Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Healthcare Orgs May Be Ramping Up Cybersecurity Efforts

Posted on August 18, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As I’ve noted (too) many times in the past, healthcare organizations don’t have a great track record when it comes to cybersecurity. Compared to other industries, healthcare organizations spend relatively little on IT security overall, and despite harangues from people like myself, this has remained the case for many years.

However, a small new survey by HIMSS suggests that the tide may be turning. It’s not incredibly surprising to hear, as health it leaders have been facing increasingly frequent cybersecurity attacks. A case in point: In a recent study by Netwrix Corp., more than half of healthcare organizations reported struggling with malware, and that’s just one of many ongoing cyber security threats.

The HIMSS cybersecurity survey, which tallies responses from 126 IT leaders, concluded that security professionals are focusing on medical device security, and that patient safety, data breaches and malware were their top three concerns.

In the survey, HIMSS found that 71% of respondents were allocating some of their budgets toward cybersecurity and that 80% said that their organization employed dedicated cybersecurity staff.

Meanwhile, 78% of respondents were able to identify a cybersecurity staffing ratio (i.e. the number of cybersecurity specialists versus other employees), and 53% said the ratio was 1:500 which, according to HIMSS is considered the right ratio for information-centric, risk-averse businesses with considerable Internet exposure.

Also of note, it seems that budgets for cybersecurity are getting more substantial. Of the 71% of respondents whose organizations are budgeting for cybersecurity efforts, 60% allocated 3% or more of their overall budget to the problem. And that’s not all. Eleven percent of respondents said that they were allocating more than 10% of the budget to cybersecurity, which is fairly impressive.

Other stats from the survey included that 60% of respondents said their organizations employed a senior information security leader such as a Chief Information Security Officer.  In its press release covering the survey, it noted that CISOs and other top security leaders are adopting cybersecurity programs that cut across several areas, including procurement and education/training. The security leaders are also adopting the NIST Cybersecurity Framework.

According to HIMSS, 85% of respondents said they conduct a risk assessment at least once a year, and that 75% of them regularly conduct penetration testing. Meanwhile, 75% said they had some type of insider threat management program in place within their healthcare organization.

One final note: In the report, HIMSS noted that acute care providers had more specific concerns was cybersecurity than non-acute care providers. Over the next few years, as individual practices merge with larger ones, and everyone gets swept up into ACOs, I wonder if that distinction will even matter anymore.

My take is that when smaller organizations work with big ones, everyone’s tech is set up reach the level better-capitalized players have achieved, and that will standardize everyone’s concerns. What do you think?

Assembling The Right Stuff: The Keys to Gathering and Supporting A Successful EHR Go-Live Support Team

Posted on August 16, 2017 I Written By

The following is a guest blog post by Jaime Jaimes, Instructional Writer at Conduent, Breakaway Learning Solutions). Check out all of the blog posts in the Breakaway Thinking series.

For just a moment, put yourself in the shoes of a provider who needs to work with a new EHR. You’ve known that the EHR go-live event was impending, and now it’s here. You took the training, slipped a little job aid booklet in your pocket, and think you’ve got everything under control. But once you’re on the floor, you hit a sudden roadblock. Rifling through your packet in hopes of finding an answer could waste valuable time. What you really need is a friendly face to calmly talk you through that first hurdle and get you back on track.

This scenario is the reason that some physicians are identifying at-the-elbow support as a vital part of successful EHR implementation. A confident support team can create a calm and stable environment for your staff as they learn the ins and outs of their new system. But structuring your support strategy is easier said than done. Fortunately, I was able to sit down and discuss some key go-live support elements with two of Breakaway’s client services managers: Adam Koch and Meredith Wheelock.  Between them, they’ve overseen countless go-live events for hospitals and ambulatory locations alike, and they have three key pointers for any team planning a new EHR implementation or update.

Start assembling your support team early

Creating a support team is a daunting prospect. In our experience, at least a 1:3 support-to-learner ratio is the ideal level of staff training needed for a go live, a number backed up by online research journal Perspectives in Health Management. Beginning your search for the right people early on gives you the time to vet potential team members, and ensure they have the necessary certifications and experience specific to your go live. While you can get a team together in a month, we recommend starting the process two months or more before the event so that you can identify the right people and make sure they are prepared.

This may seem like a lot of time to invest, but having this at-the-elbow support can actually save you time at go live. A support team member can resolve questions and frustrating issues quickly, which in turn allows your staff to return to their other duties. Plus, the fact that the question was resolved in-the-moment, and in the environment in which your staff will likely face the issue again, increases the probability of knowledge retention and improves their confidence in using the system.

Get everyone on the same page

Even though you’re assembling a team of experts familiar with your EHR, you still need to make sure they’re all following the same workflows. This ensures your support team won’t teach different workflows to different departments or locations. Learning your best practices also means there won’t be a conflict between pre-go-live training and at-the-elbow assistance. After all, your staff expects help when they approach a support team member. If they get advice that contradicts their training, they will walk away feeling even more confused and frustrated, hindering their adoption progress. As this EHR Intelligence article notes, “Critical to the project’s success is supporting physician EHR users the right way at the right time.” Taking the time to teach your support team best practices is the easiest way to make sure you’re supporting your team the right way.

Establish lines of communication

A go-live event is a big endeavor, and even the best support team will encounter a quirk in the system they haven’t seen before. It’s at these times where having a defined path to escalate problems and share the solutions you generate will keep your EHR’s implementation on track. For those first few weeks, a daily touchpoint meeting with your support teams and site super-users can prove invaluable, as it allows everyone to identify pain points, troubleshoot issues, and come away with one clearly identified solution. Having this coordinated effort and standard way of communicating is critical for organizations large and small, and helps guarantee that even when a larger problem arises, your team doesn’t grind to a halt as you try to figure out the solution.

Your at-the-elbow support team is just one part of the successful go-live puzzle, but it’s a piece that can mean the difference between a frustrated staff and one that’s confident that this new EHR is just another part of their day.

Conduent is a sponsor of the Breakaway Thinking series of blog posts. Breakaway Learning Solutions is a leader in EHR and Health IT training. Download their Free Whitepaper “Leadership Insights: Gaining Value from Technology Investments.”

Despite Privacy Worries, Consumers Trust Apple With Their Health Data

Posted on August 14, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

These days, everyone seems to want access to consumer health data. We’re talking not just about healthcare companies, but also financial firms, insurance companies and technology giants like Apple, Google and Amazon.

Consumers have every reason to be concerned how their data is used, as companies outside of the healthcare realm, in particular, might use it in ways that make them uncomfortable. After all, these health-related companies may not have to follow HIPAA rules. Not only that, laws that govern data collection of any kind are still evolving on the state and federal level. It’s just not clear where privacy rules for health data are going.

Troubling ambiguities like these may be why 37% of the 1,000-plus people responding to a new Twitter poll said they wouldn’t share their data with anyone. Perhaps they’ve begun to realize that companies like Google could do a lot of harm if they act recklessly with the health data they’re accumulating.

Nonetheless, there’s at least one company they trust more than others with their PHI, according to the poll, which was conducted by a CNBC writer. That company is Apple, says columnist Christina Farr. When asked which companies they trust with the health data, 41% picked Apple. Meanwhile, Google and Amazon came in at 14% and 8% respectively. That’s a pretty big gap.

Why do consumers trust Apple more than other technology companies?  It’s far from clear. But Andrew Boyd, a professor of biomedical and health information sciences at the University of Illinois, suggests that it’s because Apple has taken steps to foster trust. “Apple has done a big push around health and privacy to breed familiarity and comfort,” Boyd told CNBC.

He noted that Apple has announced plans to make aggregated health information available on smartphones. Next, it plans to integrate other medical data, such as lab results, which usually aren’t part of an integrated health record, Farr points out. Apple has also promised users that it won’t sell health data to advertisers or third-party developers.

Ideally, other companies should be following in Apple’s footsteps, suggests health data privacy expert Lucia Savage, who responded to the Twitter poll.

Savage, who is currently serving as chief privacy and regulatory officer at Omada Health, believes that any company that collects health data should at least provide consumers with a summary of the data they collect on their users and promise not to sell it. (She didn’t say so directly, but we know most non-healthcare firms can’t be bothered with such niceties.)

I think we all look forward to the day when every company takes health data privacy seriously. But giants like Google, with effectively infinite resources, are still pushing the envelope, and we can only expect its competitors to do the same thing. Unless consumers mount a massive protest, or there’s a radical change in federal law, I suspect most non-healthcare firms will keep using health data however they please.

eClinicalWorks Settlement Hasn’t Led To Customer Defections, Yet

Posted on August 7, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Loyalty is a funny thing. You’d think that when a vendor let you down spectacularly, you wouldn’t do business with them anymore. But the truth is, when it comes to health IT it’s not that simple. In many cases, vendor-customer relationships are more like marriages than formal agreements. Even if things start to go south, customers have so much invested in their vendor relationship that backing out may not seem like a realistic possibility.

Yes, I’m pontificating here, but not without a point. What I’m responding to here is a recent KLAS survey which found that while many customers of the now-tarnished eClinicalWorks have lost confidence in the company, many are still on board for now.

As many readers will know, in May eCW settled a whistleblower suit against the company for $155 million. The suit, which was brought by the US Department of Justice, asserted that the vendor got certified for incentive payments by putting deceptive kludges in place.

After agreeing to pay a massive penalty to the feds and putting a “Coprrporate Integrity Agreement” in place, it’s little wonder that some customers don’t trust eCW anymore. But the reality of the situation is that they’re not exactly free to jump ship either.

The study, which was reported on in HIT Consultant, found that 66% of customers polled by KLAS said their perception of eCW had moderately or significantly worsened after the settlement. Meanwhile, 34% of current eCW customers plan to look elsewhere when they make their next health IT investment.

Another third of respondents said they felt stuck in their current eCW contract, though they would consider switching vendors when the contract expires or they have more resources to invest. Still, only 4% of KLAS respondents said they were leaving specifically because of the settlement.

Meanwhile, there’s apparently a subset of eCW customers who aren’t that worried about the settlement or its implications. One-third of respondents said that it had little impact on them, and some noted that eCW is probably just the first of many vendors whose meaningful use certification will be called into question.

The reality is that while eCW customers were a bit shaken by the settlement, it didn’t exactly come as a shock that the vendor was playing it close to the edge, with one-fifth noting that the settlement was “unsurprising.”

I would tend to side with the eCW customers who predict that this settlement is the tip of the iceberg, and that it’s likely to come out that other health IT vendors were gaming the certification process. The question is whether these settlements will merely inconvenience providers or lead to serious problems of their own. If the feds ever decide that providers should have known about faked certifications, the game will get a lot more complicated.

Will ACOs Face Tough Antitrust Scrutiny?

Posted on August 2, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

For some reason, I’ve always been interested in antitrust regulation, not just in the healthcare industry but across the board.

To me, there’s something fascinating about how federal agencies define markets, figure out what constitutes an unfair level of market dominance and decide which deals are out of bounds. For someone who’s not a lawyer, perhaps that’s a strange sort of geeking out to do, but there you have it.

Obviously, given how complex industry relationships are, healthcare relationships are fraught with antitrust issues to ponder. Lately, I’ve begun thinking about how antitrust regulators will look at large ACOs. And I’ve concluded that ACOs will be on the radar of the FTC and U.S. Department of Justice very soon, if they aren’t already.

On their face, ACOs try to dominate markets, so there’s plenty of potential for them to tip the scales too far in their favor for regulators to ignore. Their business model involves both vertical and horizontal integration, either of which could be seen as giving participants too much power.

Please take the following as a guide from an amateur who follows antitrust issues. Again, IANAL, but my understanding is as follows:

  • Vertical integration in healthcare glues together related entities that serve each other directly, such as health plans, hospitals, physician groups and skilled nursing facilities.
  • Horizontal integration connects mutually interested service providers, including competitors such as rival hospitals.

Even without being a legal whiz, it’s easy to understand why either of these ACO models might lead to (what the feds would see as) a machine that squeezes out uninvolved parties. The fact that these providers may share a single EMR could makes matters worse, as it makes the case that the parties can hoard data which binds patients to their network.

Regardless, it just makes sense that if a health plan builds an ACO network, cherry picking what it sees as the best providers, it’s unlikely that excluded providers will enjoy the same reimbursement health plan partners get. The excluded parties just won’t have as much clout.

Yes, it’s already the case that bigger providers may get either higher reimbursement or higher patient volume from insurers, but ACO business models could intensify the problem.

Meanwhile, if a bunch of competing hospitals or physician practices in a market decide to work together, it seems pretty unlikely that others could enter the market, expand their business or develop new service lines that compete with the ACO. Eventually, many patients would be forced to work with ACO providers. Their health plan will only pay for this market-dominant conglomerate.

Of course, these issues are probably being kicked around in legal circles. I’m equally confident that the ACOs, which can afford high-ticket legal advice, have looked at these concerns as well. But to my knowledge these questions aren’t popping up in the trade press, which suggests to me that they’re not a hot topic in non-legal circles.

Please note that I’m not taking a position here on whether antitrust regulation is fair or appropriate here. I’m just pointing out that if you’re part of an ACO, you may be more vulnerable to antitrust suits than you thought. Any entity which has the power to crush competition and set prices is a potential target.

A Hospital CIO Perspective on Precision Medicine

Posted on July 31, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

#Paid content sponsored by Intel.

In this video interview, I talk with David Chou, Vice President, Chief Information and Digital Officer with Kansas City, Missouri-based Children’s Mercy Hospital. In addition to his work at Children’s Mercy, he helps healthcare organizations transform themselves into digital enterprises.

Chou previously served as a healthcare technology advisor with law firm Balch & Bingham and Chief Information Officer with the University of Mississippi Medical Center. He also worked with the Cleveland Clinic to build a flagship hospital in Abu Dhabi, as well as working in for-profit healthcare organizations in California.

Precision Medicine and Genomic Medicine are important topics for every hospital CIO to understand. In my interview with David Chou, he provides the hospital CIO perspective on these topics and offers insights into what a hospital organization should be doing to take part in and be prepared for precision medicine and genomic medicine.

Here are the questions I asked him, if you’d like to skip to a specific topic in the video or check out the full video interview embedded below:

What are you doing in your organization when it comes to precision medicine and genomic medicine?

Despite Abundance of Threats, Few Providers Take Serious Steps To Protect Their Data

Posted on July 27, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

I scarcely need to remind readers of the immensity of the threats to healthcare data security out there. Not only is healthcare data an attractive target for cybercriminals, the aforementioned keep coming up with new ways to torture security pros (the particularly evil ransomware comes to mind).

Unfortunately, healthcare organizations are also notorious for spending too little on data security. Apparently, this also extends to spending money on information security governance or risk management, according to a new study.

The study is sponsored by Netwrix Corp., which sells a visibility platform for data security and risk mitigation and hybrid environments.  (In other words, the following stats are interesting, but keep your bias alert on.)

Researchers found that 95% of responding healthcare organizations don’t use software for information security governance or risk management and that just 31% of respondents said they were well prepared to address IT risks. Still, despite the prevalence of cybersecurity threats, 68% don’t have any staffers in place specifically to address them.

What’s the source of key IT healthcare security threats? Fifty-nine percent of healthcare organizations said they were struggling with malware, and 47% of providers said they’d faced security incidents caused by human error. Fifty-six percent of healthcare organizations saw employees as the biggest threat to system availability and security.

To tackle these problems, 56% of healthcare organizations said they plan to invest in security solutions to protect their data. Unfortunately, though, the majority said they lacked the budget (75%), time (75%) and senior management buy-in (44%) needed to improve their handling of such risks.

So it goes with healthcare security. Most of the industry seems willing to stash security spending needs under a rock until some major headline-grabbing incident happens. Then, it’s all with the apologies and the hand-wringing and the promise to do much better. My guess is that a good number of these organizations don’t do much to learn from their mistake, and instead throw some jerry-rigged patch in place that’s vulnerable to a new attack with new characteristics.

That being said, the study makes the important point that employees directly or indirectly cause many IT security problems. My sense is that the percent of employees actually packaging data or accessing it for malicious purposes is relatively small, but that major problems created by an “oops” are pretty common.

Perhaps the fact that employees are the source of many IT incidents is actually a hopeful trend. Even if an IT department doesn’t have the resources to invest in security experts or new technology, it can spearhead efforts to treat employees better on security issues. Virtually every employee that doesn’t specialize in IT could probably use a brush up on proper security hygiene, anyway. And retraining employees doesn’t call for a lot of funding or major C-suite buy-in.

Care Coordination Tech Still Needs Work

Posted on July 26, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Virtually all of you would agree that we’ll have to do a better job of care coordination if we hope to meet our patient outcomes goals. And logically enough, most of us are hoping that technology will help us make this happen.  But from what I’ve seen, it isn’t going to happen anytime soon.

Every now and then, I get a press release from a company that says a company’s tech has solved at least some part of the industry’s care coordination problem. Today, the company was featured in a release from Baylor College of Medicine, where a physician has launched a mobile software venture focused on preventing miscommunication between patient care team members.

The company, ConsultLink, has developed a mobile platform that manages patient handoffs, consults and care team collaboration. It was founded by Dr. Alexander Pastuszak, an assistant professor of urology at Baylor, in 2013.

As with every other digital care coordination platform I’ve heard about – and I’ve encountered at least a dozen – the ConsultLink platform seems to have some worthwhile features. I was especially interested in its analytics capability, as well as its partnership with Redox, an EMR integration firm which has gotten a lot of attention of late.

The thing is, I’ve heard all this before, in one form or another. I’m not suggesting that ConsultLink doesn’t have what it takes. However, it’s been my observation if market space attracts dozens of competitors, the very basics of how they should attack the problem are still up for grabs.

As I suspected it would, a casual Google search turned up several other interesting players, including:

  • ChartSpan Medical Technologies: The Greenville, South Carolina-based company has developed a platform which includes practice management software, mobile patient engagement and records management tools. It offers a chronic care management solution which is designed to coordinate care between all providers.
  • MyHealthDirect: Nashville’s MyHealthDirect, a relatively early entrant launched in 2006, describes itself as focusing consumer healthcare access solutions. Its version of digital care coordination includes online scheduling systems, referral management tools and event-driven analytics, which it delivers on behalf of health systems, providers and payers.
  • Spruce Health: Spruce Health, which is based in San Francisco, centralizes care communication around mobile devices. Its platform includes a shared inbox for all patient and team communication, collaborative messaging, telemedicine support and mobile payment options.

No doubt there are dozens more that aren’t as good at SEO. As these vendors compete, the template for a care coordination platform is evolving moment by moment. As with other tech niches, companies are jumping into the fray with technology perhaps designed for other purposes. Others are hoping to set a new standard for how care coordination platforms work. There’s nothing wrong with that, but its likely to keep the core feature set for digital coordination fluid for quite some time.

I don’t doubt among the companies I’ve described, there’s a lot of good and useful ideas. But to me, the fact that so many players are trying to define the concept of digital care coordination suggests that it has some growing up to do.

Hospitals Aren’t Getting Much ROI From RCM Technology

Posted on July 24, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

If your IT investments aren’t paying off, your revenue cycle management process is clunky and consumers are defaulting on their bills, you’re in a pretty rocky situation financially. Unfortunately, that’s just the position hospitals find themselves in lately, according to a new study.

The study, which was conducted by the Healthcare Financial Management Association and Navigant, surveyed 125 hospital health system chief financial officers and revenue cycle executives.

When they looked at the data, researchers saw that hospitals are being hit with a double whammy. On the one hand, the RCM systems hospitals have in place don’t seem to be cutting it, and on the other, the hospitals are struggling to collect from patients.

Nearly three out of four respondents said that their RCM technology budgets were increasing, with 32% reporting that they were increasing spending by 5% or more. Seventy-seven percent of hospitals with less than 100 beds and 78% of hospitals with 100 to 500 beds plan to increase such spending, the survey found.

The hospital leaders expect that technology investments will improve their RCM capabilities, with 79% considering business intelligence analytics, EHR-enabled workflow or reporting, revenue integrity, coding and physician/clinician documentation options.

Unfortunately, the software infrastructure underneath these apps isn’t performing as well as they’d like. Fifty-one percent of respondents said that their organizations had trouble keeping up with EHR upgrades, or weren’t getting the most out of functional, workflow and reporting improvements. Given these obstacles, which limit hospitals’ overall tech capabilities, these execs have little chance of seeing much ROI from RCM investments.

Not only that, CFOs and RCM leaders weren’t sure how much impact existing technology was having on their organizations. In fact, 41% said they didn’t have methods in place to track how effective their technology enhancements have been.

To address RCM issues, hospital leaders are looking beyond technology. Some said they were tightening up their revenue integrity process, which is designed to ensure that coding and charge capture processes work well and pricing for services is reasonable. Such programs are designed to support reliable financial reporting and efficient operations.

Forty-four percent of respondents said their organizations had established revenue integrity programs, and 22% said revenue integrity was a top RCM focus area for the coming year. Meanwhile, execs whose organizations already had revenue integrity programs in place said that the programs offered significant benefits, including increased net collections (68%), greater charge capture (61%) and reduced compliance risks (61%).

Still, even if a hospital has its RCM house in order, that’s far from the only revenue drain it’s likely to face. More than 90% of respondents think the steady increase in consumer responsibility for care will have an impact on their organizations, particularly rural hospital executives, the study found.

In effort to turn the tide, hospital financial execs are making it easier for consumers to pay their bills, with 93% of respondents offering an online payment portal and 63% rolling out cost-of-care estimation tools. But few hospitals are conducting sophisticated collections initiatives. Only 14% of respondents said they were using advanced modeling tools for predicting propensity to pay, researchers said.

One Hospital Faces Rebuild After Brutal Cyberattack

Posted on July 20, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Countless businesses were hit hard by the recent Petya ransomware attack, but few as hard as Princeton, West Virginia-based Princeton Community Hospital. After struggling with the aftermath of the Petya attack, the hospital had to rebuild its entire network and reinstall its core systems.

The Petya assault, which hit in late June, pounded large firms across the globe, including Nuance, Merck, advertiser WPP, Danish shipping and transport firm Maersk and legal firm DLA Piper.  The list of Petya victims also includes PCH, a 267-bed facility based in the southern part of the state.

After the attack, IT staffers first concluded that the hospital had emerged from the attack relatively unscathed. Hospital leaders noted that they are continuing to provide all inpatient care and services, as well as all other patient care services such as surgeries, therapeutics, diagnostics, lab and radiology, but was experiencing some delays in processing radiology information for non-emergent patients. Also, for a while the hospital diverted all non-emergency ambulance visits away from its emergency department.

However, within a few days executives found that its IT troubles weren’t over. “Our data appears secure, intact, and not hacked into; yet we are unable to access the data from the old devices in the network,” said the hospital in a post on Facebook.

To recover from the Petya attack, PCH decided that it had to install 53 new computers throughout the hospital offering clean access to its Meditech EMR system, as well as installing new hard drives on all devices throughout the system and building out an entirely new network.

When you consider how much time its IT staff must’ve logged bringing basic systems online, rebuilding computers and network infrastructure, it seems clear that the hospital took a major financial blow when Petya hit.

Not only that, I have little doubt that PCH faces doubts in the community about its security.  Few patients understand much, if anything, about cyberattacks, but they do want to feel that their hospital has things under control. Having to admit that your network has been compromised isn’t good for business, even if much bigger companies in and outside the healthcare business were brought to the knees by the same attack. It may not be fair, but that’s the way it is.

That being said, PCH seems to have done a good job keeping the community it serves aware what was going on after the Petya dust settled. It also made the almost certainly painful decision to rebuild key IT assets relatively quickly, which might not have been feasible for a bigger organization.

All told, it seems that PCH survived Petya successfully as any other business might have, and better than some. Let’s hope the pace of global cyberattacks doesn’t speed up further. While PCH might have rebounded successfully after Petya, there’s only so much any hospital can take.