What will be the next healthcare HACK?
I consider myself a computer geek without formal training, but I like to follow the industry. As an example, Windows 11 represented a serious rewrite of many of the decades old basic components. The folks who wrote these original legacy components are now dead or retired, losing a lot of institutional knowledge of a very complex operating system. In short, writing good secure code is difficult.
Meanwhile, another company we all know, EPIC, has been around almost as long as Microsoft. Any user who has to work in EPIC is aware of the software’s awesome complexity. EPIC is, indeed, an effort to have everything in one package. Like many editions of Windows, it often feels like there are a lot of modules that have been duct taped into the system. This feels like a real weakness.
Change Healthcare is another such example of a software with many such modules duct taped together to make it run. As you should know, Change Healthcare was decimated by a hack, wrecking a lot of healthcare providers. Some experts have mentioned a module called “Screen Connect” as the point of weakness. No one is admitting anything, but it reveals the hazards of using a Rube Goldberg model for your business.
So, we all wonder: Is a player as big as EPIC safe? I’m sure EPIC points to its bullet proof security practices, saying “It can’t happen to us!”
Yet, I’m sure Change Healthcare also still points to such “bulletproof security” even as it gasps for breath. No, it wasn’t bulletproof.
You are only as secure as your weakest module.
You are only safe until a hacker notices your importance. Once they turn their attention to you, look out!
You have backups, so you feel confident. Are they clean or are they contaminated? You won’t know until you need them.
The most valuable thing when seeing a patient is the old chart. Those charts are now all digital and that makes them vulnerable.
Imagine EPIC being hacked. Like me, your first reaction is to chuckle. Then you pause, think about it and realize it would be a very bad thing. Patients would be hurt. They would go without care. Many would needlessly die. No, an EPIC hack is not even a little funny.
We are not safe. Predators are scanning us carefully. They are highly competent and they don’t care who gets hurt.
Meanwhile, our systems are protected by the equivalent of Barney Fife.
A few years ago I read that the Russian military went back to paper for everything except those things which required immediate attention and action (battlefield). A secure room with paper without electronics is still what is used when disseminating information contained in secret documents by our military.
Why are medical records less valuable? A locked room, limited access, paper records, and microsoft and epic can pound sand. Cheap, easy, fast-an engineers dream.
Yeah, I worked in a group clinic that was coerced into going to computers by the damned gubbermint. Said they would pay us more. Bunch of Bull Hockey.
I took crib notes then dictated the final note, signed off on it and I or anyone else (including lawyers) could see what I did legibly on paper.
Computers came in and they expected us docs to type all this bullchit in. Biggest waste of time on earth! Free up the docs to see patients, not to do Freaking records!!!
I was lucky to be able to retire at age 64. My wife died young 5 years ago and I have a mentally handicapped adult son I have legal guardianship of I have to take care of. Didn’t take much to get me to bail out and so happy for it.
I don’t regret leaving primary care medicine one iota. Call, hospital and office work is for a young person. I doubt many F.P.’s do hospital work or take call anymore. Do office dick head stuff only on a stupid computer.
Medicine was destroyed by computerization. Sure, being able to get lab results as soon as the computer could post it was simply GREAT! But having to put patient info on a visit into a computer is a piece of crap. Am soooooo, glad to be retired.
Kurt Savegnago, M.D. (retired)
This is a matter of dollars and cents. If you purchase EPIC and it does not work, you need to pay IT for software support. I do not know how to pre-screen any software I buy for susceptibility to infection/malware. One cannot expect DELL or MICROSOFT or whomever to guarantee you are safe. Everyone should also be aware of how much our technologic devices are monitoring ourselves and sending data back to the home office (see Louis Rossman on YOUTUBE for all that scary info). Of course your safest route is to stay off the web (and how are you going to check insurance/deductible status……there is always the 30 minute phone call to the insurance company!). I guess you can disconnect your router and just leave one computer connected to the web and off your in-house network to use strictly for insurance purposes. And one other thing…..make all employees sign an agreement that if they log on to the internet or use any office computer and somehow attract malware into your system, then they agree to accept full responsibility to make you “whole” again should you become the target of a hack!!!! I GUESS WE ALL NEED TO BECOME CYBERSECURITY SPECIALISTS in addition to being physicians. I wonder how the patients will react to the 6TB of stolen data….any idea how many patients have been involved and certainly it includes the provider information. I DEMAND CONGRESSIONAL HEARINGS!!!