Home » News » Currently Reading:

Monday Morning Update 1/22/18

January 21, 2018 News 6 Comments

Top News


From the Allscripts ransomware update Sunday morning:

  • The ransomware attack involved SamSam malware, but not the same strain that took down the systems of Hancock Health.
  • The vulnerability that was exploited wasn’t within the Allscripts application, so self-hosted customers are not at risk.
  • The many services that were taken offline strictly as a precaution have been restored.
  • Professional EHR and Allscripts PM are being brought back online in a rolling basis, but clients should plan for their systems to be down Monday. Allscripts is trying to put together a view-only solution.
  • Clients that have been brought back online are running normally, not on a temporary instance of their system.
  • The malware does not propagate as a worm or via VPN, so client computers will not be infected.
  • The company will let customers know what if any HIPAA breach reporting is required.

Allscripts hasn’t said how the malware was introduced, but SamSam’s sole method of entry seems to be unpatched installations of JBoss software, for which Red Hat released SamSam-protecting patches nearly two years ago.

I was mildly amused that to listen in on the Web-based Allscripts ransomware update Sunday morning, I had to install the notoriously buggy and unsecure Flash browser plug-in, which took forever to load, suggested adding other crap software, and required a browser restart. The Allscripts folks on the call noted that several participants couldn’t hear the Flash-powered audio and suggested trying Chrome or Firefox instead of IE/Edge. I was appreciating the potential irony of an anxious doctor dreading an EHR-less Monday morning having his or her home PC infected with Flash-enabled malware while listening to a Flash-required malware update.

Reader Comments

From Tired of the Greed: “Re: Optum Ventures. Bought several companies in 2017, including Advisory Board, because UnitedHealth Group was making so much money they wanted to put capital in the marketplace. Tax reform gave them a huge windfall that they will not be sharing with employees. Raises remain in the usual 1 to 1.5 percent range with zero bonuses for most of my department. Yet upper and senior management (all male in my division) will get nice bonuses and who knows what kind of raises. This is an old boys’ network lining its pockets and those of its shareholders on the backs of patients and physicians with cooked-up ways to deny paying for legitimate medical care.” My reactions are as follows:

  • Salary and benefits exist at the intersection of supply and demand. Lack of a mass exodus means employees don’t see better options and thus implicitly accept their employment conditions. I’m sympathetic because a truly fluid employment market means being willing to relocate, travel, or take a less-satisfying job full of uncertainty and family disruption, but it’s a free market both ways.
  • You can easily test your worth to the company by threatening to leave unless you get a promotion or raise, but expect the company to call your bluff. They have a ton of employees, but you have only one job.
  • Don’t expect a company to be “fair.” Lofty vision statements aside, companies (including non-profit hospitals) exist solely to take in more money than they spend since failure to do so means shutting down. Your only hope is that the person you report to is fair.
  • Don’t conflate gender equity with gender-neutral executive entitlement. While it’s true that executive management is dominated by males, it’s probably also true that the suits aren’t secretly doling out perks to their male underlings.
  • Executives are also sometimes clueless about working in a non-executive job. I’ve had to soothe many ruffled feathers when a hospital C-level executive forgot who he (being male in this example) went off script in a department meeting and joked about his bonus being at risk if employees failed to deliver and how he liked the view from his expansive office or the convenience of his reserved parking spot hundreds of yards closer than where we peons jacked up our adrenaline levels first thing every work day jockeying for any available spot. He wasn’t evil, just cluelessly entitled and smug about his executive ascent, which he attributed to his brilliance and work ethic (both questionable given even brief observation). Executives are “Animal House’s” Douglas C. Neidermeyer, while the non-privileged are banished to the couch with Jugdish, Sidney, and Clayton.
  • Companies (and people) do what someone pays them to do. If they’re making money, they are filling a market need, no matter how socially conscionable their actions are. Blame who’s paying them.
  • As cold as it sounds, if you want to control your own future, you have to work for yourself instead of someone else.

From Party Shoes: “Re: HIStalkapalooza. I read HIStalk religiously every day and haven’t seen the details.” It’s amazing how many people who claim to pore over my every word somehow missed the several times I’ve mentioned that I’m not doing the event this year. TL;DR: no HIStalkapalooza this year.

From Chuck Roast: “Re: HIStalk. I read your email newsletter every day. Good job!” I stopped putting teaser bullets in the email blast for exactly this reason – people were confused into thinking it was a self-contained email newsletter rather than a single link to the real online thing. Other folks haven’t figured out that the daily headlines are in addition to the usual M-W-F full posts and complain about overlap. My advice has never changed – if you don’t check HIStalk each weekday, you are almost certainly missing something I thought was important. Just click the home page link and read down the page until you hit something you’ve already seen. The email link goes directly to that particular article, so you won’t see the other stuff there from that link.

From Bitter Pill: “Re: Amazon and Google in healthcare. How could they possibly fail?” In about a million ways, foremost being the error in seeing healthcare as, like every other industry, being driven by consumers who simply require new technology to further empower them with the threat of taking their business elsewhere. Evidence: if patients were empowered consumers, hospitals wouldn’t offer inconvenient parking, 9-5 weekday hours for non-inpatient services, halls full of roaming providers who aren’t in the patient’s insurance network, next-available appointments running weeks into the future, and inflated but incomprehensible bills. Unlike every other market, healthcare is poorly run and consumer-hostile, but full of entrenched players who can easily steamroll any outsider’s efforts to make it better at their expense.

 HIStalk Announcements and Requests


Of the 81 percent of poll respondents who don’t trust KLAS’s product rankings, half think the company is biased or caters to paying vendors.

New poll to your right or here: is Epic an impediment to innovation as Fairview’s CEO says?


I received good responses to my post on “What I Wish I’d Known Before … Replacing My Hospital’s Time and Attendance System.” Next up:  “What I Wish I’d Known Before … Implementing a Vendor’s Cloud-Based Application.” I made a list of fun future topics, but it will evaporate if few folks participate.


January 24 (Wednesday) 1:00 ET: “Location, Location, Location: How to Deploy RTLS Asset Management for Capital Savings.” Sponsor: Versus Technology. Presenter: Doug Duvall, solution architect, Versus Technology. Misplaced or sub-optimally deployed medical equipment delays patient care and hampers safety-mandated preventive maintenance. It also forces hospitals to buy more equipment despite an average utilization that may be as low as 30 percent, misdirecting precious capital dollars that could be better spent on more strategic projects. A real-time locating system (RTLS) cannot only track asset location, but also help ensure that equipment is properly distributed to the right place at the right time. This webinar will provide insight into the evaluation, selection, and benefits of an RTLS-powered asset management solution.

February 13 (Tuesday) 1:00 ET. “Beyond Sliding Scale: Closing the Gap Between Current and Optimal Glycemic Management Practices.” Sponsor: Monarch Medical Technologies. Presenter: Laurel Fuqua, BSN, MSN, EVP/chief clinical officer, Monarch Medical Technologies. The glycemic management practices of many hospitals and physician staff differ from what is overwhelmingly recommended by experts and relevant specialty societies. As a result, they are missing an opportunity to improve the quality, safety, and cost of care for their patients with diabetes and hyperglycemia, which commonly represent more than 25 percent of their inpatient population. Hospitals that transition from sliding-scale insulin regimens to consistent use of basal / bolus / correction protocols are seeing reductions in hyperglycemia, hypoglycemia, and costs. Making this shift more effective and efficient is the use of computerized insulin-dosing algorithms that can support dedicated staff using a systematic approach.

February 14 (Wednesday) 2:00 ET. “Time is Money: Aurora Health’s Journey of Implementing and Advancing Cost Accounting.” Sponsored by Strata Decision Technology. Aurora Health Care’s implementation of Strata’s Decision Support module involved not only building an improved cost accounting model, but improving the process to engage a cross-functional team in cost development. It now has accurate, consistent cost data to support decision-making. Aurora’s next phase will be to use actual procedure and visit times to allocate costs. This presentation will provide a detailed view into both the implementation and future direction of the Strata Decision Support program within Aurora.

Previous webinars are on our YouTube channel. Contact Lorre for information.


Three-hospital Astria Health (WA) will implement Cerner under the company’s CommunityWorks hosting program.



Amazon hires Martin Levine, MD — a geriatrician and Seattle-area medical director of Medicare primary care practice Iora Health – for an unstated role.


Maybe this isn’t new, but I hadn’t noticed. Signing up for any HIMSS18 pre-conference symposium includes the Pre-Conference Plus benefit. You pay for a particular session, attend its opening keynote, but then are free to move around to other symposia during breaks (it would  be interesting to see which sessions send attendees fleeing for the doors). They all cost $350, so there’s no gaming the system by signing up for the cheapest one and then switching. I also noticed that some conference sessions now list “conference supporters” that HIMSS has convinced to spend even more money, removing yet another safe space for non-vendors trying to evade commercial pitches (you knew that was coming when HIMSS started selling escalator advertising). My brilliant ideas – pay the food court vendors to attach flyers to their $13 chicken Caesars or hire one of those Las Vegas stripper card flippers to further clog the seedy sidewalks. 


Open source EHR vendor OpenMRS – whose product is used in developing countries – receives a $1 million donation from cryptocurrency philanthropy organization Pineapple Fund (its tagline: “because once you have enough money, money doesn’t matter.”) OpenMRS learned that the person who started that organization had previously  contributed OpenMRS software patches. OpenMRS is a non-profit collaborative led by Regenstrief Institute and Boston-based Partners in Health.

Sponsor Updates

  • IBM names Salesforce its preferred customer engagement platform for sales and service.
  • Sunquest Information Systems will exhibit at the Precision Medicine World Conference January 22-24 in Mountain View, CA.
  • Huron will exhibit at the Association of Cancer Executives Annual Meeting January 28 in Portland.
  • Conduent will exhibit at the Middle Tennessee Antimicrobial Stewardship Symposium January 26 in Nashville.

Blog Posts


Mr. H, Lorre, Jenn, Dr. Jayne.
Get HIStalk updates. Send news or rumors.
Contact us.


HIStalk Featured Sponsors


Currently there are "6 comments" on this Article:

  1. I tend to agree on the UNH/Optum Cartel as I call it. I have been telling folks for years to pay attention to what goes on in the subsidiaries, its where all the action takes place. Just do some searches on the internet, years of news stories and acquisitions. Did you know that Optum quietly sold their Palliative and Hospice subsidiary to Compassus, a big hospice company owned by two private equity firms. This appears to have occurred just 6 months after they paid their $18 million dollar fine to the feds. There’s a new subsidiary created, “Optum Hospice services” to where they will manage all the hospice services of Compassus facilities as well and this all took place in December of 2016 according to what I found.

    I’m sure the executive of Compassus didn’t mean to have the big powerpoint presentation on their revenue goals available on the web, but it was there and I made some screenshots when I wrote about this. Looks like shareholders were not made aware of this change with subsidiaries either. Companies can get away with not announcing to the SEC if they call a reorganization or acquisition non substantial, is this non substantial? I could find it nowhere in filings or any news. What is recently appearing are a couple new announcements of Compassus Hospice facilities that carry the headline “formerly Optum Palliative and Hospice care” and if you search a little more you can find the licenses being transferred to Compassus from Optum.

    I might guess too that OptumRX will move right in as well and provide the hospice drugs to make a little money over there as well. Screenshots (pictures) are worth a thousand words. Since when is revenue growth a big goal of providing hospice and nursing home services? Remember too about 6 months ago that Carlyle dumped HCR Manor on the streets who’s now looking at bankruptcy soon, after they bled all the assets there, they didn’t even try to sell it and this is the largest nursing home chain in the US. Also, Compassus has not been shy about their other hospice acquisitions either before Optum, but there was nothing and perhaps they did a swap to give Compassus the hospice facilities and licenses for exchange for the big management contract, in which they talk about a tighter relationship with Optum and big corporate recognition and of course, access to more algorithms:)


    Like I keep saying, pay attention to what happens in the subsidiaries of these big conglomerates as this where all the action takes place and there’s a ton of shell companies involved, like Rocket, LLC, the Optum subsidiary that is the holding company for the subsidiary of that does the billing for Quest labs now.

  2. Comments like “Salary and benefits exist at the intersection of supply and demand” reflect a naive belief in perfect markets. Asymmetries in power and information make it more accurate to say “Salary and benefits are affected by supply, demand, and other factors.”

    • I agree…other factors are important, and information about your firm, the markets relative to your position, etc, are those factors. If you do your ‘homework’ and invest your some time keeping up with the ‘other factors’ you can leverage that info. If you do not, then the employer has all the info and advantage. It’s a mean cruel, competitive world out there. You can’t get comfortable and coast. If you do you’ll wake up one morning and find yourself out the door when least expected.

  3. “a truly fluid employment market means being willing to relocate, travel, or take a less-satisfying job full of uncertainty and family disruption”

    And, wouldn’t it be great if health coverage was job-independent.

  4. “Don’t conflate gender equity with gender-neutral executive entitlement. While it’s true that executive management is dominated by males, it’s probably also true that the suits aren’t secretly doling out perks to their male underlings.”

    Lol OK!

Text Ads


  1. Unfortunately, I can't disagree with anything you wrote. It is important that they get this right for so many reasons,…

  2. Going out on a limb here. Wouldn't Oracle's (apparent) interoperability strategy, have a better chance of success, than the VA's?…

  3. Dr Jayne is noticing one of the more egregious but trivial instance of bad behavior by allegedly non-profit organizations. I…

  4. To expand on this a bit. The Vista data are unique to Vista, there are 16(?) different VISN (grouped systems)…

Founding Sponsors


Platinum Sponsors











































Gold Sponsors