The pMD Blog

Welcome to the
pMD Blog...

where we cover interesting and relevant news, insights, events, and more related to the health care industry and pMD. Most importantly, this blog is a fun, engaging way to learn about developments in an ever-changing field that is heavily influenced by technology.

Three Lessons Providers Should Learn From WannaCry

To an industry notoriously slow in its embrace of new technology, the WannaCry ransomware attack should serve as a wake-up call. While it paralyzed computers the world over, WannaCry seemed to have had an outsized effect on the healthcare industry; it hijacked the systems of dozens of National Health Service (NHS) facilities in the UK as well as computers in medical practices all over the world.

No medical professional wants to turn away patients or shut down operations because malicious actors were able to hold their critical data for ransom, but at least some good news came out of this nightmare scenario. Healthcare practices all over the world are now asking themselves what they can do to prevent hackers and criminals from successfully attacking their systems. By incorporating valuable lessons from WannaCry, hospitals can shore up their IT defenses and help prevent future malware attacks. What follows are some of the most valuable lessons healthcare providers can take away from WannaCry.

Update Your Systems

It may not seem like a major concern for hospitals running their day-to-day operations, but outdated systems - ones that are no longer supported or updated by developers - are much more likely to have vulnerabilities that can be exploited by malicious actors. WannaCry spread across computer networks by exploiting a Windows vulnerability that hackers stole from an NSA leak. While Microsoft released a fix for the vulnerability on March 14, the fix did not cover Windows XP, which Microsoft stopped supporting in 2014, and which many computers in NHS hospitals were still running when WannaCry struck.

Even though Microsoft eventually pushed out a Windows XP update to patch up the vulnerability exploited by WannaCry, it was only after the bug had already infiltrated computers all over the world. For future vulnerabilities, companies may choose not to release fixes for outdated systems - and they will definitely choose not to apply such fixes to unlicensed software. In countries like China and Russia, which have avoided implementing strong intellectual property policies, WannaCry has had an outsized effect, since it was able to spread much more easily across systems that ran unlicensed, and therefore outdated, software.

Choose Subscription Software

Of course, ensuring that every operating system and every application is up-to-date can be a time-consuming process. One way practices can avoid having to manually update some systems is by choosing software services (like pMD!) that work on a subscription service model, which are less likely to provide outdated software. By nature, subscription services are constantly updated by developers and automatically deployed to users. Though Microsoft did release a fix for the WannaCry vulnerability in March, a whole month before the malware started actively exploiting it, millions of Windows machines had evidently failed to update and install that fix at the time it struck.

Train Your Staff

Many cases of malware can be prevented with effective staff training. Though the WannaCry malware spread from computer to computer automatically, worming its way across computer networks, many other malware instances enter computer systems when victims themselves inadvertently expose their systems. Employees across all levels of the practice should:

  • 1.  Never click on suspicious links or open suspicious messages, and should always report suspicious activity to their IT administrator or to another appropriate person in their organization

  • 2.  Pay close attention to their passwords by not using the same password everywhere and by enabling two-factor authentication

  • 3.  Always make sure their systems are up-to-date (see the first section of this blog post!). Practices that put in place long-term security education programs that raise awareness of such risks as phishing attempts can prevent future malware attacks and decrease their risk of infection significantly.

For healthcare practices all over the world, the trade-off between cleaning up the mess after these types of malicious attacks and spending the extra time and energy it takes to maintain a proactive technological defense has always existed. However, the wide-reaching and extremely visible effects of the WannaCry attack may have raised the stakes, and will hopefully convince much of the healthcare industry to choose the latter option. Before the next WannaCry strikes, the industry should make sure to be better safe than sorry.
5G ACA Account Management ACI adoption Advancing Care Information AHCA AHRQ AI Alternative Payment Model Amazon S3 Android API Apple appointment reminders Artificial Intelligence arts Audit Bay Area BCRA Best Place to Work Best Practices Big Data bootcamp BPCI BPTW Bundled Payments Business relationships Care Communities care coordination Care Navigation Care Team Career Fair CDC Charge Capture Charge Capture App Charge Capture Software Charge Capture Solution Charge Capture Statistics Charge codes Charge Lag CHIP CIO Clinical Communication clinical data Clinical Data Registry Clinically integrated network Cloud CMS cms regulations Collaboration Communication Company Culture Conferences Connected Health Record contact practice Coronavirus COVID-19 COVID19 CPT codes Cross-functional culture custom reports Customer Interaction customer relations customer service customer success customer support Customers Cyber Security cybersecurity Developer DHHS Diagnosis codes Dialysis discharge instructions EHR elderly Electronic Charge Capture Encryption epidemic Expansion FDA FHIR Flu fundamentals GI GI Outlook Goals group messaging Health Care Health Care Technology Health Care Web health data Health Information Exchange Health Record Healthcare healthcare interface healthcare interface integration healthcare software HIE HIPAA hipaa compliant communication hipaa compliant communication platform HIPAA-Compliant HL7 Home dialysis Hospital Census Hospital Communication humanity IA ICD-10 ICD-11 Implementation Improvement Activities in-app calling injury rehabilitation Instant capture Integration interface interoperability iOS iOS 8 iOS7 iPad iPhone iPhone 6 Lead Generation length of stay Long Term Care LTC Machine learning MACRA Medaxiom Medical Billing Medical Errors Medical Software Medicare Mental Health Mentorship Messaging Messaging with Patients MGMA MIPS MIPS Registry mobile Mobile App Mobile Charge Capture Mobile EHR Mobile Health Mobile Messaging Mobile security Mobile Technology Modern Healthcare Native App Network new feature new features news NIH OCM onboarding Oncology Care Model operations opioid crisis Pandemic Parenting partnerships Patient Patient access Patient App Patient Care Patient Chat Patient chat routers Patient Communication patient data Patient Engagement patient experience Patient Generated Health Data Patient Handoff Software Patient Information Patient Messaging Patient payments patient portal Patient Safety Patient satisfaction patient support Patient Visits Patient-Centric PCP Performance bonus PHI pmd pMD Pro pMD Team population health Population Health Management PQRS Product Development Productivity products Promoting Interoperability Protected Health Information QCDR QPP quality reporting Quality Scoring RCM Recruiting Recruitment Reimbursement remote jobs Remote Work reports Residents Responsibility revenue cycle management ROI Rural communities Sales Secure Communication Secure Data Secure Messaging Secure Messaging Video Secure Text Messaging Secure Video Secure Video Chat Security Audit self care seniors SF Biz Times SMB SNF SNOMED-CT SOC 2 software vendor Specialty Care success support TCM Team culture Teamwork technology telehealth Telemedicine telemedicine in long term care Telemedicine skilled nursing facilities Teletherapy Text Messaging texting time-based billing training Travel Upgrades UX Design VA vaccination records vaccinations Value-based care Video Calling Video chat video communication video conferencing Virtual Care Virtual Visit voice calling voice memos Wearable Device wearing many hats Web App wellness wfh Wireless Work From Home Work Life Balance