Healthcare cyberattack latest: NextGen EHR ransomwared by AlphV/BlackCat, back to normal – 93% of healthcare orgs had 1-5 ransomware incidents

Cyberattacks on healthcare continue their drip-drip-drip. The latest is on an EHR/practice management platform used by small to enterprise-sized specialty practices, NextGen Healthcare. The hacker group associated with the AlphV/BlackCat ransomware moved into the system on 17 January. For a short time, they reportedly exhibited NextGen information on their extortion site but later took it down. NextGen reported a short-term disruption to operations. A NextGen spokesperson stated that “We immediately contained the threat, secured our network, and have returned to normal operations,” the spokesperson said. “Our forensic review is ongoing and, to date, we have not uncovered any evidence of access to or exfiltration of client data. The privacy and security of our client information is of the utmost importance to us.”  NextGen has also stated to this Editor that no patient data was affected.

NextGen is used by about 2,500 practices in the US, UK, India, and Canada, including over 20 specialties.

The group behind AlphV/BlackCat ransomware has an infamous history. Reputedly, the gang has been kicking around since 2012 and was the same group of charmers that attacked the Colonial Pipeline in 2021, using the Darkside ransomware in May 2021 that dried out gas stations across the US East Coast. Their next ransomware edition, BlackMatter, targeted agriculture during fall 2021. Healthcare IT News, The Record/Recorded Future News

More severe attacks affecting 93% of healthcare organizations. While NextGen contained the attack quickly, both the Censinet/Ponemon Institute and Fortified Health Security’s 2023 Horizon Report tracked 2022 healthcare data breaches and concluded that while the number of incidents didn’t change much, their severity ramped up. More according to SC Media in these reports: 

  • Over a dozen of the biggest incidents in 2022 each impacted well over 1 million records
  • Nearly half of the respondents experienced a ransomware attack in the last two years
  • 93% faced between one to five ransomware-related incidents
  • Outages lasted upwards of 35 days

The common ground with NextGen is danger to patient safety, because electronic record damage can translate quickly into unavailable patient care.

Updated PharmaCare Services, a pharmacy management company based in Texas, is listed as a victim on BlackCat’s extortion site. They were exhibited with NextGen and remained when NextGen’s listing was challenged and then taken down. PharmaCare is staying mum on any ransomware disruptions, according to GovInfoSecurity.

One ray of hope is improved medical device security, included in the ‘omnibus’ budget package approved in late 2022. FDA will be required to enforce new standards for premarket device submissions. One is a software bill of materials, adequate evidence to demonstrate the product can be updated and patched, and a description of security testing and controls. This was before Congress in the Protecting and Transforming Cyber Health Care (PATCH) Act which didn’t go far, but elements of which found their way into the omnibus. A needed change for medical devices and long expected by manufacturers. SC Media

News roundup: Proteus dissolves with Otsuka, EHRs add 16 min. per patient, DrChrono mobile EHR raises $20M, CareBridge LTSS launches, ‘flyover healthtech’ soars

The much-touted partnership of Proteus Digital Health with Otsuka Pharmaceutical of Japan for a digital version of Abilify has ended prematurely. Abilify MyCite was the first drug cleared by FDA with a digital tracking system in November 2017 [TTA 14 Nov 17]. Otsuka was also going to fund Proteus for further development of drug tracking.

In the payout for the Proteus license, Otsuka has the right to use Proteus’ technology for its own mental illness drug research. Proteus will abandon its research in mental illness and cardiovascular conditions and concentrate on digital meds in cancer and infectious disease. Before the holidays, we saw reports that ‘Proteus may be no-teous‘ and that layoffs and office closures were in the works. STAT reports that the Proteus-Otsuka breakup is one of several recently: Sandoz and Pear Therapeutics, Sanofi and Alphabet’s Onduo.

Where does a doctor’s time go? EHR use, for one. A study of 155,000 ambulatory medical subspecialists and primary care physicians in 2018 clocked EHR use per encounter at over 16 minutes on average, with chart review, documentation, and ordering functions accounting for most of the time (33, 24, and 17 percent, respectively). Percentages changed by subspecialty. PhysiciansWeekly,  ACP Annals of Internal Medicine (abstract only

Speaking of EHRs, DrChrono, one of the first mobile-friendly EHRs/practice management/revenue cycle platforms, raised $20 million in a Series B led by ORIX Growth Capital. Its total funding in nine years tops $48 million. Crunchbase, Mobihealthnews

Long term care (LTC) has been ‘about to be hot’ for at least 10 years. Where the real money may be made is in the ‘back end’. This week, a new long-term support services (LTSS) firm, CareBridge launched out of Nashville, backed with $40 million in fresh funding with a BOD helmed by a former US senator and physician, Bill Frist. Created in part through the acquisition of two other companies, HealthStar and Sinq Technologies, it will concentrate on electronic visit verification by caregivers for in-home service delivery, provide real-time sharing of clinical information, support members with enhanced tablet-based telehealth services, and is building a predictive model for service support. BusinessWire

Flyover tech soars, indeed. We note that CareBridge is in Nashville, which snobs on both coasts demeaningly call ‘flyover country’. Well, there’s gold in Middle America’s hills when it comes to health tech, with some of the choicest high flyers at this week’s JP Morgan Healthcare Conference from places like Nashville, Minneapolis, Ann Arbor, Denver, and Iowa. Utah alone has enough tech to earn it the nickname ‘Silicon Slopes’. Utah’s highlighted company is one this Editor found back in 2013Owlet–still (baby) socking it to them, cutely. Others, unfortunately, are wince-worthy–the prize goes to the Ōmcare med dispenser, which makes darn sure via two Wi-Fi-enabled interactive cameras that those pills are not only being taken, but also being swallowed. Really. Observer