourth graders are becoming better world citizens by studying the library of nearly 100 books we provided in funding her DonorsChoose grant request.

image image

Also checking in is Mrs. P from Virginia, who says she has “been laminating like a mad woman and our new printer is SO FAST” in describing some of the supplies that we provided, from which her elementary school students are creating their own math and reading games that they play independently.

Listening: The Raconteurs, the possibly defunct Detroit-Nashville supergroup foursome that includes Jack White, formerly of The White Stripes. It’s catchy, has big horns, and pushes into acid rock/Led Zeppelin in its experimentation. That sent me back (as happens frequently) to one the greatest (and most intelligent) live rock and roll bands in the world, Sweden’s Howlin’ Pelle Almqvist and The Hives.

Last Week’s Most Interesting News

  • The Department of Defense gives its Cerner project the name MHS Genesis.
  • MedStar Health (MD) disputes reports that its ransomware attack was made possible by unpatched server software.
  • HHS asks for suggestions for interoperability measures that it should incorporate into MACRA objectives.
  • Massachusetts General Hospital (MA) and two hospitals of NYC Health + Hospitals go live on Epic.
  • At least two more hospitals are taken offline by ransomware attacks, this time in California and Indiana.


One of the best (and most timely) webinars we’ve done was last week’s “Ransomware in Healthcare: Tactics, Techniques, and Response” by Sensato CEO John Gomez. We had a big, engaged crowd that asked John so many questions that we didn’t have time to address them all in our scheduled one hour. It’s worth watching — we asked John to put this together purely as a public service, so there’s zero pitch or commercial influence involved.

None scheduled soon. Contact Lorre for webinar services. Past webinars are on our HIStalk webinars YouTube channel.

Acquisitions, Funding, Business, and Stock


Medical equipment and workflow vendor Midmark Corporation will acquire RTLS vendor Versus Technology to enhance its clinical workflow offerings.

Asset, facilities, and real estate management software vendor Accruent acquires Mainspring Healthcare Solutions, which offers equipment maintenance and asset management systems.

Oncology EHR vendor Flatiron Health announces strategic partnerships with its drug company customers Celgene and Amgen, both of which participated in the company’s $175 million funding round in January 2016.



St. Peter’s Health Partners (NY) promotes interim VP/CIO Chuck Fennell to the permanent position.

Announcements and Implementations

IBM and drug company Pfizer will collaborate to remotely monitoring sensor data from people with Parkinson’s disease to look for new diagnostic and treatment insights.

Privacy and Security

Einstein Healthcare Network (PA) notifies 3,000 people who filled out a web form requesting information that their entries were exposed when the form’s underlying database was inadvertently opened up to the Internet.

Target says in a securities filing that it has spent $300 million cleaning up the mess from its 2013 data breach, of which it expects only $90 million to be covered by cyberinsurance.

Adobe urges computer users to upgrade to the latest level of Flash released last week after finding flaws that allow delivery of ransomware. Steve Jobs was right when he said in 2010, “Symantec recently highlighted Flash for having one of the worst security records in 2009. We also know first hand that Flash is the number one reason Macs crash. We have been working with Adobe to fix these problems, but they have persisted for several years now. We don’t want to reduce the reliability and security of our iPhones, iPods, and iPads by adding Flash.”


Want to make it obvious you don’t really know healthcare IT? Refer to inpatient drug “orders” as “prescriptions.”


Wired profiles artificial intelligence technology vendor Sentient Technologies, which has raised $143 million in funding since 2008 to create financial applications. The company is developing an “AI nurse” that can predict patient condition changes. The co-founder describes how such a system can teach humans:

One of the good things about evolutionary AI is that — if you know how to read it — you can actually see the rule sets. In the case of traders or of AI nurses (on which we are working, too), they are fairly complex beings. A trader may have up to 128 rules, each with up to 64 conditions. Same thing for an AI nurse. So, they are pretty complex systems and the interplay among these rules is not always linear. But if you spend some time on it, you can still understand what this thing is doing, because it’s declaratory — it says what it is doing, in other words. So we can certainly take this and learn from this what works and what doesn’t work when it comes to solving a certain problem. AI can teach people to make better decisions.


Authors from Kaiser Permanente describe what the organization has learned from having many of its patients use its patient portal over several years.

  • Seventy percent of KP’s eligible adult patients, 5.2 million people, have registered to use its Epic MyChart-powered portal called My Health Manager.
  • KP providers and patients exchanged 23 million secure emails in 2015, representing one-third of all PCP encounters in the first half of 2015.
  • Use of secure email was associated with a 2 to 6.5 percent improvement in HEDIS measures and a 90 percent approval rate by users with chronic conditions.
  • My Health Manager users are 2.6 times more likely to remain KP members.
  • KP is studying the disparities introduced by e-health technologies after its studies found that a disproportionate number of users are white, older, and better educated.

Weird News Andy says he’s a sucker for stories like this. Wichita, KS police arrest a 36-year-old man for child abuse after the two-year-old son of his 21-year-old girlfriend is brought to the ED not breathing due to a two-inch dead octopus blocking his throat. The boyfriend claims the child swallowed the octopus while the mother was at work. Police say it wasn’t a pet – it was intended for sushi. The child is OK.

Sponsor Updates

  • DrFirstwill exhibitat the 2016 International MUSE Conference May 31 – June 3 in Orlando, FL.
  • T-System will exhibit at the UCAOA National Urgent Care Convention April 17-20 in Orlando.
  • TierPoint will host a seminar on Emerging Threats & Strategies for Defense April 13 in Liberty Lake, WA.
  • TransUnion CMO Julie Springer is inducted into Direct Marketing’s 2016 Marketing Hall of Femme.
  • Valence Health will exhibit at the First Illinois HFMA Spring Symposium April 11-12 in Chicago.
  • Visage Imaging will exhibit at the 2016 Spring Radiology & Imaging Conference April 13-15 in Atlanta.
  • VitalWare will exhibit at the 2016 Vizient Supplier Summit April 11-13 in Las Vegas.
  • Huron Consulting Group will exhibit at the 2016 AAPL Annual Meeting and Spring Institute April 11-17 in Washington, DC. 
  • West Corp. will exhibit at the World Health Care Congress April 10-13 in Washington, DC.

Blog Posts


Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates.
Send news or rumors.
Contact us.


View/Print Text Only View/Print Text Only

HIStalk Featured Sponsors


Currently there are "6 comments" on this Article:

  1. Re: hacker pricing: That report seems rather dubious considering the source and “facts” they are reporting on. Even if this wasn’t a case of Dell trying to scare up business, its not like someone selling something illegal for a cheap price can be trusted to deliver the goods. The fact it is so cheap makes me tend to believe it is more of a scam. It’s actually a better scam than most, since it’s less likely anyone will contact the police.

  2. For years and folks have not taken this serious enough, outside of the World Privacy Forum is the fact that we need a law to index and license all data sellers, it’s like who are they? As long as there’s money to be made, it won’t stop. I have even had a couple of the anonymous guys chat with me on twitter about the real talent on the dark side. They talk about it as they too have a legit side in life somewhere and they are in there with the rest of us getting hacked, but they can play both sides in a sense:)

    We license people in less risky occupations like hairdressers so we know who they are and have credentials, and data is much riskier in my opinion that an haircut as it always grows back too:) Of course the vendor don’t want it as its much easier to keep fooling people than to convince them they have been fooled..courtesy of Mark Twain on that one. The legal data selling business is over $200 Billion a year so just think of what the dark side gets and we don’t even know the half of it with the folks repackaging data.


    I don’t write anymore and was probably at best a mediocre developer but anyone who has done such knows exactly how the mechanics of this works, whether they choose to say it or not as it’s the same as writing legal stuff and you have to try to outthink hackers as well. So one day we’ll all just end up over the self service data exchange web site for sale, who knows where. Krebs recently discussed the repackaging danger as well with the Verizon enterprise hack as well. The danger of all of this is due to the fact that stolen data (lipstick on a pig per se) can be dressed up, repackaged and the origins never known. That’s why I came up with licensing a few years ago as we need an index of who they are, what they sell and start buying from “licensed” sellers and not just any old cat on the street, which is what it done today. Of course, it’s not a full catch all, nothing is but at least sellers are identified and licensed on record and you could trace where the data came from. Right now, when you have flawed data circling out there about you and you try to fix it, you can’t as you don’t know all the origins. If you find one you can fix it there but then more pop up later as you were repackaged and sold over and over.


    We still have not heard what happened at MedStar with any credibility either, and there’s 3 theories floating around out there stating an email phish to hackers breaking into the server app that sits on top of the EHR. The server situation if valid is one that everyone would want to know about as there’s persistent connections there to HIEs and other places, and that’s where a non persistent sharing technology could be of value as well. Of course the next question that arises is where’s the cloud hosted, local or off premise…and more questions from there. On the other side of the coin too how much time will hospitals have to run all these apps on the server? Sure some will have use while others will be a “nice to have” but no ROI situation.

    I’m back off to the FTC and Congress again on indexing and licensing data sellers, as minimum need to have an index to let us know what is legit and what is questionable. Myself I gots stuck on one of those IMS lists that was sold all over and it took me a while to run off the clinical trials folks who were bombing me with wanting me to enroll, when in fact I have never taken blood thinners in my life, but I was on a call list sold with call centers bombing me for months…so again..index and license? Would you buy stock in a company from a broker who didn’t produce a license?

    I use cash today where ever I can to try and keep what’s collected about me to a minimum too as insurers are buying up our credit card transactions like they are going out of style as well to add to their swamps of risk assessments which are just that, risk and not a diagnosis until a doctor renders that:)

  3. GENESYS is the name University of Illinois called their Cerner system back in the day. Don’t recall whether it was all caps though.

  4. I know of at least 2 New Jersey hospitals who have also been hit with ransomeware.

    They are not paying and are not sharing their experiences with the press.

Subscribe to Updates



Text Ads

Report News and Rumors

No title

Anonymous online form
Rumor line: 801.HIT.NEWS



Founding Sponsors


Platinum Sponsors



























































Gold Sponsors
















Reader Comments

  • Vaporware?: Secretary Shulkin: "the American healthcare system hasn’t yet figured out interoperability, but the VA can lead the wa...
  • Justa CIO: The reported go live date for McLaren Oakland is wrong. There are no dates set for activations for any locations. Post...
  • Brian Too: I admit I am partial to the quoted ICD-10-CM of "S07.9XXA Crushing injury of head, part unspecified, initial encounter....
  • Cosmos: As others in the comments section have pointed out before, GE's EMR for athletes is ironically a health record for the h...
  • HIT MD: I appreciate the thoughtful postings on this topic, particularly those by Ross Martin and LMNOP. I've never participate...
  • My Two Cents: Re: I wish we could all just get along and put the patient at the center of what we do. Yep, I get more and more disc...
  • bbc: Did you take the Hippocratic Oath in Med school? does the slightest thought of helping your patients concern you at all...
  • My Two Cents: I have a few concerns about the article Mr. Crane wrote on Drug Pricing Transparency and respectfully disagree and quest...
  • Brian Too: Aha! That makes more sense now. Thank you for clarifying....
  • So.....: Why not embed this functionality in to the patient portal and let the patient take on the leg work and the extra clicks?...

Sponsor Quick Links