Allscripts made the news recently when a ransomware attack took its cloud-based electronic health records (EHR) platform offline for several days. Unfortunately, these types of cybersecurity breaches have become all too common. In fact, the Allscripts attack mirrors one that crippled the 600-bed Erie County Medical Center (ECMC) in Western New York last year (read more here).
Ransomware is a software bug that’s spread through infected websites, software, external drives and email attachments, among other methods. It blocks a program, computer or entire network’s access to its own data and demands payment to “unlock” that information. The hackers who create this stuff are constantly making it harder to decode, so it can take weeks to end an attack. Medical records are a particularly high value target because the information in them is critically important to healthcare providers—and to patients’ health and safety.
The Allscripts attack reinforces the necessity of actively contributing health data through your regional health information exchange (HIE)—and the necessity for providers to routinely access that data. In New York, participating in your local HIE also connects you to the Statewide Health Information Network of New York (SHIN-NY).
ECMC proved the value of HIE participation when they faced their own attack. Because they were already actively sharing data through their regional HIE, HealtheLink, providers and staff could quickly pull up historical data and continue providing high-quality care for their patients.
Although it took weeks to fully restore ECMC’s EHR, the hospital’s HIE connection served as a reliable, uncompromised alternative during that critical time. Providers were able to avoid sending patients for redundant testing. They were also able to continue monitoring patients with chronic conditions. And they avoided potential safety hazards that could have cropped up if they didn’t have access to complete medical histories for each patient.
As we described in “Q&A with our Privacy & Security Officer,” an article in our 2017 Annual Report, Hixny works hard every day to be as prepared as possible to help our participants recover from the next attack. The Allscripts attack only underscores the critical role of HIEs in today’s environment.
Providers always put patient care above any other priority. Today, that requires thinking through all of the potential ways patient care could be compromised—including through ransomware attacks and proprietary system failures. It requires providers to ask the question: If I’m not contributing my patients’ data to my local HIE, am I compromising the care they will receive in the future?