The pMD Blog

Welcome to the
pMD Blog...

where we cover interesting and relevant news, insights, events, and more related to the health care industry and pMD. Most importantly, this blog is a fun, engaging way to learn about developments in an ever-changing field that is heavily influenced by technology.

Three Lessons Providers Should Learn From WannaCry

To an industry notoriously slow in its embrace of new technology, the WannaCry ransomware attack should serve as a wake-up call. While it paralyzed computers the world over, WannaCry seemed to have had an outsized effect on the healthcare industry; it hijacked the systems of dozens of National Health Service (NHS) facilities in the UK as well as computers in medical practices all over the world.

No medical professional wants to turn away patients or shut down operations because malicious actors were able to hold their critical data for ransom, but at least some good news came out of this nightmare scenario. Healthcare practices all over the world are now asking themselves what they can do to prevent hackers and criminals from successfully attacking their systems. By incorporating valuable lessons from WannaCry, hospitals can shore up their IT defenses and help prevent future malware attacks. What follows are some of the most valuable lessons healthcare providers can take away from WannaCry.

Update Your Systems

It may not seem like a major concern for hospitals running their day-to-day operations, but outdated systems - ones that are no longer supported or updated by developers - are much more likely to have vulnerabilities that can be exploited by malicious actors. WannaCry spread across computer networks by exploiting a Windows vulnerability that hackers stole from an NSA leak. While Microsoft released a fix for the vulnerability on March 14, the fix did not cover Windows XP, which Microsoft stopped supporting in 2014, and which many computers in NHS hospitals were still running when WannaCry struck.

Even though Microsoft eventually pushed out a Windows XP update to patch up the vulnerability exploited by WannaCry, it was only after the bug had already infiltrated computers all over the world. For future vulnerabilities, companies may choose not to release fixes for outdated systems - and they will definitely choose not to apply such fixes to unlicensed software. In countries like China and Russia, which have avoided implementing strong intellectual property policies, WannaCry has had an outsized effect, since it was able to spread much more easily across systems that ran unlicensed, and therefore outdated, software.

Choose Subscription Software

Of course, ensuring that every operating system and every application is up-to-date can be a time-consuming process. One way practices can avoid having to manually update some systems is by choosing software services (like pMD!) that work on a subscription service model, which are less likely to provide outdated software. By nature, subscription services are constantly updated by developers and automatically deployed to users. Though Microsoft did release a fix for the WannaCry vulnerability in March, a whole month before the malware started actively exploiting it, millions of Windows machines had evidently failed to update and install that fix at the time it struck.

Train Your Staff

Many cases of malware can be prevented with effective staff training. Though the WannaCry malware spread from computer to computer automatically, worming its way across computer networks, many other malware instances enter computer systems when victims themselves inadvertently expose their systems. Employees across all levels of the practice should:

  • 1.  Never click on suspicious links or open suspicious messages, and should always report suspicious activity to their IT administrator or to another appropriate person in their organization

  • 2.  Pay close attention to their passwords by not using the same password everywhere and by enabling two-factor authentication

  • 3.  Always make sure their systems are up-to-date (see the first section of this blog post!). Practices that put in place long-term security education programs that raise awareness of such risks as phishing attempts can prevent future malware attacks and decrease their risk of infection significantly.

For healthcare practices all over the world, the trade-off between cleaning up the mess after these types of malicious attacks and spending the extra time and energy it takes to maintain a proactive technological defense has always existed. However, the wide-reaching and extremely visible effects of the WannaCry attack may have raised the stakes, and will hopefully convince much of the healthcare industry to choose the latter option. Before the next WannaCry strikes, the industry should make sure to be better safe than sorry.
5G ACA Account Management accurate coding ACI adoption Advancing Care Information Advice AHCA AHRQ AI Alternative Payment Model Amazon S3 Android API Apple appointment reminders Artificial Intelligence arts Audit Award Bay Area BCRA Benefits Best Place to Work Best Practices Big Data Billing Billing & Collections Billing Service Billing Services bootcamp BPCI BPTW Bundled Payment Model Bundled Payments Business relationships Care Communities care coordination Care Navigation Care Team Career Fair CDC Charge Capture Charge Capture App Charge Capture Software Charge Capture Solution Charge Capture Statistics Charge codes Charge Lag Charge Reconciliation CHIP CIO Claims Clinical Communication clinical data Clinical Data Registry Clinically integrated network Cloud CMS cms regulations Coding Collaboration Communication Company Culture Conferences Connected Health Record contact practice Coronavirus COVID COVID-19 COVID19 Cross-functional culture custom reports Customer Interaction customer relations customer service customer success customer support Customers Cyber Security cybersecurity Developer DHHS Diagnosis codes Dialysis discharge instructions Doctor EHR elderly Electronic Charge Capture Eligibility EMR Encryption End-to-End Platform epidemic Expansion FDA FHIR Flu fundamentals gamification Gen Z GI GI Outlook Goals group messaging Health Care Health Care Technology Health Care Web Health Care. Health Care IT health data Health Information Exchange Health Record Healthcare Healthcare Data healthcare interface healthcare interface integration healthcare software HIE HIPAA HIPAA Compliance hipaa compliant communication hipaa compliant communication platform HIPAA-Compliant Hiring HL7 Holidays Home dialysis Home Health Hospital Census Hospital Communication humanity IA ICD-10 ICD-11 Immunizations Implementation Improvement Activities in-app calling inclusive software incorrect billing increase revenue injury rehabilitation innacurate coding Instant capture Integration interface interoperability iOS iOS 8 iOS7 iPad iPhone iPhone 6 IT Lead Generation length of stay LGBTQIA Long Term Care LTC Machine learning MACRA Medaxiom Medical Billers Medical Billing Medical Billing & Collections medical billing denials and solutions Medical claims Medical Coding medical coding accuracy medical coding quality Medical Errors medical practice revenue Medical Record Medical Software Medicare Mental Health Mentorship Messaging Messaging with Patients MGMA MIPS MIPS Registry mobile Mobile App Mobile Charge Capture Mobile EHR Mobile Health Mobile Messaging Mobile Payments Mobile security Mobile Software Mobile Technology Mobile telehealth Modern Healthcare Native App natural language processing Network new feature new features news NIH nlp OCM onboarding Oncology Care Model operations opioid crisis Pandemic Parenting Partnership partnerships Patient Patient access Patient Adherence Patient App Patient Care Patient Chat Patient chat routers Patient Communication patient data Patient Engagement patient experience patient experience cycle Patient Generated Health Data Patient Handoff Software Patient Information Patient Messaging patient outcomes Patient payments patient portal Patient Record Patient Safety Patient satisfaction Patient Simulators patient support Patient Visits Patient-Centric PCP Performance bonus PHI Phishing Scams Physician Physician burnout pmd pMD Pro pMD Team population health Population Health Management Post-COVID PQRS Practice Management Pregnancy Press Release Product Development Productivity products Promoting Interoperability Protected Health Information QCDR QPP Quality Data quality reporting Quality Scoring Ransomware RCM Recruiting Recruitment Reimbursement remote jobs Remote Work Reporting reports Residents Responsibility revenue cycle management ROI Rural communities Ryuk Sales Secure Communication Secure Data Secure Messaging Secure Messaging Video Secure Text Messaging Secure Video Secure Video Chat Security Audit self care seniors sexual orientation and gender identity SF Biz Times SMB SNF SNOMED-CT SOC 2 software vendor SOGI Spear Phishing Specialty Care success support TCM TDM Team Team culture Teamwork technology telehealth telehealth reporting Telemedicine telemedicine in long term care Telemedicine skilled nursing facilities Teletherapy Text Messaging texting Thanksgiving Therapeutic Drug Monitoring time-based billing training transgender Travel Upgrades UX Design VA vaccination records vaccinations Vaccine Value-based care Video Calling Video chat video communication video conferencing Virtual Care Virtual Visit voice calling voice memos WannaCry Wearable Device wearing many hats Web App wellness wfh Wireless Work From Home Work Life Balance Workflow optimization Workplace Culture