Hackermania runs wild…all the way to the bank! Ransomware strikes Crozer-Keystone, UCSF med school, others

News to make you livid. After surviving (to date) the COVID pandemic, health systems and medical schools are being attacked by ransomware criminals. Both the small Crozer-Keystone Health System and the globally known University of California San Francisco School of Medicine have been attacked by the ever-so cutely named Netwalker (a/k/a MailTo). Yes, this criminal hacker gang isn’t outside banging pots for first responders or donating money, or even sticking to a brief truce (Emsisoft), but figuring ways to spread malware into healthcare organizations for fun and profit. 

And profitable it’s been. UCSF paid Netwalker the princely sum of $1.14 million (£910,000) in 116.4 bitcoins after an attack starting 1 June that was also (to add insult to injury) published on Netwalker’s public blog. In the timeline presented by BBC News, it was negotiated down (professionally) from $3 million; BBC also obtained some key parts of the negotiation via an anonymous tipoff, and it’s fascinating reading. Netwalker leads the victim to a dark web ‘customer service’ site where there’s a countdown to double payment or deletion of your now-encrypted data. They are also able to live chat with the victim.

UCSF was able to limit the malware encryption damage to servers within the School of Medicine (according to the BBC, literally unplugging computers; according to UCSF, isolating servers) but decided to pay the ransom to unlock the encrypted data and return data they obtained, stating in its public release “The data that was encrypted is important to some of the academic work we pursue as a university serving the public good”. They will work with the FBI on the incident and have brought on board outside expert help.

According to FierceHealthcare, Netwalker was also behind the attack on the Champaign-Urbana Public Health District (Illinois) website in March and Michigan State University’s network in May.

Paying ransom is contrary to the advice of the major world security services such as the FBI, Europol, and the UK’s National Cyber Security Centre, on the simple basis that it encourages them. It’s a true damned-if-you-do, damned-if-you-don’t situation, as Brett Callow, a threat analyst at cyber-security company Emsisoft, said to the BBC: “But why would a ruthless criminal enterprise delete data that it may be able to further monetise at a later date?” 

Crozer-Keystone to date has refused to pay ransom. On 19 June, bitcoin publication Cointelegraph published a screenshot of Netwalker’s dark web auction page of the data. Apparently it is all financial and not medical records or PHI. Crozer also isolated the intrusion and took systems offline. Crozer is a small system of four hospitals in suburban Philadelphia (Delaware County) and serves parts of the state of Delaware and western New Jersey.

Neither Crozer nor UCSF have gone public with the source of the breach, but it is known that the main lure during the pandemic has been phishing emails with COVID-19 results or news, loaded with malware downloads.

As this Editor wrote back in May 2018 on the anniversary of WannaCry, it’s not a matter of if, but when, at highly vulnerable organizations like healthcare and academia with high-value information records. Right now, the Hakbit spear-phishing ransomware connected to an Excel spreadsheet macro is targeting mid-level individuals at pharma, healthcare, and other sectors in Austria, Germany, and Switzerland, according to tech research firm Proofpoint. TechGenix

More: Becker’s 22 June on Crozer-Keystone, 29 June on UCSF, 12 largest healthcare breaches to date, 10 healthcare system incidents for June, Kroger hacking incident exposing 11,000 health records. DataBreaches.net news page.

Technology will help ease, but not replace, rising workforce demand in long-term care: UCSF study

A just-published research paper by researchers at the University of California, San Francisco Health Workforce Research Center on Long-Term Care, has come to the not entirely unsurprising conclusion that the current technology targeted to the LTC area is helpful but won’t displace any workers from their jobs in the immediate future. The qualitative study evaluated 13 current health tech technologies in 14 areas for their potential impact on the care of older persons as it affects LTC workforce recruitment, training, and retention. 

Some key findings were: 

  • Technology will not even come close to replacing the LTC workforce. At most it will aid LTC workers.
  • Tools such as data collection and remote patient monitoring systems that distribute data to the care team can improve staff’s understanding of client behavior and manage day-to-day tasks
  • Technology can also address workforce recruitment, retention, and staffing efficiency, such as predictive analytics used in identifying candidate suitability, improved staff management in shift scheduling, work location, and clientele, and real time location tracking, can improve the work environment
  • Technologies that monitor health and activity measurements, integrating with predictive modeling, can benefit clients, family caregivers, and care teams, but may suffer from complexity and duplication in their category. 
  • Educational tools also improve care delivery by instructing on proper caregiving techniques, increasing knowledge on medical or behavioral conditions, and by promoting sympathy/empathy

Some of the barriers included:

  • It comes at a cost which LTC is reluctant to pay
    • Initial and ongoing cost with lack of third-party Medicare/private reimbursement
    • Dependence on unattractive long term subscription-based models 
  • Threats to privacy and the security of health data
  • Potential differences in product specificity or acceptance among diverse racial and ethnic groups
  • Technology lacking user-centered design and not developed/tested in conjunction with real-world LTC 
  • Funding: only two US VCs fund LTC tech is a bit of an exaggeration, but the pool of interest is shallow nonetheless

The overall conclusion struck this Editor as less than enthusiastic, perhaps because We’re Not There Yet and it’s still so far away.

The appendix lists the 13 companies surveyed with summaries of each health tech company interviewed: Alma’s House (Sweden), Arena (staffing/recruitment), Canary Health (education/caregiver education), CarePredict (wearables/alert monitoring), Clear Care (management). Embodied Labs (education), Intuition Robotics (ElliQ), GrandCare (monitoring/client engagement), Honor (staffing), La
Valeriane (documentation), LifePod (voicetech/monitoring), UnaliWear (wearables/monitoring), VisibleHand (documentation/EHR).

The study was supported by the Health Resources and Services Administration (HRSA) of the US Department of Health and Human Services (HHS).com. UCSF summaryThe Impact of Emerging Technologies on Long-Term Care & the Health Workforce (full text)  Hat tip to Laura Mitchell of GrandCare via Twitter

Weekend Must Read: How an EHR in a teaching hospital gave a patient a 39X overdose

Weekend reading and a banquet for your consideration.

Though computers can and do improve patient safety in many ways, the case of Pablo Garcia vividly illustrates that, even in one of the world’s best hospitals, filled with well-trained, careful and caring doctors, nurses and pharmacists, technology can cause breathtaking errors.

This one began when a young physician went to an electronic health record and set a process in motion that never could have happened in the age of paper.

From The Overdose: Harm in a Wired Hospital by Robert Wachter, MD (Medium.com Backchannel), Part 1 of 4

The situation is a pediatric patient with a severe chronic illness, with multiple symptoms requiring multiple medications to control, admitted to University of California San Francisco (UCSF). The article is a case history of the chain of events, both technological and human, that led to an severe overdose of a routine antibiotic medication, which the patient had already been maintained on for years, nearly killing the child. You will see, with horror, how every check-and-balance failed in the prescribing and dispensing procedure, and why.

Dr Wachter is not only chief of the medical service and chief (more…)

More Samsung ‘we try harder’ telehealth moves

Is Samsung playing Avis “We try harder®” to Apple’s Hertz?

Samsung’s other, less noticed end-run in addition to the Simband reference hardware and SAMI ‘open ecosystem’  is an initiative creating a joint research center with the University of California, San Francisco (UCSF) called the Center for Digital Health Innovation (CDHI). It is being headed by Michael Blum, a medical doctor who is the UCSF assistant vice chancellor of informatics. From the statements made to The Atlantic, Dr Blum’s intent is to clinically validate the sensors and algorithms produced within the Samsung ecosystem. Already featured are four initial projects: CareWeb (a collaborative care platform built on Salesforce.com), Tidepool (infrastructure for diabetes apps), Health eHeart (clinical trial app on heart disease) and Trinity (‘precision team care’). On the frontier: ‘novel vital signs’ which he predicts will come out of the analysis of standard vital signs, “…new markers of health and wellness that come out of these large datasets.”  Is Samsung, rather than going head-to-head with Apple on Healthbook [TTA 22 Mar] is leapfrogging into something akin to Telehealth 2.0 or 3.0? Yet this Editor notes that we haven’t figured out, for the most part, the FBQs (Five Big Questions)* of 1.0….

* The Five Big Questions (FBQs)–who pays, how much, who’s looking at the data, who’s actioning it, how data is integrated into patient records.

Going Googly over Glass: reviews

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2013/12/3022534-inline-s-6-a-surgeons-review-of-google-glass-in-the-operating-room.jpg” thumb_width=”150″ /]Glass has been out long enough and used widely enough in the health/medical area to have some meaningful reviews. The hot area seems to be surgery, and having previewed this at the end of a minimally invasive hernia surgery during Heather Evans, MD’s talk at the NYeC Digital Health Conference [TTA 16 Nov; also her AAS article], this Editor knew more were to come. University of California-San Francisco formally received the first approval from the Institutional Review Board to use Glass during surgeries (iHealthBeat 27 Nov). Pierre Theodore, MD, a cardiothoracic surgeon at UCSF, prior to that point performed 10 to 15 surgeries with Glass assistance. From a longer article in Fast Company: “His conclusion so far: the technology is indeed useful in the operating room as an adjunct device in delivering necessary information, but it still has miles to go as a product.” Other drawbacks are its dependence on an optimal Wi-Fi signal which can be chancy in an OR, its weakness on voice commands, being able to easily scan X-rays during surgery, patient privacy and very importantly, sanitization. Completely hands-free operation is the surgeon’s goal. (Photo of Dr. Theodore courtesy of Fast Company)