Initially thought to be an attack by a nation-state, actual culprit turned out to be a known ransomware group and each day brings new revelations about the cyberattack
Fallout continues from cyberattack on Change Healthcare, the revenue cycle management (RCM) company that is a business unit of Optum, itself a division of UnitedHealth Group. Recent news accounts say providers are losing an estimated $100 million per day because they cannot submit claims to Change Healthcare nor receive reimbursement for these claims.
The cyberattack took place on February 21. The following day, UnitedHealth Group filed a Material Cybersecurity Incidents report (form 8-K) with the US Securities and Exchange Commission (SEC) in which it stated it had “identified a suspected nation-state associated cybersecurity threat actor [that] had gained access to some of the Change Healthcare information technology systems.”
A few days later the real identity of the threat actor was revealed to be a ransomware group known as “BlackCat” or “ALPHV,” according to Reuters.
Change Healthcare of Nashville, Tenn., is “one of the largest commercial prescription processors in the US,” Healthcare Dive reported, adding that hospitals, pharmacies, and military facilities had difficulty transmitting prescriptions “as a result of the outage.”
Change Healthcare handles about 15 billion payments each year.
According to a Change Healthcare statement, the company “became aware of the outside threat” and “took immediate action to disconnect Change Healthcare’s systems to prevent further impact.”
Change Healthcare has provided a website where parties that have been affected by the cyberattack can find assistance and updated information on Change’s response to the intrusion and theft of its data.
“The fallout is only starting to happen now. It will get worse for consumers,” Andrew Newman (above), founder and Chief Technology Officer, ReasonLabs, told FOX Business, adding, “We know that the likely destination for [the Change Healthcare] data is the Dark Web, where BlackCat will auction it all off to the highest bidder. From there, consumers could expect to suffer from things like identity theft, credit score downgrades, and more.” Clinical laboratories are also targets of cyberattacks due to the large amount of private patient data stored on their laboratory information systems. (Photo copyright: ReasonLabs.)
Millions of Records May be in Wrong Hands
Reuters reported that ALPHV/BlackCat admitted it “stole millions of sensitive records, including medical insurance and health data from the company.”
The ransomware group has been focusing its attacks on healthcare with 70 incidents since December, according to federal agencies.
In a letter to HHS, AHA warned, “Change Healthcare’s downed systems will have an immediate adverse impact on hospital finances. … Their interrupted technology controls providers’ ability to process claims for payment, patient billing, and patient cost estimation services.”
“My understanding is Change/Optum touches almost every hospital in the US in one way or another,” John Riggi, AHA’s National Advisor for Cybersecurity and Risk, told Chief Healthcare Executive. “It has sector wide impact in potential risk. So, really, this is an attack on the entire sector.” Riggi spent nearly 30 years with the FBI.
Some physician practices may also have been impacted by the Change Healthcare cyberattack, according to the Medical Group Management Association (MGMA). In a letter to HHS, MGMA described negative changes in processes at doctors’ offices. They include delays in paper and electronic statements “for the duration of the outage.”
In addition, “prescriptions are being called into pharmacies instead of being electronically sent, so patients’ insurance information cannot be verified by pharmacies, and [the patients] are forced to self-pay or go without necessary medication.”
Here are “just a few of the consequences medical groups have felt” since the Change Healthcare cyberattack, according to the MGMA:
Substantial billing and cash flow disruptions, such as a lack of electronic claims processing. Both paper and electronic statements have been delayed. Some groups have been without any outgoing charges or incoming payments for the duration of the outage.
Limited or no electronic remittance advice from health plans. Groups are having to manually pull and post from payer portals.
Prior authorization submissions have been rejected or have not been transmittable at all. This further exacerbates what is routinely ranked the number one regulatory burden by medical groups and jeopardizes patient care.
Groups have been unable to perform eligibility checks for patients.
Many electronic prescriptions have not been transmitted, resulting in call-in prescriptions to pharmacies or paper prescriptions for patients. Subsequently, patients’ insurance information cannot be verified by pharmacies, and they are forced to self-pay or go without necessary medication.
Lack of connectivity to important data infrastructure needed for success in value-based care arrangements, and other health information technology disruptions.
Medical laboratory leaders and pathologists are advised to consult with their colleagues in IT and cybersecurity on how to best prevent ransomware attacks. Labs hold vast amount of private patient information. Recent incidents suggest more steps and strategies may be needed to protect laboratory information systems and patient data.
Google designed the suite to ease radiologists’ workload and enable easy and secure sharing of critical medical imaging; technology may eventually be adapted to pathologists’ workflow
Clinical laboratory and pathology group leaders know that Google is doing extensive research and development in the field of cancer diagnostics. For several years, the Silicon Valley giant has been focused on digital imaging and the use of artificial intelligence (AI) algorithms and machine learning to detect cancer.
Now, Google Cloud has announced it is launching a new medical imaging suite for radiologists that is aimed at making healthcare data for the diagnosis and care of cancer patients more accessible. The new suite “promises to make medical imaging data more interoperable and useful by leveraging artificial intelligence,” according to MedCity News.
In a press release, medical technology company Hologic, and healthcare provider Hackensack Meridian Health in New Jersey, announced they were the first customers to use Google Cloud’s new suite of medical imaging products.
“Hackensack Meridian Health has begun using it to detect metastasis in prostate cancer patients earlier, and Hologic is using it to strengthen its diagnostic platform that screens women for cervical cancer,” MedCity News reported.
“Google pioneered the use of AI and computer vision in Google Photos, Google Image Search, and Google Lens, and now we’re making our imaging expertise, tools, and technologies available for healthcare and life sciences enterprises,” said Alissa Hsu Lynch (above), Global Lead of Google Cloud’s MedTech Strategy and Solutions, in a press release. “Our Medical Imaging Suite shows what’s possible when tech and healthcare companies come together.” Clinical laboratory companies may find Google’s Medical Imaging Suite worth investigating. (Photo copyright: Influencive.)
.
Easing the Burden on Radiologists
Clinical laboratory leaders and pathologists know that laboratory data drives most healthcare decision-making. And medical images make up 90% of all healthcare data, noted an article in Proceedings of the IEEE (Institute of Electrical and Electronics Engineers).
More importantly, medical images are growing in size and complexity. So, radiologists and medical researchers need a way to quickly interpret them and keep up with the increased workload, Google Cloud noted.
“The size and complexity of these images is huge, and, often, images stay sitting in data siloes across an organization,” said Alissa Hsu Lynch, Global Lead, MedTech Strategy and Solutions at Google, told MedCity News. “In order to make imaging data useful for AI, we have to address interoperability and standardization. This suite is designed to help healthcare organizations accelerate the development of AI so that they can enable faster, more accurate diagnosis and ease the burden for radiologists,” she added.
According to the press release, Google Cloud’s Medical Imaging Suite features include:
Imaging Storage: Easy and secure data exchange using the international DICOM (digital imaging and communications in medicine) standard for imaging. A fully managed, highly scalable, enterprise-grade development environment that includes automated DICOM de-identification. Seamless cloud data management via a cloud-native enterprise imaging PACS (picture archiving and communication system) in clinical use by radiologists.
Imaging Lab: AI-assisted annotation tools that help automate the highly manual and repetitive task of labeling medical images, and Google Cloud native integration with any DICOMweb viewer.
Imaging Datasets and Dashboards: Ability to view and search petabytes of imaging data to perform advanced analytics and create training datasets with zero operational overhead.
Imaging AI Pipelines: Accelerated development of AI pipelines to build scalable machine learning models, with 80% fewer lines of code required for custom modeling.
Imaging Deployment: Flexible options for cloud, on-prem (on-premises software), or edge deployment to allow organizations to meet diverse sovereignty, data security, and privacy requirements—while providing centralized management and policy enforcement with Google Distributed Cloud.
First Customers Deploy Suite
Hackensack Meridian Health hopes Google’s imaging suite will, eventually, enable the healthcare provider to predict factors affecting variance in prostate cancer outcomes.
“We are working toward building AI capabilities that will support image-based clinical diagnosis across a range of imaging and be an integral part of our clinical workflow,” said Sameer Sethi, Senior Vice President and Chief Data and Analytics Officer at Hackensack, in a news release.
The New Jersey healthcare network said in a statement that its work with Google Cloud includes use of AI and machine learning to enable notification of newborn congenital disorders and to predict sepsis risk in real-time.
Hologic, a medical technology company focused on women’s health, said its collaboration integrates Google Cloud AI with the company’s Genius Digital Diagnostics System.
“By complementing our expertise in diagnostics and AI with Google Cloud’s expertise in AI, we’re evolving our market-leading technologies to improve laboratory performance, healthcare provider decision making, and patient care,” said Michael Quick, Vice President of Research and Development and Innovation at Hologic, in the press release.
Hologic says its Genius Digital Diagnostics System combines AI with volumetric medical imaging to find pre-cancerous lesions and cancer cells. From a Pap test digital image, the system narrows “tens of thousands of cells down to an AI-generated gallery of the most diagnostically relevant,” according to the company website.
Hologic plans to work with Google Cloud on storage and “to improve diagnostic accuracy for those cancer images,” Hsu Lynch told MedCity News.
Medical image storage and sharing technologies like Google Cloud’s Medical Imaging Suite provide an opportunity for radiologists, researchers, and others to share critical image studies with anatomic pathologists and physicians providing care to cancer patients.
One key observation is that the primary function of this service that Google has begun to deploy is to aid in radiology workflow and productivity, and to improve the accuracy of cancer diagnoses by radiologists. Meanwhile, Google continues to employ pathologists within its medical imaging research and development teams.
Assuming that the first radiologists find the Google suite of tools effective in support of patient care, it may not be too long before Google moves to introduce an imaging suite of tools designed to aid the workflow of surgical pathologists as well.
Cerner and Epic are the industry’s revenue leaders, though smaller vendors remain popular with physician groups
Sales of electronic health record (EHR) systems and related hardware and services reached $31.5 billion in 2018. And those sales will increase, according to a 2019 market analysis from Kalorama Information. This is important information for clinical laboratories and anatomic pathology groups that must interface with the EHRs of their physician clients to enable electronic transmission of lab orders and test results between doctor and lab.
Kalorama’s ranking includes familiar big EHR manufacturer names—Cerner (NASDAQ:CERN) and Epic—and includes a new name, Change Healthcare, which was born out of Change Healthcare Holding’s merger with McKesson. However, smaller EHR vendors remain popular with many independent physicians.
“We estimate that 40% of the market is not in the top 15 [in total revenue rankings],” said Bruce Carlson, Kalorama’s publisher, in an exclusive interview with Dark Daily. “There’s a lot of room. There are small vendors out there—Amazing Charts, e-MDs, Greenway, NextGen, Athena Health—that show up on a lot of physician surveys.”
“The EHR is really important,” noted Bruce Carlson (above), Publisher at Kalorama. “Since there are a variety of systems—sometimes different from the LIS [laboratory information management system]—you want to make sure you know the vendors and the space.” Carlson says opportunities remain for new entrants in the 700-plus competitor space, which is expected to see continued mergers and acquisitions that will affect clinical laboratories and their client physicians. (Photo copyright: Twitter.)
Interoperability a Key Challenge, as Most Medical
Laboratories Know
Interoperability—or the lack thereof—remains one of the
industry’s biggest challenges. For pathologists, that means seamless electronic
communication between medical laboratories and provider hospitals can be
elusive and can create a backlash against EHR vendors.
Kalorama notes a joint investigation by Fortune and Kaiser Health News (KHN), titled, “Death by a Thousand Clicks: Where Electronic Health Records Went Wrong.” The report details the growing number of medical errors tied to EHRs. One instance involved a California lawyer with herpes encephalitis who allegedly suffered irreversible brain damage due to a treatment delay caused by the failure of a critical lab test order to reach the hospital laboratory. The order was typed into the EHR, but the hospital’s software did not fully interface with the clinical laboratory’s software, so the lab did not receive the order.
“Many software vendors and LIS systems were in use prior to
the real launching of EHRs—the [federal government] stimulus programs,” Carlson
told Dark Daily. “There are a lot of legacy systems that aren’t
compatible and don’t feed right into the EHR. It’s a work in progress.”
Though true interoperability isn’t on the immediate horizon, Carlson expects its arrival within the next five years as the U.S. Department of Health and Human Services ramps up pressure on vendors.
“I think it is going to be a simple matter eventually,” he
said. “There’s going to be much more pressure from the federal government on
this. They want patients to have access to their medical records. They want one
record. That’s not going to happen without interoperability.”
Other common criticisms of EHRs include:
Wasted provider time: a recent study published in JAMA Internal Medicine notes providers now spend more time in indirect patient care than interacting with patients.
Physician burnout: EHRs have been shown to increase physician stress and burnout.
Not worth the trouble: The debate continues over whether EHRs are improving the quality of care.
Negative patient outcomes: Fortune’s investigation outlines patient safety risks tied to software glitches, user errors, or other flaws.
There’s No Going Back
Regardless of the challenges—and potential dangers—it appears EHRs are here to stay. “Any vendor resistance of a spirited nature is gone. Everyone is part of the CommonWell Health Alliance now,” noted Carlson.
Clinical laboratories and pathology groups should expect
hospitals and health networks to continue moving forward with expansion of
their EHRs and LIS integrations.
“Despite the intensity of attacks on EHRs, very few health systems are going back to paper,” Carlson said in a news release. “Hospital EHR systems are largely in place, and upgrades, consulting, and vendor switches will fuel the market.”
Thus, it behooves clinical laboratory managers and
stakeholders to anticipate increased demand for interfaces to hospital-based
healthcare providers, and even off-site medical settings, such as urgent care
centers and retail health clinics.
Smaller clinical laboratories and pathology groups should benefit from shift toward consumer-driven healthcare
High-deductible health plans (HDHP) are increasing in popularity as more consumers opt for lower annual premium costs in exchange for larger out-of-pocket expenses. This shift in health insurance could result in direct benefits for smaller clinical laboratories and pathology groups as more patients have a choice in where they purchase medical laboratory testing services.
From a policy perspective, employers and healthcare strategists hope that using HDHPs to engage consumers will help put market forces back into medicine. Because clinical laboratories and pathology groups increasingly find themselves excluded from provider networks, and fighting to keep access to patients, they should welcome the trend to consumer-driven healthcare.
A logical response to the HDHP trend would be for labs to begin posting their lab test prices on their websites. It would be equally useful to also post quality-performance and customer-satisfaction survey results to allow consumers to make informed choices about the labs they want performing their tests. (more…)
