Issue link: https://beckershealthcare.uberflip.com/i/949902
74 CIO / HEALTH IT Arizona Officials Investigate Cerner EHR Complaints at Banner Health By Jessica Kim Cohen A rizona officials are investigating pa- tient complaints stemming from the Oct. 1 Cerner EHR go-live at Phoe- nix-based Banner Health's hospitals and clin- ics in Tucson, Ariz., the Arizona Daily Star reported. Here are five things to know about the EHR implementation. 1. Banner Health has prepared to transition its Tucson facilities to the Cerner EHR — which is used by the rest of the health system — since it entered the Tucson market in 2015. e transition from the Epic system Tucson facilities previously used cost $45 million. 2. Since the Cerner EHR go-live Oct. 1, pa- tients have reported experiencing delays for appointments and prescriptions, along with scheduling issues. Some patients said on Jan. 8 their existing appointments at the health system's University of Arizona Cancer Center were rescheduled. 3. State investigators at the Arizona Depart- ment of Health Services have received com- plaints about the EHR rollout, state officials confirmed to the Arizona Daily Star. In a Feb. 9 statement, Banner Health officials said state investigators looked at four allega- tions, two of which were substantiated but had been corrected by Banner Health, and two of which could not be substantiated. Online records viewed by the Arizona Daily Star indicated the health system has not been fined or cited over the complaints. 4. In a set of remarks at Gov. Doug Ducey's State of the State presentation in Tucson, Banner Health CEO Peter S. Fine acknowl- edged the health system did "underestimate" the EHR transition process. However, Banner Health officials have also emphasized sep- arate reasons for process delays at Tucson facilities, including a severe flu season that increased the number of patients visiting the health system. 5. Banner Health released a statement in early February saying it is "highly focused" on the EHR transition and making "constant and steady improvement." In a statement to the Arizona Daily Star, a spokesperson also noted there has not been an increase in reportable safety events since the go-live. n Why Hancock Health Decided to Pay the SamSam Attackers' $55k Ransom By Julie Spitzer I n an uncommon, less-advised move, officials at Han- cock Health in Greenfield, Ind., decided to pay hackers' ransom — and made that fact public knowledge. The hospital was struck Jan. 11 with a strain of ransomware known as SamSam that targeted "files associated with the most critical information systems," Hancock Health President and CEO Steve Long wrote in an organization blog post. The hospital paid the hackers roughly $55,000 in bitcoin in ex- change for private encryption keys to unlock its files. Now, Mr. Long is sharing his decision-making processes with other hospital leaders. "My hope is that this retelling of the events will help shed light into the extraordinary ef- forts our organization mounted in response to a potentially disastrous event," he wrote. Hancock IT staff first discovered the hospital was facing a cyberattack when it noticed "negative changes in system performance." Shortly after, computer terminals throughout the hospital displayed messages indicating that the system was under attack. Hancock then shut down its network and isolated the virus to its backup site, but the "electronic tun- nel between the backup site and hospital" had already been compromised. Replacing the locked files with clean back- ups was no longer an option, according to Mr. Long. "[T]he core components of the backup files from all other systems had been purposefully and permanently corrupted by the hackers," Mr. Long wrote. "Thus, backup of the rest of the network systems would never have been a possibility and acquisition of the decryption keys was unavoidable." Between bad weather and this year's aggressive flu sea- son, the hospital's decision-makers had to react swiftly, he added. "[W]e wanted to recover our systems in the quick- est way possible and … made the deliberate decision to pay the ransom to expedite our return to full operations." The hospital contacted its legal advisers and cybersecurity firm Pondurance, as well as the FBI, for its investigation. It determined no patient information has been diverted out of the hospital and hackers didn't access patient data in- side the network. Through that weekend, systems were slowly brought back online, and by Jan. 14 evening, Hancock's EMR was func- tional again. "By [Jan. 15] morning, critical information sys- tems were back online and the work of the disaster recov- ery team was beginning to shift to monitoring the network and ensuring remaining systems work was completed, tasks that will be ongoing for some time," Mr. Long wrote. Mr. Long explained the attack was initiated by a "sophis- ticated criminal group" it believes was located in Eastern Europe. The group has obtained login credentials from a vendor that supplies Hancock with hardware for one of its critical information systems. "That said, the attack on Hancock Health was not random, it was a pre-planned event that used the hacked login ID and password of an outside vendor to gain entrance into the system. The fact that this was a premeditated attack spe- cifically targeted on a healthcare facility makes the attack indefensible in my estimation," Mr. Long wrote. n