News, Analysis, Trends, Management Innovations for
Clinical Laboratories and Pathology Groups

Hosted by Robert Michel

News, Analysis, Trends, Management Innovations for
Clinical Laboratories and Pathology Groups

Hosted by Robert Michel
Sign In

Three Federal Agencies Warn Healthcare Providers of Pending Ransomware Attacks; Clinical Laboratories Advised to Assess Their Cyberdefenses

Sophisticated cyberattacks have already hit hospitals and healthcare networks in Oregon, California, New York, Vermont, and other states

Attention medical laboratory managers and pathology group administrators: It’s time to ramp up your cyberdefenses. The FBI, the federal Department of Health and Human Services (HHS), and the federal Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory (AA20-302A) warning US hospitals, clinical laboratories, and other healthcare providers to prepare for impending ransomware attacks, in which cybercriminals use malware, known as ransomware, to encrypt files on victims’ computers and demand payment to restore access.

The joint advisory, titled, “Ransomware Activity Targeting the Healthcare and Public Health Sector,” states, “CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers.” It includes technical details about the threat—which uses a type of ransomware known as Ryuk—and suggests best practices for preventing and handling attacks.

In his KrebsOnSecurity blog post, titled, “FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals,” former Washington Post reporter, Brian Krebs, wrote, “On Monday, Oct. 26, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics, and medical care facilities across the United States. Today, officials from the FBI and the US Department of Homeland Security hastily assembled a conference call with healthcare industry executives warning about an ‘imminent cybercrime threat to US hospitals and healthcare providers.’”

Krebs went on to reported that the threat is linked to a notorious cybercriminal gang known as UNC1878, which planned to launch the attacks against 400 healthcare facilities.

Clinical Labs, Pathology Groups at Risk Because of the Patient Data They Keep

Hackers initially gain access to organizations’ computer systems through phishing campaigns, in which users receive emails “that contain either links to malicious websites that host the malware or attachments with the malware,” the advisory states. Krebs noted that the attacks are “often unique to each victim, including everything from the Microsoft Windows executable files that get dropped on the infected hosts to the so-called ‘command and control’ servers used to transmit data between and among compromised systems.”

Charles Carmakal, SVP and Chief Technology Officer of cybersecurity firm Mandiant told Reuters, “UNC1878 is one of the most brazen, heartless, and disruptive threat actors I’ve observed over my career,” adding, “Multiple hospitals have already been significantly impacted by Ryuk ransomware and their networks have been taken offline.”

John Riggi (above), senior cybersecurity adviser to the American Hospital Association (AHA), told the AP, “We are most concerned with ransomware attacks which have the potential to disrupt patient care operations and risk patient safety. We believe any cyberattack against any hospital or health system is a threat-to-life crime and should be responded to and pursued as such by the government.” Hospital-based medical laboratories and independent clinical laboratories that interface with hospital networks should be assess their vulnerability to cyberattacks and take appropriate steps to protect their patients’ data. (Photo copyright: American Hospital Association.)

Multiple Healthcare Provider Networks Under Attack

Hospitals in Oregon, California, and New York have already been hit by the attacks, Reuters reported. “We can still watch vitals and getting imaging done, but all results are being communicated via paper only,” a doctor at one facility told Reuters, which reported that “staff could see historic records but not update those files.”

Some of the hospitals that have reportedly experienced cyberattacks include:

In October, the Associated Press (AP) reported that a recent cyberattack disrupted computer systems at six hospitals in the University of Vermont (UVM) Health Network. The FBI would not comment on whether that attack involved ransomware, however, it forced the UVM Medical Center to shut down its computer system and reschedule elective procedures.

Threat intelligence analyst Allan Liska of US cybersecurity firm Recorded Future told Reuters, “This appears to have been a coordinated attack designed to disrupt hospitals specifically all around the country.”

He added, “While multiple ransomware attacks against healthcare providers each week have been commonplace, this is the first time we have seen six hospitals targeted in the same day by the same ransomware actor.”

An earlier ransomware attack in September targeted 250 healthcare facilities operated by Universal Health Services Inc. (UHS). A clinician at one facility reported “a high-anxiety scramble” where “medical staff could not easily see clinical laboratory results, imaging scans, medication lists, and other critical pieces of information doctors rely on to make decisions,” AP reported.

Outside of the US, a similar ransomware attack in October at a hospital in Düsseldorf, Germany, prompted a homicide investigation by German authorities after the death of a patient being transferred to another facility was linked to the attack, the BBC reported.

CISA, FBI, HHS, Advise Against Paying Ransoms

To deal with the ransomware attacks, CISA, FBI, and HHS advise against paying ransoms. “Payment does not guarantee files will be recovered,” the advisory states. “It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.” The federal agencies advise organizations to take preventive measures and adopt plans for coping with attacks.

The advisory suggests:

  • Training programs for employees, including raising awareness about ransomware and phishing scams. Organizations should “ensure that employees know who to contact when they see suspicious activity or when they believe they have been a victim of a cyberattack.”
  • Regular backups of data and software. These should be “maintained offline or in separated networks as many ransomware variants attempt to find and delete any accessible backups.” Personnel should also test the backups.
  • Continuity plans in case information systems are not accessible. For example, organizations should maintain “hard copies of digital information that would be required for critical patient healthcare.”

Evaluating Continuity and Capability

The federal agencies also advise healthcare facilities to join cybersecurity organizations, such as the Health Information Sharing and Analysis Center (H-ISAC).

“Without planning, provision, and implementation of continuity principles, organizations may be unable to continue operations,” the advisory states. “Evaluating continuity and capability will help identify continuity gaps. Through identifying and addressing these gaps, organizations can establish a viable continuity program that will help keep them functioning during cyberattacks or other emergencies.”

Dark Daily Publisher and Editor-in-Chief, Robert Michel, suggests that clinical laboratories and anatomic pathology groups should have their cyberdefenses assessed by security experts. “This is particularly true because the technologies and methods used by hackers change rapidly,” he said, “and if their laboratory information systems have not been assessed in the past year, then this proactive assessment could be the best insurance against an expensive ransomware attack a lab can purchase.”

—Stephen Beale

Related Information:

Ransomware Activity Targeting the Healthcare and Public Health Sector

FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals

Hackers Hit Hospitals in Disruptive Ransomware Attack

Several Hospitals Targeted in New Wave of Ransomware Attacks

Hospitals Hit with Ransomware Attacks as FBI Warns of Escalating Threat to Healthcare

Ransomware Attacks on Hospitals Could Soon Surge, FBI Warns

Building Wave of Ransomware Attacks Strike U.S. Hospitals

Oregon Hospital Shuts Down Computer System After Ransomware Attack

Three St. Lawrence County Hospitals Hit by Ransomware

‘Unusual Network Activity’ at Ridgeview Medical Center

Brooklyn and Vermont Hospitals Are Latest Ryuk Ransomware Victims

Clinical Lab 2.0 Advances as Project Santa Fe Foundation Secures Nonprofit Status, Prepares to Share Case Studies of Medical Laboratories Getting Paid for Adding Value

Clinical laboratory leaders interested in positioning their labs to be paid for added-value services will get knowledge, insights, and more at upcoming third annual Clinical Lab 2.0 Workshop in November

It’s a critical time for medical laboratories. Healthcare is transitioning from a fee-for-service payment system to new value-based payment models, creating disruption and instability in the clinical lab test market. In addition, payers are cutting reimbursement for many lab tests.

These are among the market factors leading some pathologists and clinical lab leaders to seek new or alternative sources of revenue to keep the lights on and the machines running in their laboratories. Some might say, it’s a dark time for the lab industry.

However, in an exclusive interview with Dark Daily, Khosrow Shotorbani, President and Executive Director of the Project Santa Fe Foundation (PSFF) and founder of the Clinical 2.0 movement, said clinical laboratories should not fear the future. 

“This is not the time to be shy or timid,” he declared. “The quantitative value of medical laboratory domain is significant and will be lost if not exploited or leveraged.”

Shotorbani has reason to be positive. In recent years the Project Santa Fe Foundation (PSFF) has emerged to advocate for, and teach, the Clinical Lab 2.0 model. Clinical Lab 2.0 is an approach which focuses on longitudinal clinical laboratory data to augment population health in new payment arrangements.

Earlier this year, PSFF filed for 501(c) status, according to a news release. It is now positioned as a nonprofit organization, guided by a board of directors whose mission is “to create a disruptive value paradigm and alternative payment model that defines placement of diagnostic services in healthcare.”

Progressing Toward Clinical Lab 2.0

At the 24th Annual Executive War College on Lab and Pathology Management held in New Orleans last May, the nation’s first ever Clinical Lab 2.0 “Shark Tank” competition was won by Aspenti Health, a full-service diagnostic laboratory specializing in toxicology screening.

“This project, as well as all of the other cases that were presented, were quite strong and all were aligned with the mission of the Clinical Lab 2.0 movement,” said Shotorbani, in a news release. “This movement transforms the analytic results from a laboratory into actionable intelligence at the patient visit in partnership with front-liners and clinicians—allowing for identification of patient risks—and arming providers with insights to guide therapeutic interventions.

“Further, it reduces the administrative burden on providers by collecting SDH [social determinants of health] predictors in advance and tying them to outcomes of interest,” he continued. “By bringing SDH predictors to the office visit, it enables providers to engage in SDH without relying on their own data collection—a current care gap in many practices. The lab becomes a catalyst helping to manage the population we serve.”

Aspenti Health’s Shark Tank entry, “Integration of the Clinical Laboratory and Social Determinants of Health in the Management of Substance Use,” focused on the social factors tied to the co-use of opioids and benzodiazepines, a combination that puts patients at higher risk of drug-related overdose or death.

The project revealed that the top-two predictors of co-use were the prescribing provider practice and the patient’s age.

“They did an interesting thing—what clinical laboratories alone cannot do—the predictive value of lab test data mapped by zip code for patients admitted in partnership with social determinants of health. This helps to create delivery models to potentially help prevent opioid overdose,” said Shotorbani, who sees economic implications for chronic conditions.

“If clinical laboratories have that ability to do that in acute conditions such as opioid overdose, what is our opportunity to use lab test data in chronic conditions, such as diabetes? The cost of healthcare is in chronic conditions, and that is where clinical lab data has an essential role—to support early detection and early prevention,” he added.

“This is often described as the transition from volume to value because this trend will fundamentally change how all clinical laboratories and anatomic pathology groups are paid,” said Khosrow Shotorbani (above), MBA, MT(ASCP), Executive Director of the Project Santa Fe Foundation (PSFF), during his presentation at the 22nd annual Executive War College in New Orleans. “This shift from volume to value also will create new winners and losers in the clinical lab industry,” he declared. “Not every lab organization will take the timely action required to introduce the value-based laboratory testing services that hospitals, physicians, and payers will need. (Photo copyright: Albuquerque Business First.)

Clinical Laboratory Data is Health Business Data

One clinical laboratory working toward that opportunity is TriCore Reference Laboratories in Albuquerque, N.M. It recently launched Diagnostic Optimization with the goal of improving the health of their communities.

“TriCore turned to this business model,” Shotorbani explained. “It is actively pursuing the strategy of intervention, prevention, and cost avoidance. TriCore is in conversation with health plans on how its lab test data and other data sets can be combined and analyzed to risk-stratify a population and to identify care gaps and assist in closing gaps.

“Further, TriCore is identifying high-risk patients early before they are admitted to hospitals and ERs—the whole notion of facilitating intervention between the healthcare provider and the potential person who may get sick,” he added. “These are no longer theoretical goals. They are realizations. Now the challenge is for Project Santa Fe to help other lab organizations develop similar value-added collaborations in their communities.”

Renee Ennis, TriCore’s Chief Financial Officer, told American Healthcare Leader, “Women go in (to an ER) for some condition, and the lab finds out they are pregnant before anyone else,” she said, adding that TriCore reaches out to insurers who can offer care coordinators for prenatal services.

“There is definitely a movement within the industry in this direction [of Clinical Lab 2.0],” she added. “But others might not be moving as quickly as we are. As a leader in this transition, I think a lot of eyes are on what we are doing and how we are doing it.”

Why Don’t More Lab Leaders Move Their Labs to Clinical Lab 2.0?

So, what holds labs back from pursing Clinical Lab 2.0? Shotorbani pointed to a couple of possibilities:

  • A lab’s traditional focus on volume while not developing partnerships (such as with pharmacy colleagues) inside the organization; and
  • Limited longitudinal data due to a provider’s sale of lab outreach services or outsourcing the lab.

“The whole notion of Clinical Lab 2.0 is basically connecting the longitudinal data—the Holy Grail of lab medicine. That is the business model. Without the longitudinal view, the ability to become a Clinical Lab 2.0 is extremely limited,” added Shotorbani.

New Clinical Lab 2.0 Workshop Focuses on Critical ‘Pillars’

Project Santa Fe Foundation will host the Third Annual Clinical Lab. 2.0 Workshop in Chicago on November 3-5. New this year are sessions aligned with Clinical Lab 2.0 “pillars” of leadership, standards, and evidence. The conference will feature panels addressing:

Click here to register online for this informative workshop, or place this URL in your browser https://dark.regfox.com/clinical-lab-20-workshop-by-project-santa-fe-foundation.

—Donna Marie Pocius

Related Information:

Project Santa Fe Foundation Files for 501( c) Status, Expands Board of Directors

Aspenti Health Wins Clinical Lab 2.0 Innovation Award Demonstrating the Clinical Laboratory as a First Responder to the Opioid Crisis

Renee Ennis Wants Lab to A Have a Seat at the Table

Aspenti Health Takes Home Grand Prize in Nation’s First Clinical Lab 2.0 Shark Tank Competition Showcasing Added Value, Clinical Success Stories

Aspenti Health Takes Home Grand Prize in Nation’s First Clinical Lab 2.0 ‘Shark Tank’ Competition Showcasing Added-Value Clinical Success Stories

Vermont-based clinical laboratory company integrates social determinants of health (SDH) with lab data to help doctors at University of Vermont Health Network better manage their opioid patients

Aspenti Health, a full-service diagnostic laboratory specializing in toxicology screening, has won the nation’s first ever Clinical Lab 2.0 “Shark Tank”! The competition was held May 2, 2019, in conjunction with the 24th Annual Executive War College on Lab and Pathology Management in New Orleans.

The Clinical Lab 2.0 “Shark Tank” showcased forward-thinking clinical laboratories and anatomic pathology groups that are committed to the Clinical Lab 2.0 movement, a Project Santa Fe Foundation initiative aimed at guiding laboratories from test volume to lab value models.

“We are thrilled to be recognized for our work serving the unique needs of substance use healthcare. And, most importantly, across our organization for our unyielding commitment to employing innovations to solve this [opioid] crisis,” Aspenti Health CEO Chris Powell stated in the news release.

The projects were judged on Clinical Lab 2.0 attributes, such as:

  • Risk stratification by population;
  • Closure of care gaps;
  • Lab results as early detection; and
  • Lab intervention for improved clinical outcomes.

“This project, as well as all of the other cases that were presented, were quite strong and all were aligned with the mission of the Clinical Lab 2.0 Movement,” said Khosrow R. Shotorbani, President, Executive Director, Project Santa Fe Foundation, in a news release. “This movement transforms the analytic results from a laboratory into actionable intelligence at the patient visit in partnership with front-liners and clinicians—allowing for identification of patient risks—and arming providers with insights to guide therapeutic interventions.

“Further, it reduces the administrative burden on providers by collecting SDH [social determinants of health] predictors in advance and tying them to outcomes of interest,” continued Shotorbani. “By bringing SDH predictors to the office visit, it enables providers to engage in SDH without relying on their own data collection—a current care gap in many practices. The lab becomes a catalyst helping to manage the population we serve.”

Co-Use of Opioids Tied to Social Factors

Aspenti Health’s “Shark Tank” entry—“Integration of the Clinical Laboratory and Social Determinants of Health in the Management of Substance Use”—focused on the social factors tied to the co-use of opioids and benzodiazepines, a combination that puts patients at higher risk of drug-related overdose or death. The project revealed the top two predictors of co-use were the:

  • Prescribing provider practice, and the
  • Patient’s age.
“This was a unique project because it integrated social determinants, which are a key part of our overall health and wellness, with laboratory data, which is well-defined, quantitative, and very accurate,” said Jill Warrington, MD, PhD (above), Chief Medical Officer at Aspenti Health and Assistant Professor in the Department of Pathology and Laboratory Medicine University of Vermont Medical Center, in an exclusive interview with Dark Daily. “So, combining something that is really meaningful clinically with something that is very predictive and accurate has a nice blend of strengths.” (Photo copyright: Aspenti Health.)

Myra L. Wilkerson, MD, who served on a three-judge panel tasked with selecting the winning project, said the Vermont toxicology laboratory’s entry stood out in two key areas.

“We felt their project had an application to a broader population, but also moved beyond traditional [laboratory] functions or even medicine,” explains Wilkerson, who is Chair of the Diagnostic Medicine Institute for the Geisinger Health System. “Patient advocacy groups, payers, and providers all have come to realize you can identify a disease, you can provide a treatment, but so many other things impact it, especially in this community. When it is an addiction, there are so many other factors that play into whether or not they are going to be successful in their treatment plan. And a lot of them are social things.”

Educating Care Givers and Public on Dangers of Co-Use Drug Addictions

Working in collaboration with Staple Health and the University of Vermont Health Network, Aspenti selected “co-use” for this initial lab outcome study because of the significant patient safety implications and relative simplicity of its definition—the co-presence of positive laboratory results for both opioids and benzodiazepines.

According to the National Institute on Drug Abuse, more than 30% of overdoses involving opioids also involve benzodiazepines. Aspenti’s “Shark Tank” presentation highlighted the fact that co-use of the drugs accounts for nearly 2.5% of opioid-related emergency department visits, costing the healthcare system an estimated $47.5 million per year.

Based on the study results, Aspenti Health plans to develop educational programs that warn about the dangers of co-using opioids and benzodiazepines.

“We identified geographically hotspots where co-use was more prevalent, so we can target our educational initiatives centered on those geographical locations—not just to providers, but also to families and patients—to raise awareness about co-use so the risks are mitigated collectively,” Warrington said.

Advancing the Value-based Healthcare Agenda

The Executive War College Clinical Lab 2.0 “Shark Tank” advances a conversation about the lab industry’s future that began at the inaugural 2016 Project Santa Fe meeting. Lab industry stakeholders brainstormed about the transition from volume-based to value-based healthcare, and the role laboratory-driven innovations could play in reducing total cost of care.

As healthcare shifts to a value-based reimbursement model, Wilkerson believes laboratory leaders must re-engineer their role in the continuum of care by creating meaningful clinical diagnostic insights for population health initiatives.

“What’s your executive leadership concerned about? What are your payers concerned about? What are your accrediting or regulatory bodies concerned about? What are their top priorities and how can you do something that improves patient care but helps them address their problems as well?” she asks. “That’s where you create value.”

As the Clinical Lab 2.0 Innovation Award winner, Aspenti Health will receive:

  • An invitation to speak at national lab conferences this fall;
  • A consultation with a Project Santa Fe member lab to discuss successful Clinical Lab 2.0 innovations and identify new ways to deliver more value in patient care; and
  • Publication of a case study of their Clinical Lab 2.0 project by Dark Daily or its sister publication The Dark Report.

With labs in Vermont and Massachusetts, Aspenti continues to identify opportunities for directly contributing to improvements in the care of substance abuse and pain management patients. Warrington says that with its SDH project, Aspenti plans to focus on other key laboratory outcome measures—such as treatment adherence and relapse. Next steps include integrating this work into the practices of partner doctors within the University of Vermont Health Network.

Wilkerson’s advice to other clinical laboratories is to follow Aspenti Health’s lead.  

“When you look at the national trends, the percentage of traditional fee-for-service or volume-based healthcare is going to go down to 25% of the total healthcare spend by 2021,” she points out. “The other 75% will be based on value-added services around quality metrics, efficiency, cost reduction, utilization, etc. Labs that aren’t starting to think this way now are going to be behind and at risk in the future.”

—Andrea Downing Peck

Related Information:

Aspenti Health Wins Clinical Lab 2.0 Innovation Award

First-Ever ‘Shark Tank’ on Clinical Lab 2.0 and Adding Value Happens May 2 in New Orleans: Clinical Laboratories with Innovative Services Invited to Present

Improving American Healthcare Through “Clinical Lab 20”: A Project Santa Fe Report

National Institute on Drug Abuse: Benzodiazepines and Opioids

Project Santa Fe Labs Deliver Value with Tests

Improving American Healthcare Through “Clinical Lab 2.0”: A Project Santa Fe Report

Unstructured Data Is a Target for New Collaboration Involving IBM’s Watson Health and Others; Could Help Pathologists and Radiologists Generate New Revenue

If this medical imaging collaborative develops a way to use the unstructured data in radiology images and anatomic pathology reports, it could create a new revenue stream for pathologists

Unstructured data has been regularly recognized as one Achilles heel for the anatomic pathology profession. It means invaluable information about the cancers and other diseases diagnosed by surgical pathologists are “locked up,” making it difficult for this information to be accessed in efforts to advance population health management (PHM) or conduct clinical studies.

Similarly, medical imaging has an essential role in the diagnosis of cancer and other diseases. And, like most anatomic pathology reports, medical imaging also is considered to be “unstructured” by data experts because it is not easily accessible by computers, reported Fortune magazine.

Unstructured Data in Anatomic Pathology and Radiology

Now one of the world’s largest information technology companies wants to tackle the challenge of unstructured data in radiology images. IBM (NYSE: IBM) Watson Health launched a global initiative involving 16 health systems, radiology providers, and imaging technology companies.

The Watson Health medical imaging collaborative is working to apply cognitive computing of radiology images to clinical practice. IBM aims to transform how physicians use radiology images to diagnose and monitor patients. (more…)

;