Health IT, under attack

With the recent news of the WannaCry ransomware attack and how it particularly hurt UK hospitals, I figured it was appropriate to link to our writeup of An Academic Medical Center's Response to Widespread Computer Failure (PubMed / ResearchGate). This was our experience in the hours and days following a botched 2010 McAfee's antivirus update, which began attacking a core component of Windows, and rendering PCs unusable. While accidental, in many ways it resembled a cyberattack.

Of course, there's been great coverage of the attack and its implications. Halamka was quoted:

“By prioritizing clinical functionality and uptime, healthcare organizations may not always have the most up-to-date software. Thus, healthcare, in general, may be more vulnerable than other industries to cyberattacks, and the scope of the impact to the NHS in the U.K. illustrates the problem." 
He said that some mission-critical systems were built years ago and never migrated to today’s modern platforms. In 2017, there are still commercial products that require Windows XP for which few patches are available, he said.

Other useful perspectives on healthcare IT's vulnerabilities emphasize HIPAA / business associate concerns when accepting patches. Lessons abound. Hopefully we'll learn them well enough to prevent future episodes.

A year without blogging

It's not I've stopped writing - besides the peer-reviewed stuff there's articles and commentary at EPMonthly and Telemedicine magazine, tweets @nickgenes, and the occasional piece for Medscape.

But coming to blog at this site doesn't just feel like a chore - it's laden with a sense of guilt. I was so very wrong about the potential of blogging and social media.

There were warnings. Back in 2010 I commented on a WSJ blog about our experience implementing electronic medical records in our ED. Another commenter then accused me of practicing "Tuskegee medicine" and experimenting on patients without consent, because EMRs hadn't been shown to be safer and more efficient than paper records in randomized trials. I'd seen trolls before but not for academic discussions like this - and the troll was signing his note with an MD's name (though not someone I could find in US physician databases).

Elevating the status of online discourse is something I've wondered about for years - it's the reason this blog adopted Facebook-authenticated comments. Our research found value even in the web's darkest corners, like YouTube comments. But of course in general, commentary kept getting worse. Last winter I lamented that the media framed stories much like Vegas sets the spread, to ensure maximum pageviews, debate and ultimately, vitriol.

All this was before the 2016 presidential election really heated up. Eventually last year, every news story was quickly put in terms of your team vs the other team. Our team is always noble and wise, but the other team is misguided at best, hypocritical and probably evil, often dumb or short-sighted, and if they're making any gains it's because they're cheating. Interacting with old friends online became a fraught exercise. Even the #FOAMed community began to see polarization and personal attacks.

So blogging and using social media, for me, if it's going to continue, must take the form of record-keeping and journaling - links to useful resources, or snapshots of what I'm up to at a particular point in time. Anything more would be a waste of time.