Epic and IT updates from Craig Norquist, MD
Information security
Information security is at an ever-increasing risk of compromise. Recent events at the MGM in Las Vegas, where someone used a help line or service desk approach to get into the network then shut it down and hold it for ransom, have been felt here at HonorHealth as well. Last month, someone called the service desk impersonating a physician and managed to change passwords and phone numbers to gain access to the person’s account as they knew both the social security number and date of birth. Fortunately, this was caught prior to direct deposit being changed but it shows the nature of ransomware ‘professionals’ changing their approaches to gain access to important information.
At the last Medical Staff retreat, we learned about the frequency of attacks as well as the duration that systems would be down for if the network was actually compromised. On average, the entire network would be down between 24 and 30 days from an attack. That would mean a severe disruption to patient care and business as usual. Even though we have backup systems and data security in cyber vault like systems, the nature of attacks and network compromise would still mean we would be on paper and grease boards for three to four weeks. Medical Staff leadership discussed the possibility of running more lifelike drills with no computer or network availability in order to better understand how to operate without these services. While we undergo downtimes often, either quarterly or monthly, they are limited in duration and intentionally at night when volumes are low. This, unfortunately, leaves a majority of our team members and physicians under prepared to function without the EMR or internet. Our Medical Group and ambulatory care centers would most likely be affected as well, and the service disruption to patients and business would be profound.
For this reason, please exercise the utmost caution when opening emails and clicking on links. Never download anything onto a hospital computer that you are not 100% sure of its origins, and use the Security Actions button on Microsoft Outlook for suspicious emails to be evaluated. You should also expect increased scrutiny when calling the service desk to ensure that you are in fact the person needing help and not a suspicious character looking to gain entry into our system.
Epic Hyperdrive
As we continue to pilot the new version of Epic Hyperdrive, we are not finding significant issues or problems. It usually runs faster and only has slight differences in appearance. Most, if not all, issues are on the back end with interfaces that we usually are unaware of. In the event that you or your business is disrupted by an interface issue once the transition happens next month, please reach out right away so that it can be recognized and rectified.
Epic SmartUser
Epic has changed the name of their power user courses to SmartUser. You can still sign up for additional trainings on the Epic user webpage. Contact me at [email protected] if you want more information.