This could be a significant step forward in computation. Years ago I read an article on what was required by…
News 5/3/24
Top News
UnitedHealth Group CEO Sir Andrew Witty tells the Senate Finance Committee – which was questioning him about the Change Healthcare cyberattack – that the half-trillion dollar market cap UHG isn’t all that big. He commented that the company doesn’t own hospitals or drug companies and employs just 10,000 physicians, although he acknowledged that another 80,000 doctors choose to work with the company.
He blamed the ransomware attack on the outdated cybersecurity tools of Change Healthcare, which he says UHG was in the process of upgrading following its October 2022 acquisition of the company. He admitted that two-factor authentication was not implemented.
Witty also admits that he personally made the difficult decision to pay the $22 million ransom that the hackers demanded in hopes of keeping patient information private.
Committee Chair Ron Wyden (D-OR) went after Witty hard over lax cybersecurity and monopolistic practices. When Witty touted the company’s offer of credit monitoring to those who were affected by the breach, Wyden chastised him that “credit monitoring is the thoughts and prayers of data breaches.”
Reader Comments
From MizzuPharmD: “Re: Liberty Hospital. Will be acquired by University of Kansas Health System. May drive antitrust scrutiny.” The two organizations have consummated their mating as was originally announced in November. Lawmakers considered blocking the deal in expressing territorial indignation that a Kansas health system would take over a Missouri hospital. The acquirer runs Epic, while the acquiree runs (or at least did at some point) Altera Digital Health / Allscripts Sunrise.
From Oh the Irony: “Re: Epic. Interesting comment considering the company’s usual take on non-competes, ha!” Judy Faulkner says in a “Hey Judy” post that early-days Epic decided not to challenge a competitor’s theft of Epic’s internal information, concluding that, “Even if someone copies everything in our filing cabinets, it won’t make much of a difference. The corporate culture can’t be easily copied.”
From Dr. Bass: “Re: Walmart Health Centers. Wonder what they will do with all the patient records they need to maintain for years?” They will need to export them from Epic into some sort of retrievable archive, I assume, which is probably easy but not common since few Epic customers have replaced the system or closed their doors. Negotiating a contract cancellation with Epic might be harder, especially since they just signed it in 2021.
From Relayer: “Re: Change Healthcare breach. The portal and underlying systems that caused the problem – and that don’t have multifactor authentication – are the original RelayHealth products that McKesson acquired in 2006. McKesson then ‘merged’ the business with Change Healthcare even though McKesson kept a 70% stake and made billions when Change went public in mid-2019. Acquired companies lose intellectual capital and don’t focus on the stepchild products, so it’s not surprising that these products become vulnerable after being sold off and orphaned.” The breach, as well as the government’s unhappy scrutiny over Change’s lack of two-factor authentication, has raised the user access bar for all software vendors, and likely health systems as well. It’s a squirmy position to be in when members of Congress angrily ask you to defend why you didn’t implement two-factor authentication when other organizations have.
HIStalk Announcements and Requests
Attention to the several HIStalk sponsors who will participate in the MUSE Inspire conference in Denver May 28-31: I’ll include you in my conference guide if you provide your information.
The latest chapter in my quest to achieve grammar curmudgeonliness involves leaving in the word “that” to make sentences easier to read. I’ll show, not tell: the second sentenced is easier to read than the first:
- The doctor said I need to schedule an appointment.
- The doctor said that I need to schedule an appointment.
Listening (and watching): 11-year-old Ellen Alaverdyan, aka EllenPlaysBass, whose little fingers have mastered the sheer complexity and energetic fret-hopping of Chris Wolstenholme’s bass line in Muse’s “Hysteria.” Her videos, which usually include her instructor-dad Hovak, are a treasure. Watch her smile break out toward the end when she realizes that she has nailed the piece. She did a fine, grinning version of Rush’s “Tom Sawyer” when just nine years old. Keep in mind that she not only has to play the songs, she must learn every single note and nuance before picking up the bass.
Webinars
None scheduled soon. Previous webinars are on our YouTube channel. Contact Lorre to present or promote your own.
Acquisitions, Funding, Business, and Stock
CVS Health reports Q1 results: revenue up 4%, adjusted EPS $1.31 versus $2.20, sending shares down 17% on the news as the company also lowered full-year guidance. Shares have lost 24% in the past 12 months. From the earnings call:
- Its Medicare Advantage business saw a 60% drop in operating income due to higher utilization and payments that were reduced because of lower star ratings.
- The company set aside $500 million for claims that wouldn’t be paid as planned due to the Change Healthcare cyberattack.
- It is performing a cost review, looking at outlier claims, membership selection bias, and pharmacy benefit spend.
- Recent changes in Medicare Part D will disrupt benefits, the company says, also noting that its rate notice was not sufficient and that it will need to consider plan-level benefits changes and exiting some counties.
- The Inflation Reduction Act enriched the value of Part D to patients and plans have greater liability in the catastrophic layer. Some companies may exit the business, and higher prices may push some beneficiaries into Medicare Advantage plans.
- Drugstore sales were up 7% and Oak Street added 33 centers in the past 12 months and expects to add up to 60 more. CVS Health hopes to see a boost from its Cordavis biosimilars business.
- The company is using AI to identify members who could benefit from care management.
- Meanwhile, CVS Health has just acquired Hella Health, a direct broker that sells Medicare Advantage and Medicare supplemental plans that are offered by Aetna CVS Health and its competitors.
Transcarent raises $126 million in a Series D funding round that values the company at $2.2 billion.
Telemedicine provider Avel ECare acquires Horizon Virtual, which offers virtual hospitalists.
Wearable cardiac monitoring vendor IRhythm Technologies announces Q1 results: revenue up 18%, adjusted EPS –$1.23 versus –$1.10. IRTC shares have lost 17% in the past 12 months, valuing the company at $3.5 billion.
Financial Times reports that drug maker Pfizer will follow the lead of competitor Lilly in rolling out an online platform where patients can order the company’s drugs directly, connecting US customers with independent telehealth consultants who will send prescriptions to a drug dispensing partner. According to a global health professor, drug companies have realized that “The best way to convert customers is through patient portals where they can act as a consumer in medicine. They can go to the website, they can get the information they need, they can be linked to a prescriber and then a pharmacy, and do all those things independent of a primary care provider.”
Following its acquisition of Cerner in June 2022, Oracle Health has reduced its employee count in Kansas City from a peak of 14,000 to 6,400.
Bloomberg declares that “Austin’s glow is fading,” with the latest blow being Oracle’s planned headquarters relocation to Nashville after just four years in the Texas city. The article says that companies are rethinking their big plans for Austin, 25% of its commercial real estate is vacant, and residential real estate prices have dropped more than in any other US city. It adds, “That Oracle went to archrival Nashville is particularly painful for Austinites. The two cities compete over which has the more vibrant live music scene and who plays the better host to bachelor and bachelorette parties. There are heated debates over where to find the best custom-made cowboy boots.”
Sales
- Three community health centers that are part of the federally funded Pacific Islands Electronic Health Initiative choose EClinicalWorks.
People
Chris Durham (Medhost) joins HCTec as VP of service desk operations.
Announcements and Implementations
OpenAI CEO Sam Altman describes ChatGPT 4 as “incredibly dumb” as he looks to newer versions that will operate beyond the chat interface into deploying AI-driven agents that are capable of performing tasks with a deep understanding of the user’s specific needs.
Truveta expands its 800-hospital research database to include family history, medication details, complex concepts, and de-identified medical images.
Lucem Health announces Reveal for Lung Cancer, which applies an AI model to EHR data to flag patients who meet USPSTF criteria for lung cancer screening. The company says that a provider organization can expect to identify 60% more patients who have early-stage lung cancer.
Other
Healthcare AI deployers, be careful out there. Catholic Answers defrocks its days-old, AI-powered “Father Justin” after it went rogue in telling users that it was a real priest, took confessions and granted penance, and told one user that it was OK to baptize a baby in Gatorade. The organization says the AI chatbot will be retooled as just plain old layperson Justin, noting, “We didn’t anticipate that someone might seek sacramental absolution from a computer graphic.”
Sponsor Updates
- Healthcare IT Leaders sponsors foster care charity A Door of Hope’s golf tournament.
- Inovalon earns Great Place to Work certification for the second consecutive year.
- Nordic will offer sales, consulting, and implementation of the diagnostic and treatment analytic platform of Clinical Healthcare Analytics.
- EVisit will sponsor and exhibit at the California Hospital Association’s 2024 Emergency Services Forum May 6 in Newport Beach.
- Australian vendor Consultmed re-platforms its software on InterSystems Iris for Health, including InterSystems TrakCare.
- Net Health names Arman Samani president of its rehab therapy division.
Blog Posts
- Reaching New Heights in Leapfrog CPOE Evaluation Compliance (First Databank)
- Unveiling the Future of Contract Negotiations in Healthcare: Intelligence-Driven Solutions (FinThrive)
- From Insight to Impact: Using Real-World Data to Drive Above Brand Strategy (Inovalon)
- Regulation as a Catalyst for Innovation: Leveraging the Interoperability and Prior Authorization Mandate (InterSystems)
- How virtual nursing can guide patients and nurses into the next era of healthcare (Meditech)
- Choosing the Right QPP Reporting Method for MSSP ACOs in 2025 (MRO)
Black Book releases its 10th annual “State of the Healthcare Cybersecurity Industry” report. A corresponding ranking of top cybersecurity firms based on customer satisfaction ratings includes the following HIStalk sponsors:
- Clearwater – cybersecurity advisors and consultants / compliance and risk management solution.
- Fortified Health Security – cybersecurity awareness training and education.
- CloudWave – outsourcing and security network managed services.
- PerfectServe – secure communications platforms, physician practices.
- Spok – secure communications platforms, hospitals and health systems.
Contacts
Mr. H, Lorre, Jenn, Dr. Jayne.
Get HIStalk updates.
Send news or rumors.
Contact us.
Thanks for the link to EllenPlaysBass. I’ve been following another child prodigy, Nandi Bushell. She is known for her drumming but plays many instruments. She did a drum challenge with Dave Grohl during the pandemic, and eventually played with Foo Fighters live. I’ve been following her for a few years – https://www.youtube.com/@Nandi_Bushell. Enjoy!
I watch her, too. I wonder if their complete immersion in practicing and making videos will cause them to tire of it at some point, being that they’re still just kids even if they are creating a lot of fame for themselves and perhaps their parents.
Both are amazing although can’t believe Mr H didn’t link the Muse Hysteria to the Muse conference!
Re: UHG CEO Sir Andrew Witty’s testimony
“… the half-trillion dollar market cap UHG isn’t all that big…”
Ah have always depended upon the kindness of strangers!
“…UHG was in the process of upgrading [outdated cybersecurity tools]…”
Yes, I’m sure it was in the annual budget request. For the fifth time. It was likely being declined since the requestors could not adequately answer the question, ‘when was the last time UHG was attacked, and THIS specific system would have stopped that attack?’
Be that as it may, 2FA typically does not require much if anything special, and so their lack of 2FA is pretty damning on it’s own.
Feels like there is a whole lot of Shuck ‘n Jive going on here.
The 2FA type security is supposedly also hackable, I’m more worried about the fact the bad guys roamed around in the system 9 days. No monitoring? No Crowdstrike?
I gotta ask: are you the “Fourth Hanson Brother” of hockey-playing fame or MMMBop fame?
Honestly? Everything is hackable. Doesn’t matter what it is.
I fully expect that the supposedly “unhackable” quantum security systems of the future, will be hacked. Don’t believe that? Read the literature. Even the best, most qualitatively and quantitatively perfect quantum encryption, only guarantees that intrusions (or attempted intrusions) will be detected, NOT that they will be impossible. If no one is monitoring the alarm system (which will happen, because people are routinely told that quantum security is “perfect”), then your alerts will go unheeded. And besides, social engineering attacks perform an end-run around all of that anyway.
My take is, even the worst, least secure version of 2FA is better than 1FA. Just make the criminals lives more difficult. Pretty soon they’ll go away to find a softer target.
The Chief Grammar Justice sentences Grammar Curmudgeon to a suspended sentence for using the word “sentenced” as a noun instead of “sentence” in the second sentence about sentences.
That falls under separate Department of Grammar jurisdiction for typos that still pass spell check.