Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

The Petya Global Malware Incident Hitting Nuance, Merck, and Many Others

Posted on July 3, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The Petya Malware (or NotPetya or ExPetya) has really hit healthcare in a big way. The biggest impact on the healthcare IT world was the damage it caused to Nuance, but it also hit Merck and some other healthcare systems. After a shaky start to their communication strategy, Nuance seems to finally at least be updating their customers who saw a lot of downtime from when it first started on June 28 until now. This rogue Nuance employee account has been pretty interesting to watch as well. There’s a lesson there about corporate social media policies during a crisis.

Petya was originally classified as ransomware, but experts are now suggesting that it’s not ransomware since it has no way to recover from the damage it’s doing. It’s amazing to think how pernicious a piece of malware is that just destroys whatever it can access. That’s pretty scary as a CIO and it’s no surprise that Petya, WannaCry, and other malware/ransomware is making CIOs “cry.”

It’s been eye opening to see how many healthcare organizations have depended on Nuance’s services and quite frankly the vast number of services they offer healthcare. It’s been extremely damaging for many healthcare organizations and has them rethinking their cloud strategy and even leaving Nuance for competitors like MModal. I’m surprised MModal’s social team hasn’t at least tweeted something about their services still being available online and not affected by Petya.

I’ll be interested to see how this impacts Nuance’s business. Nuance is giving away free versions of their Dragon Medical voice recognition software to customers who can’t use Nuance’s transcription business. Long term I wonder if this will actually help Nuance convert more customers from transcription to voice recognition. In the past 5 days, Nuance’s stock price has droppped $1.54 per share. Considering the lack of effective alternatives and the near monopoly they have in many areas, I’ll be surprised if their business is severely damaged.

As I do with most ransomware and malware incidents, I try not to be too harsh on those experiencing these incidents. The reality is that it can and will happen to all of us. It’s just a question of when and how hard we’ll be hit. It’s the new reality of this hyper connected world. Adding to the intrigue of Petya is that it seems to have been targeted mostly at the Ukraine and companies like Nuance and Merck were just collateral damage. Yet, what damage it’s done.

Earlier today David Chou offered some suggestions on how to prevent ransomware attacks that are worth considering at every organization. The one that stands out most to me with these most recent attacks is proper backups. Here is my simple 3 keys to effective backups:

Layers – Given all the various forms of ransomware, malware, natural disasters, etc, it’s important that you incorporate layers of backups. A real time backup of your systems is great until it replicates the malware in real time to your backup server. Then you’re up a creek without a paddle. An off site backup is great until your off site location has an issue. You need to have layers of backup that take into account all of the ways your data could go bad, be compromised, etc.

Simple – This may seem like a contradiction to the first point, but it’s not. You can have layers of backups and still keep the approach simple and straightforward. Far too often I see organizations with complex backup schemes which are impossible to monitor and therefore stop working effectively. The KISS principle is a good one with backups. If you make it too complex then you’ll never realize that it’s actually failing on you. There’s nothing worse than a failed backup when you think it’s running fine.

Test – If you’ve never tested your backups by actually restoring them, then you’re playing russian roulette with your data. It’s well known that many backups complete without actually backing up the data properly. The only way to know if your backup really worked is to do a test restore of the data. Make sure you have regularly scheduled tests that actually restore your data to a backup server. Otherwise, don’t be surprised if and when your backup doesn’t restore properly when it’s really needed. Malware events are stressful enough. Knowing you have a good backup that can be restored can soften the blow.

Backups won’t solve all of your problems related to malware, but it’s one extremely important step in the process and a great place to start. Now I’m going to go and run some backups on my own systems and test the restore.

Health Plans Need Big Data Smarts To Prove Their Value

Posted on November 2, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Recently, Aetna cut a deal which suggests a new role for health insurers in big data analytics and population health management. In partnership with Merck, the health insurer is launching a new program using predictive analytics to identify target populations and provide them with health and wellness services. AetnaCare will start by targeting patients with diabetes and hypertension in the mid-Atlantic U.S., but it seems likely to go national soon.

In its press release on the matter, Aetna says the goal of the program is to “proactively curate various health and wellness services… to support treatment adherence, ensure that critical social support needs are met, and reinforce healthy lifestyle behaviors.” That in and of itself isn’t a big deal. We all know that these are goals shared by providers, employers and health plans, and that most of the efforts health plans make on this front are pie in the sky, half-baked initiatives featuring cutesy graphics and little substance.

But then, Aetna’s chief medical officer gives away the real goal here — to power this effort by analyzing patient data being spun out by patients in varied care settings.  In the release, Dr. Harold Paz notes that patients are getting care in a wide variety of settings, including retail clinics, healthcare devices, pharmaceutical services, behavioral health, and social services, and that these services are seldom coordinated well, and implies that this is the real problem Aetna must solve.

If you listen to this with the ears of a health IT chick like myself, you hear Aetna (and Merck, actually) admitting that they must engage in predictive analytics across all of these encounters – and eventually, use these insights to help patients make good healthcare choices. In other words, they have to think like providers and even offer provider-like services fulfill their mission. And that means competing with or even beating providers at the big data game.

The truth is, health plans are in the same boat as providers, in that they’re at the center of a hailstorm of data and struggling with how to make use of it. Also, like providers they’re facing pressure from health purchasers to slow healthcare cost growth and boost patient wellness. But I’d argue that they’re even less prepared, technically and culturally, to improve health or coordinate care. So jumping in now is critically important.

In fact, I’d argue that health insurers are under greater pressure to improve population health than even sophisticated health systems or ACOs. Why? Because while health systems and ACOs can point to what they do – they make people better, for heaven’s sake — insurance companies are the eternal middleman who must continue to prove that they add value to the healthcare equation.

It remains to be seen whether programs like AetnaCare succeed at helping patients find the resources they need to improve and maintain their health. But even if this concept doesn’t work out, others will follow. Health plans need to leverage their unique data set to boost quality and reduce costs. Otherwise, as providers learn to work under value-based payments and accept risk, employers will have increasingly good reasons to contract directly — and leave the insurance industry out of the game entirely.