From the Allscripts ransomware update Sunday morning:
- The ransomware attack involved SamSam malware, but not the same strain that took down the systems of Hancock Health.
- The vulnerability that was exploited wasn’t within the Allscripts application, so self-hosted customers are not at risk.
- The many services that were taken offline strictly as a precaution have been restored.
- Professional EHR and Allscripts PM are being brought back online in a rolling basis, but clients should plan for their systems to be down Monday. Allscripts is trying to put together a view-only solution.
- Clients that have been brought back online are running normally, not on a temporary instance of their system.
- The malware does not propagate as a worm or via VPN, so client computers will not be infected.
- The company will let customers know what if any HIPAA breach reporting is required.
Allscripts hasn’t said how the malware was introduced, but SamSam’s sole method of entry seems to be unpatched installations of JBoss software, for which Red Hat released SamSam-protecting patches nearly two years ago.
I was mildly amused that to listen in on the Web-based Allscripts ransomware update Sunday morning, I had to install the notoriously buggy and unsecure Flash browser plug-in, which took forever to load, suggested adding other crap software, and required a browser restart. The Allscripts folks on the call noted that several participants couldn’t hear the Flash-powered audio and suggested trying Chrome or Firefox instead of IE/Edge. I was appreciating the potential irony of an anxious doctor dreading an EHR-less Monday morning having his or her home PC infected with Flash-enabled malware while listening to a Flash-required malware update.
From Tired of the Greed: “Re: Optum Ventures. Bought several companies in 2017, including Advisory Board, because UnitedHealth Group was making so much money they wanted to put capital in the marketplace. Tax reform gave them a huge windfall that they will not be sharing with employees. Raises remain in the usual 1 to 1.5 percent range with zero bonuses for most of my department. Yet upper and senior management (all male in my division) will get nice bonuses and who knows what kind of raises. This is an old boys’ network lining its pockets and those of its shareholders on the backs of patients and physicians with cooked-up ways to deny paying for legitimate medical care.” My reactions are as follows:
- Salary and benefits exist at the intersection of supply and demand. Lack of a mass exodus means employees don’t see better options and thus implicitly accept their employment conditions. I’m sympathetic because a truly fluid employment market means being willing to relocate, travel, or take a less-satisfying job full of uncertainty and family disruption, but it’s a free market both ways.
- You can easily test your worth to the company by threatening to leave unless you get a promotion or raise, but expect the company to call your bluff. They have a ton of employees, but you have only one job.
- Don’t expect a company to be “fair.” Lofty vision statements aside, companies (including non-profit hospitals) exist solely to take in more money than they spend since failure to do so means shutting down. Your only hope is that the person you report to is fair.
- Don’t conflate gender equity with gender-neutral executive entitlement. While it’s true that executive management is dominated by males, it’s probably also true that the suits aren’t secretly doling out perks to their male underlings.
- Executives are also sometimes clueless about working in a non-executive job. I’ve had to soothe many ruffled feathers when a hospital C-level executive forgot who he (being male in this example) went off script in a department meeting and joked about his bonus being at risk if employees failed to deliver and how he liked the view from his expansive office or the convenience of his reserved parking spot hundreds of yards closer than where we peons jacked up our adrenaline levels first thing every work day jockeying for any available spot. He wasn’t evil, just cluelessly entitled and smug about his executive ascent, which he attributed to his brilliance and work ethic (both questionable given even brief observation). Executives are “Animal House’s” Douglas C. Neidermeyer, while the non-privileged are banished to the couch with Jugdish, Sidney, and Clayton.
- Companies (and people) do what someone pays them to do. If they’re making money, they are filling a market need, no matter how socially conscionable their actions are. Blame who’s paying them.
- As cold as it sounds, if you want to control your own future, you have to work for yourself instead of someone else.
From Party Shoes: “Re: HIStalkapalooza. I read HIStalk religiously every day and haven’t seen the details.” It’s amazing how many people who claim to pore over my every word somehow missed the several times I’ve mentioned that I’m not doing the event this year. TL;DR: no HIStalkapalooza this year.
From Chuck Roast: “Re: HIStalk. I read your email newsletter every day. Good job!” I stopped putting teaser bullets in the email blast for exactly this reason – people were confused into thinking it was a self-contained email newsletter rather than a single link to the real online thing. Other folks haven’t figured out that the daily headlines are in addition to the usual M-W-F full posts and complain about overlap. My advice has never changed – if you don’t check HIStalk each weekday, you are almost certainly missing something I thought was important. Just click the home page link and read down the page until you hit something you’ve already seen. The email link goes directly to that particular article, so you won’t see the other stuff there from that link.
From Bitter Pill: “Re: Amazon and Google in healthcare. How could they possibly fail?” In about a million ways, foremost being the error in seeing healthcare as, like every other industry, being driven by consumers who simply require new technology to further empower them with the threat of taking their business elsewhere. Evidence: if patients were empowered consumers, hospitals wouldn’t offer inconvenient parking, 9-5 weekday hours for non-inpatient services, halls full of roaming providers who aren’t in the patient’s insurance network, next-available appointments running weeks into the future, and inflated but incomprehensible bills. Unlike every other market, healthcare is poorly run and consumer-hostile, but full of entrenched players who can easily steamroll any outsider’s efforts to make it better at their expense.
HIStalk Announcements and Requests
Of the 81 percent of poll respondents who don’t trust KLAS’s product rankings, half think the company is biased or caters to paying vendors.
New poll to your right or here: is Epic an impediment to innovation as Fairview’s CEO says?
I received good responses to my post on “What I Wish I’d Known Before … Replacing My Hospital’s Time and Attendance System.” Next up: “What I Wish I’d Known Before … Implementing a Vendor’s Cloud-Based Application.” I made a list of fun future topics, but it will evaporate if few folks participate.
January 24 (Wednesday) 1:00 ET: “Location, Location, Location: How to Deploy RTLS Asset Management for Capital Savings.” Sponsor: Versus Technology. Presenter: Doug Duvall, solution architect, Versus Technology. Misplaced or sub-optimally deployed medical equipment delays patient care and hampers safety-mandated preventive maintenance. It also forces hospitals to buy more equipment despite an average utilization that may be as low as 30 percent, misdirecting precious capital dollars that could be better spent on more strategic projects. A real-time locating system (RTLS) cannot only track asset location, but also help ensure that equipment is properly distributed to the right place at the right time. This webinar will provide insight into the evaluation, selection, and benefits of an RTLS-powered asset management solution.
February 13 (Tuesday) 1:00 ET. “Beyond Sliding Scale: Closing the Gap Between Current and Optimal Glycemic Management Practices.” Sponsor: Monarch Medical Technologies. Presenter: Laurel Fuqua, BSN, MSN, EVP/chief clinical officer, Monarch Medical Technologies. The glycemic management practices of many hospitals and physician staff differ from what is overwhelmingly recommended by experts and relevant specialty societies. As a result, they are missing an opportunity to improve the quality, safety, and cost of care for their patients with diabetes and hyperglycemia, which commonly represent more than 25 percent of their inpatient population. Hospitals that transition from sliding-scale insulin regimens to consistent use of basal / bolus / correction protocols are seeing reductions in hyperglycemia, hypoglycemia, and costs. Making this shift more effective and efficient is the use of computerized insulin-dosing algorithms that can support dedicated staff using a systematic approach.
February 14 (Wednesday) 2:00 ET. “Time is Money: Aurora Health’s Journey of Implementing and Advancing Cost Accounting.” Sponsored by Strata Decision Technology. Aurora Health Care’s implementation of Strata’s Decision Support module involved not only building an improved cost accounting model, but improving the process to engage a cross-functional team in cost development. It now has accurate, consistent cost data to support decision-making. Aurora’s next phase will be to use actual procedure and visit times to allocate costs. This presentation will provide a detailed view into both the implementation and future direction of the Strata Decision Support program within Aurora.
Three-hospital Astria Health (WA) will implement Cerner under the company’s CommunityWorks hosting program.
Amazon hires Martin Levine, MD — a geriatrician and Seattle-area medical director of Medicare primary care practice Iora Health – for an unstated role.
Maybe this isn’t new, but I hadn’t noticed. Signing up for any HIMSS18 pre-conference symposium includes the Pre-Conference Plus benefit. You pay for a particular session, attend its opening keynote, but then are free to move around to other symposia during breaks (it would be interesting to see which sessions send attendees fleeing for the doors). They all cost $350, so there’s no gaming the system by signing up for the cheapest one and then switching. I also noticed that some conference sessions now list “conference supporters” that HIMSS has convinced to spend even more money, removing yet another safe space for non-vendors trying to evade commercial pitches (you knew that was coming when HIMSS started selling escalator advertising). My brilliant ideas – pay the food court vendors to attach flyers to their $13 chicken Caesars or hire one of those Las Vegas stripper card flippers to further clog the seedy sidewalks.
Open source EHR vendor OpenMRS – whose product is used in developing countries – receives a $1 million donation from cryptocurrency philanthropy organization Pineapple Fund (its tagline: “because once you have enough money, money doesn’t matter.”) OpenMRS learned that the person who started that organization had previously contributed OpenMRS software patches. OpenMRS is a non-profit collaborative led by Regenstrief Institute and Boston-based Partners in Health.
- IBM names Salesforce its preferred customer engagement platform for sales and service.
- Sunquest Information Systems will exhibit at the Precision Medicine World Conference January 22-24 in Mountain View, CA.
- Huron will exhibit at the Association of Cancer Executives Annual Meeting January 28 in Portland.
- Conduent will exhibit at the Middle Tennessee Antimicrobial Stewardship Symposium January 26 in Nashville.
- How Health Policy Censorship Could Impact Public Health (Redox)
- The Anatomy of Medical Marketing (Salesforce)
- 2018 Tips & Trends for Hospital Revenue Cycle Management (The SSI Group)
- 3 Patient Satisfaction Lessons Stolen from Amazon (Solutionreach)
- Gaining momentum. (Voalte)
- Nursing Communication and the Hierarchy of Resiliency (Vocera)