An Overview of McKesson and Paragon

Posted by Ashley McCool on November 16, 2017 in Blog, News

A Brief History of McKesson

Originally founded in 1828 in New York City as Olcott by Charles M. Olcott, and later known as Olcott, McKesson & Co. by Charles Olcott and John McKesson in 1833, the business began as an importer and wholesaler of botanical drugs. Years later, a third partner, Daniel Robbins joined the enterprise as it grew, and it was renamed McKesson & Robbins following Olcott’s death in 1853.

During the mid-20th century, the company transitioned from mainly a pharmaceutical company to a medical technology company. In 1999, McKesson & Robbins acquired a medical information systems firm, HBO & Company and was briefly known as McKessonHBOC. In 2010, McKesson acquired leading cancer services company US Oncology, Inc. for $2.16 billion, which was integrated into the McKesson Specialty Care Solutions business. In addition to its offices throughout North America, McKesson also has international offices in Australia, Ireland, France, the Netherlands, and the United Kingdom. Today, McKesson is one of the oldest continually operating businesses in the United States. As of August 2016, McKesson merged a majority of its IT business with Change Healthcare. McKesson is currently headquartered in San Francisco, California, with 190.8 billion revenue (2016) and 68,000 employees (2016).


About McKesson

McKesson delivers a comprehensive offering of healthcare products, technology, equipment and related services to the healthcare industry and non-hospital market — including physician offices, surgery centers, long-term care facilities and home healthcare businesses — throughout North America and internationally.

McKesson supports pharmacies by expanding the range of medical supplies and services they offer customers. In addition, they work with pharmaceutical manufacturers, as well as practice management, technology and clinical support to oncology and other specialty practices, to help develop and deliver advanced medical treatments that lead to improved care and outcomes. McKesson also provides pharmaceutical distribution services that are customizable and scalable for hospitals and health systems of all types and sizes.


About the Software

Paragon – Inpatient EHR System

Paragon is a fully integrated clinical and financial system designed for hospitals and health systems of all sizes. McKesson highlights these benefits and advantages to using the Paragon system:

  • Helps reduce system complexity and lowered cost of ownership: Designed around a technology platform that helps reduce system operational complexity via a fully integrated clinical and financial system, a modern, non-proprietary operating platform and a Microsoft® SQL server platform. In addition, by using the Microsoft® SQL technology and architecture throughout, Paragon simplifies data management through the normalization and familiarity of the Microsoft® platform.
  • Easy-to-use, comprehensive software applications: Paragon offers a broad suite of clinical and financial applications with anytime, anywhere access via the web.
  • Single vendor for all clinical and financial needs: Partnering with a single vendor for all clinical and financial operations helps navigate the health care landscape while efficiently maximizing the clinical and financial performance of the organization.


Paragon user-friendly applications for clinicians include:

  • Clinician Hub: Web-based information presentation and workflow management solution that allows clinicians to view clinical and administrative information, document care, and place orders for patients
  • Computerized Physician Order Entry (CPOE): Integrated, physician-friendly solution providing direct order management and clinical decision support
  • Clinician Mobile: Provides clinicians with fast, efficient and secure mobile access to patient-specific clinical information
  • Physician Documentation: Integrated solution that supports care communication and charge capture via the physician’s natural workflow
  • Medication Reconciliation: Integrated solution to review medications, communicate changes and place orders
  • Clinical Assessment: Enables caregivers to collect and evaluate patient assessments, vitals and I&O as well as automating flow sheets and therapy assessments
  • Care Plans: Automates the workflow for the patient care planning process and helps reduce the time required to create and document patient care interventions
  • Order Management: Facilitates order entry, charge capture, patient profile information and order interactions for all patient types
  • Medication Administration: Offers a point-of-care solution that helps support medication safety while systematically documenting the administration process
  • Clinical Data Interface: Helps increase efficiency of clinical staff and helps reduce errors by importing discrete physiologic data from third-party devices, such as bedside monitors or ventilators


Paragon applications to assist ancillary departments include:

  • Pharmacy Management: Combines patient demographic and clinical information with specific drug information to help manage drug therapy
  • Operating Room Management: Provides OR and resource scheduling, real-time perioperative charting at the point of care; helps users manage surgical supply inventory; captures charges and provides robust reporting
  • Emergency Department Information System: Provides Emergency Department documentation for physicians, nurses and mid-level providers, while also supplying tracking board, registration, triage and reporting capabilities
  • Inpatient Physical Rehabilitation: Allows users to utilize the CMS standard Patient Assessment Instrument in a clinical setting and for the calculation of RIC codes
  • Radiology Management: Enables hospitals to manage and report on all radiology procedures performed within their organizations
  • Laboratory Management: Helps manage workflow and automate test reporting and quality assurance information
  • Mobile Specimen Collection: Helps improve accuracy and productivity through the use of handheld barcode technology to identify patients and collect specimens at the bedside
  • Microbiology: Helps manage the specialized department workflow in a paperless environment


Paragon administration and hospital financial applications include:

Business Office and Administration

  • Patient Management: Offers a complete patient accounting application, including billing and collection that can interface with ambulatory EMRs and centralized collections
  • General Ledger: Provides inquiry, audit trails and automated entries to help organizations analyze current performance and project future trends
  • Accounts Payable: Provides management of multiple discount rates, minimum dollar order limits and payment cycles
  • Materials Management: Improves control over inventory management with tracking and comprehensive reporting
  • Payroll: Helps improve control over inventory management with tracking and comprehensive reporting
  • Patient Supply Charging: Helps reduce revenue loss from undocumented patient supplies and improve inventory management
  • Fixed Assets: Helps manage the organization’s physical plant and equipment and forecasts future depreciation assets
  • WebStation for Executives: Provides a personalized gateway and decision support tool to a broad array of enterprise-wide information
  • Automated Daily System Close: Enables unattended backup and nighttime operation

Patient Access

  • Referrals and Authorizations: Allows users to enter and track data regarding referrals for services and authorizations
  • Resource Scheduling: Allows users to better manage and control resources through coordinated scheduling of patients for clinics, procedures or exams
  • Registration: Provides access to patient admission, registration and discharge information across episodes of care

Health Information Management

  • Medical Records: Offers an intuitive, cost-effective process for maintaining and updating medical records
  • Medical Records Transcription: Automates the transcription process and decreases completion time
  • Utilization Review: Automates proactive inpatient case management from admission through discharge to help reduce loss from unpaid patient days
  • Release of Information: Helps the Health Information Management department track the release of patient health information data


The Paragon® Ambulatory Care Practice Management module includes:

  • Single registration screen across hospital, practice and clinic
  • Centralized billing across enterprise from one location in the system
  • Ability to schedule lab and radiology orders from a physician practice or clinic to a hospital
  • Single patient record for registering and billing patients
  • Enterprise scheduling across acute-care and ambulatory settings
  • Patient education
  • Health maintenance support

Paragon® Ambulatory Care Practice Management module helps organizations:

  • Reduce maintenance overhead managing disparate systems
  • Provide an improved user experience as module is built in Paragon, reduce potential user training time
  • Reduce the cost and hassle associated with paper/faxed lab and radiology results between the physician practice and the hospital
  • Improve physician and provider workflow
  • Save time by reducing the need to rekey data from the hospital or clinic

Paragon Clinician Mobile includes:

  • Patient Overview: vital signs, intake & output, results, orders, meds & IVs
  • Vital Signs: graphically and in table format
  • Intake & Output Summary: time periods of 24 hours, current shift and since admission
  • Results: critical and non-critical for laboratory, microbiology, diagnostic images, cardiology and more
  • Orders: details on patient orders grouped by active, on hold and recently ended
  • Meds & IVs: active and discontinued medications by STAT, routine, PRN and IV solutions
  • Patient Profile: demographic, longitudinal and care assignment information
  • Care Assignments: caregivers who are associated with a patient visit


In August 2017, Allscripts announced plans to buy McKesson’s EHR, revenue cycle tools for $185 million. Allscripts said that it will keep McKesson’s Paragon EHR for small hospitals and use its own Sunrise for larger systems. For $185 million, Allscripts gained the product portfolio which McKesson calls Enterprise Information Solutions, consisting of the Paragon EHR, Star, and HealthQuest revenue cycle technologies, OneContent content management tools, as well as Lab Analytics and Blood Bank.

Source and additional information:

What is Epic? A Quick Overview of Modalities

Posted by Ashley McCool on November 9, 2017 in Blog, General, News

About Epic

Epic is an electronic health record system (EHR) and company that develops software to help people get well, stay well, and help future generations be healthier. Known as one of the leading EHR vendors in the US, Epic has over 190 million patients with a current electronic record in the system.

About the Company

In 1979, Judy Faulkner, founder and CEO, launched Epic Systems Corporation from her basement with a $70,000 bank loan secured against her home and the equity of a few loyal programming customers. The privately held software company is based in Verona, Wisconsin and has a nearly 1.8 billion revenue. Originally named Human Services Computing but rebranded as Epic Systems in 1983, the company currently has over 9,000 employees.

The headquarters is known for its imaginative campus; each section of the campus has a different theme, ranging from farming to castles to New York City’s Grand Central Station. The campus also features a treehouse for meetings. Not only does the Epic campus boast a unique design, they are also proud of their sustainability efforts, which include six wind turbines and 18 acres of solar panels, and utilizes underground geothermal pipes for heating and cooling the campus buildings.

About the Software

The purpose of Epic is to give patients the tools to lead a healthier life. With MyChart, patients have access to personal and family health information. They can message their doctors, attend e-visits, complete questionnaires, schedule appointments, and have more involvement in managing their health when and where it’s most convenience for them. While in the hospital, patients can stay in touch with their care team by using the MyChart tablet, which also can be used to personalize educational materials.


Epic’s software is most commonly used in:

  • Community hospitals
  • Academic medical centers
  • Children’s organizations
  • Retail clinics (such as CVS Health)
  • Multi-specialty groups
  • Integrated delivery networks
  • Rehab centers
  • Skilled nursing facilities
  • Hospice care facilities
  • Independent practices
  • Patient homes and “on-the-go” mobile version


Types of Modalities

Each care specialty has a dedicated modality tailored to its exact needs. The content in these modalities are guided by the experts in their field, where steering boards contribute content and guide development, meeting the real-world specialty needs. Here is a breakdown of the major modules that Epic has released, along with the clinical areas where they are used:

ASAP ER Module

ASAP is the Epic module that deals with managing ER visits. It has a component that tracks which rooms are occupied, displaying room and bed status on monitors that are mounted on the walls near the nursing stations.

EpicCare Ambulatory

EpicCare Ambulatory is one of the main and largest components of the Epic System. Primary Care and Specialty clinicians use the Ambulatory Module to document visits, place orders, send prescriptions, perform in-office procedures, review results, and send communications to patients.

Epic Beacon Oncology

Beacon Oncology is the chemotherapy module in the Epic system. It is built around treatment plans for patients who are undergoing cancer treatment. Whereas most patient visits are either Outpatient or Inpatient, these visits are considered Series Visit Types, which span a longer amount of time.

Epic Beaker

Epic Beaker is the laboratory system for a hospital lab. Orders that are placed either in other parts of Epic or in an external system are transmitted to Beaker via an HL7 Interface1 for processing. When patients arrive to have their blood drawn, the results are entered into Beaker, which then get transmitted back to the ordering doctor.

Epic Bridges

Epic Bridges1 is the module for installing, configuring and maintaining clinical interfaces to other systems. See the reference below to learn more about interfaces.

Epic Cadence

Cadence is the Epic scheduling module for Outpatient and Specialty clinics. Any time you have an appointment with your doctor, their scheduling staff will use Cadence to book your appointment, then check you in on arrival. The physicians and other staff are able to see the schedule for the whole clinic, or just for their own patients.

Epic Caboodle – aka Cogito Data Warehouse

This area of Epic refers to the data warehouse and analytical tools used to store and retrieve large amounts of clinical data. The data can be queried to provide all manner of reporting to support care decisions, manage costs, and identify trends2. Other data can be brought in from non-Epic systems, and then used along with Epic data to provide reporting results. Until mid-2016, the trade name for these tools was Cogito, from the Latin phrase ergo sum: “I think, therefore I am”. In mid-2016, Epic renamed it to “Cabooble”, ie Kit & Caboodle. Get it?

Epic Care Everywhere

Care Everywhere is the network by which patient records are shared between different Healthcare organizations that use Epic. If you receive care at an Epic hospital in say, New York for example, then move to another state or even another country, your new care providers can run a Care Everywhere query from their instance of Epic to pull in your records from your previous providers. Care Everywhere operates as a Health Information Exchange.

Epic Cupid

Epic Cupid is the module for Cardiology practices. There are special clinical tools focused on cardiology care. Epic can also integrate or interface with external EKG devices to bring the EKG readings into the medical record.

Epic Happy Together

Happy Together is Epic’s effort toward communicating clinical information across different systems, including competing vendors. This is done from the provider standpoint by communicating through Health Information Exchanges. Also, many patients use Epic’s patient portal MyChart at more than one Epic location, such as a primary care office from one organization, and a specialist from another. Happy Together enables patients to see their clinical data from multiple locations in one MyChart session.

EpicCare Home Health

This is the module used in a home health setting, in which visiting caregivers (Nurse, Nurse Aides, PT, OT, etc) document care done in a patient’s home. Clinicians use a remotely installed software program that allows them to document in settings where they might not have any Internet connection. Then after they finish their work, they can reconnect to their organization’s network and perform a sync that uploads their documentation to the main Epic servers.

Epic Hyperspace

Epic Hyperspace is not a clinical module in itself, but rather the actual application client that is presented to users of most areas of Epic. When a nurse, doctor, therapist, or administrative staff launch Epic, the front-end software that is presented to them is called Hyperspace. It is typically installed on hosted servers that are accessed by many workstations throughout an enterprise, rather than being installed on individual users’ PCs. Citrix commonly used to host Hyperspace.

Since it is a core component of the Epic system, upgrades almost always include an update of Hyperspace. Epic Hyperspace is configured to display different menus, tasks, and options to users depending on their specific roles. For example, a pharmacist will be presented with many medication-related options, while a family practice physician will be presented with options to document clinical visits, place orders, and perform other clinically relevant tasks.

EpicCare Inpatient

EpicCare Inpatient is much like EpicCare Ambulatory, except that the clinical tasks are done in the hospital on admitted patients.

Epic Haiku

Epic Haiku is an App for Android and Apple that allows doctors to access a limited version of EpicCare Ambulatory. They can see and respond to test results, access their schedule, and see other clinical data on their patients.

Epic Healthy Planet

Healthy Planet is Epic’s Population Management system to help organizations deliver better care for a given population of patients. It is a direct outcome of the Affordable Healthcare Act, which established voluntary entities called Accountable Care Organizations. An ACO is set up to pay providers not just for delivering services, but for the healthy outcome of the patients who are enrolled in the ACO. Healthy Planet provides a suite of reports, dashboards, and workflow tools that allow Care Managers to manage patient populations in and apart from ACOs.

Epic Kaleidoscope

Epic Kaleidoscope is the Ophthalmology (Eye Care) module for Epic. It allows Ophthalmologists and Optometrists to perform eye exams, document eye related procedures, and write contact lens and eyeglass prescriptions.

EpicCare Link

When a hospital or other healthcare enterprise installs Epic, they typically interact with community physicians who do not have Epic, many of which do not have any electronic medical record system. EpicCare Link allows those providers to be given access to a web-based portal, allowing them to have limited use of the EMR to view activity on their patients who have received care at the associated hospital. It is usually configured to provide read-only access, meaning the external provider cannot place orders or do other clinical activity.

Epic Lucy

Lucy is not exactly a module, but is a concept of allowing patients to download and print their medical record in a usable format. This is called a Continuity of Care Document (CCD), and is considered a form of a personal health record.

Epic MyChart

MyChart is the web-based system that allows patients to manage their medical care in many ways. They can view test results, past and future visits, orders, medications, and more. They can also request appointments with physicians and ask non-urgent medical questions. A supporting App for Android and Apple is also available. Also, a newer feature that is beginning to emerge is the ability to conduct video visits with physicians. More about patient portals.

MyChart Bedside

Where MyChart is focused mainly on the outpatient and specialty parts of the patient record, MyChart bedside is intended for use while a patient is admitted to the hospital. It provides online tools for tracking your progress toward discharge, and can be configured to provide patient education material.

Epic OpTime

Epic OpTime is the Operating Room/ Surgery module for Epic. It has components for Inpatient Surgery as well as Outpatient Day Surgery.

Epic Prelude (ADT Patient Registration)

ADT stands for Admission, Discharge, Transfer. ADT is a critical part of the entire organization’s system because this is where the key information and status of all patients is managed. The Prelude module covers the hospital registration and insurance functions.


Radar is the dashboard configuration that is shared across almost all other Epic modules. Dashboards support reports, graphs, performance measures, helpful links, and much more pertaining to each area. For example, an OB dashboard will have measures relating to C-Section rates and number of births.

Epic Radiant

Epic Radiant is the Radiology module for Epic. It provides documentation, film tracking, and viewing of Radiology images.

Epic Sonnet

Epic Sonnet is a trimmed-down version of the main clinical application that is aimed at smaller organizations that cannot afford or don’t need the full-featured version. Epic will offer Sonnet to organizations as a software service hosted at their campus data center in Verona, WI.

Reporting Workbench

This is Epic’s application-side reporting solution which allows IT analysts to create and manage reports on date from most parts of the system. Users work from templates to get data on patient lists, orders, appointments, diagnoses, and much more. In Reporting Workbench, users do not run SQL queries to the database, as the tool is visually oriented.

Epic Rover

Epic Rover is the module that uses mobile devices to allow Inpatient nursing staff to do review and documentation tasks. Some of the functions that Rover helps with are chart review, medication administration, flowsheet documentation, and recording patient photos. It is not intended to take the place of Epic Hyperspace, the standard client for accessing clinical functions.

Epic Stork

Epic Stork is the Obstetrics module for managing pregnancy episodes on the Outpatient side, and documenting deliveries in the hospital.

Epic Welcome Kiosk

The Welcome Kiosk is about the size and shape of a small ATM, and allows patients to check in for appointments, pay co-pay amounts, sign documents, and print receipts and other materials.




Cyber Security Summary – October 2017

Posted by Ashley McCool on November 7, 2017 in Blog, News

The amount of healthcare breaches has decreased dramatically since September 2017. In the month of September, healthcare providers experienced 36 breaches with 464,722 individuals/records affected; yet in October, healthcare providers experienced 21 healthcare breaches with only 55,673 individuals/records affected. Contributing to these breaches in October were a few email, EMR, and paper/film breaches, and a hacking/IT incident.


Since the beginning to the year

Since the beginning of 2017, there have been 1,140 total data breaches causing over 171 million records to be compromised. Out of those, the healthcare industry accounted for 314 breaches and about 4.8M records compromised. The healthcare industry experience 27.5% of total breaches and 2.8% of records compromised.


Chase Brexton Health Care Notifies More Than 16,000 Patients After Phishing Incident

Between August 2, 2017, and August 3, 2017, a number of Chase Brexton employees received a bogus employee survey via email. It was determined that these email boxes did contain personal health information from several patients, including the following: patient name, patient ID number, date of birth, address, provider name, diagnosis codes, line of service, service location, visit description, insurance, and medication information.

September 2017 – Cyber Security Summary

Posted by Ashley McCool on October 12, 2017 in Blog, News

The amount of healthcare breaches has increased slightly since August 2017, yet individuals/records affected has decreased during this same time period. In the month of August, healthcare providers experienced 28 breaches with 695,225 individuals/records affected; yet in September, healthcare providers experienced 36 healthcare breaches with only 445,702 individuals/records affected. Contributing to these breaches in September were a few phishing schemes, a stolen laptop, and a data hack exposed via Twitter.


Since the beginning to the year

Since the beginning of 2017, there have been 1,080 total data breaches causing almost 171 million records to be compromised. Out of those, the healthcare industry accounted for 289 breaches and about 4.6M records compromised. The healthcare industry experience 26.8% of total breaches and 2.7% of records compromised.


SMART Physical Therapy Hack Exposed via Twitter

A hacking group known as TheDarkOverlord announced a successful attack on a U.S. healthcare provider, SMART Physical Therapy. The hack reportedly occurred on September 13, 2017, with the announcement of the data theft disclosed by TDO on Twitter on September 22, 2017. The database contained a wide-range of information on 16,428 patients, including contact information, dates of birth, and Social Security numbers.


Network Health Phishing Attack Impacts Over 51,000 Plan Members

Network Health notified 51,232 of its plan members that some of their protected health information (PHI) has potentially been accessed by unauthorized individuals. In August 2017, some Network Health employees received sophisticated phishing emails. The compromised email accounts contained a range of sensitive information including names, phone numbers and addresses, dates of birth, ID numbers, and provider information. The company took prompt action by contact Federal law enforcement officials. Network Health is offering one year of free identity theft protection and monitoring to affected customers.


Stolen Laptop from Mercy Health Love County Hospital and Clinic Leads to Credit Card Fraudulence

On June 23, 2017, the hospital discovered an employee had stolen a laptop computer and paper records from a storage unit used by the hospital. The theft of PHI was initially investigated by the Love County Sheriff’s Office and revealed the former employee had used the stolen information to fraudulently obtain credit cards in the patients’ names. A second individual is also understood to have been involved. Only ten patients were directly affected and we notified immediately.


Two Employees Hooked By Phishing Attack at Morehead Memorial Hospital, 66,000 Patients Impacted

Morehead Memorial Hospital in Eden, NC has announced two employees have fallen victim to a phishing attack that resulted in an unauthorized individual gaining access to their email accounts. The types of information exposed includes names, health insurance payment summaries, health insurance information, treatment overviews, and a limited number of Social Security numbers. After the discovery, the hospital performed a network-wide password reset. Phishing scams like this happen often in the healthcare field, as emails are sent to healthcare employees that look authentic and once a link is clicked on and login details are entered, it provides hackers with the credentials to login to those accounts. The hospital reported that the breach impacted roughly 66,000 patients and it was reported to the FBI, Department of Homeland Security and Office of Civil Rights.



What is Meaningful Use of EHR?

Posted by Ashley McCool on September 14, 2017 in Blog, News

In 2009, the US Government introduced the Meaningful Use Program (the Program) as a part of the “Health Information Technology for Economic and Clinical Health (HITECH) Act”, to help modernize our nation’s infrastructure, including medical records which have long been recorded by hand. This was an effort led by the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health IT (ONC). Defined as a program that encourages healthcare providers to show “meaningful use” of certified Electronics Health Record (EHR) technology, Meaningful Use encourages healthcare providers to switch from paper charts to electronic records, improving efficiency, safety, and providing an overall better care to patients.


Providers must follow a set of criteria that serves as a roadmap of effectively using and EHR. The Program was implemented over a series of three stages over a five year span.

Stage 1 (2011-2012): Promotes basic EHR adoption and data gathering.

Stage 2 (2014): Emphasizes care coordination and exchange of patient information; advancing clinical processes.

Stage 3 (2016): Improves healthcare outcomes. This stage is now set to begin as an optional requirement for physicians and hospitals in 2017 and required in 2018.

*After the initial start of the program, Stage 1 was updated and is now considered “Modified Stage 2.”

Incentive Plan

Healthcare providers that participate in the Program and meet reporting requirements are awarded with incentive payments, granted by CMS. Those payments can reach up to $44,000 for individual physicians and other eligible healthcare professionals through the Medicare Meaningful Use program, or up to $63,750 through the Medicaid Meaningful Use program.


Eligible providers not participating in the Program by the beginning of 2015 are penalized by receiving less than 100 percent of their Medicare fee schedule for their professional services.


Ultimately, complying with the Program will result in better clinical outcomes, improved population health outcomes, increased transparency and efficiency, empowered individuals, and more robust research data on health systems.


For more information on Meaningful Use, visit the CDC’s website.



July 2017 – Cyber Security Summary

Posted by Julia Foster on August 4, 2017 in Blog

The amount of healthcare data breaches in July was off-the-chart.  At 46 breaches, July had the highest number of breaches in 2017!  July accounts for 20.5% of all 2017 healthcare data breaches; to put that in comparison, before July there was an average of 25 breaches per month. The 46 breaches caused 572,678 records to be compromised. Contributing to these breaches were an identity theft scheme, a not-so-average phishing email, a threat that was undetected for over a year and a double attack.


Since the beginning to the year

Since the beginning of 2017, there have been 881 total data breaches causing almost 17 million records to be compromised. Out of those, the healthcare industry accounted for 224 breaches and about 3.5M records compromised. The healthcare industry experience 25.4% of total breaches and 20.8% of records compromised.


Identity-Theft Scheme

10 hard-copy medical records were stolen when a county hospital in Oklahoma’s storage building was broken into.  On Thursday July 20th local authorities were able to connect the break-in to two individuals, who were arrested in June 2017 for identity theft.  The suspected thief worked for the County Hospital as a licensed practical nurse. It is reported, after leaving the hospital in early 2017, the suspect returned to the hospital to steal personal patient information. The ex-employee and accomplice, were arrested after the discovery of evidence that linked the partners to numerous reported identity thefts totaling over $300,000. The hospital has taken all necessary steps ensure security of the building in the future and is offering the 10 affected patients free credit support.


‘Phishing’ for Cash

In the beginning of July, a university medical center in California reported a breach affecting nearly 15,000 people. Hackers gained access to medical center employees’ accounts through a phishing email. Once they gained access to the accounts, hackers impersonated account owners to send emails to other employees.  The hack was discovered when accounts were used to request large amounts of money. While there is no evidence to show personal information was acquired, the hackers had potential access to personal information such as names, addresses, phone numbers, medical record numbers, diagnoses and SSNs.  The medical center is evaluation its security measures and offering identity and credit protection services to patients who were possibly affected.


15 months undetected

While investigating into a recent ransomware attack a Georgia-based neurological clinic found a 15-month breach.  While the clinic was able to restore all information without paying a ransom, during the process they found that hackers had potential access to names, SSNs, driver’s licenses, addresses, phone numbers, medical data, prescriptions and health insurance information from February 2016 through May 2017. It is unknown if any of this personal information was accessed, but the clinic is offering identity theft protection services to patients affected by the breach.


Double Whammy

A senior living community reported a second ransomware attack on July 5th. The senior living community, located in Texas, originally reported a breach in May of this year. While investigating into the original attack they found a second ransomware attack. Luckily, the second attack was detected the same day it was discovered and they immediately took action and expanded their investigation to include the scope of the second attack. There is nothing suggesting that hackers accessed personal, but they potentially had access to SSNs, driver’s license numbers, birth dates, addresses, phone numbers, medical record numbers, payment information, health insurance information, and clinical information related to residents.


Cyber Security Summary – June 2017

Posted by Julia Foster on July 18, 2017 in Blog, News

Cyber Security Summary – June 2017

While June was less eventful than May, it was still a big month regarding healthcare cyber security.  June is right in line with the 2017 monthly median for healthcare data breaches, but it is almost three times over the monthly median for records compromised. In June 2017 there were 26 healthcare data breaches and approximately 661,055 individuals affected by these breaches.

Since the beginning of the year
From the beginning of January through the end of June, there has been a total of 12,389,462 records compromised and 791 data breaches. Of those data breaches the healthcare industry, with 178 breaches and over 3 million records compromised, accounted for 22.5% of data breaches and 24.3% of records compromised.


Notable Incidents

Non-secure disposal of information
A Texas-based hospital notified patients about a possible security breach this month. This notification to patients was a result of a box of medical forms with PHI being found near an unsecured dumpster.  This incident, that may have affected 1,842 patients, gave unauthorized access to patient information including names, birth dates, case numbers and phone numbers.  It is unsure if additional information including mailing addresses, SSNs, health information and financial numbers were included in these forms. While there is no evidence to show these forms are being used maliciously, the organization offered concerned patients one year of free credit monitoring and are reviewing their current processes of PHI disposal to make any necessary changes.


Compromised while making education material
A Children’s Hospital in Missouri discovered a security threat through an unauthorized website that contained PHI collected by a hospital physician. The physician was using the information to create an educational resource. While the records were password protected the hospital considered the security measures in place insufficient. If an unauthorized individual or group accessed the site they would have  potentially been able to access sensitive information including names, medical records numbers, gender, dates of birth, encounter number, age, height, weight, body mass index, admission dates, discharge dates, procedure dates, diagnostic and procedure codes, and brief notes. The hospital took down the website immediately after it was discovered.

Health records found on side of the road
A healthcare organization in Tennessee misplaced documents that contained patient names, dates of birth, admitting diagnoses, account numbers and physician names. Luckily these records were found on a rural road in the area.  Further investigation revealed that documents did not include SSNs or medical records.


Cyber Security Summary – May 2017

Posted by Julia Foster on June 16, 2017 in Blog, News

Cyber Security Summary –  May 2017

In the cyber security world, May was an extremely eventful month due to the largest ransomware attack to date, occurring worldwide. Luckily, this outbreak only had minimal effects on the United States healthcare industry. For cyber security in the US healthcare industry, May turned out to be a fairly average month in terms of total breaches, but extremely high when it comes to the amount of records compromise. Throughout May there were approximately 30 healthcare breaches and 900,000 records compromised.* Some major cyber security breaches included the global WannaCry ransomware outbreak, TheDarkOverlord stealing (more) health records and a simple URL change exposing personal information.


From the Beginning of the Year:

Since the beginning of 2017 through May 2017, there have been 724 data breaches and nearly 11 million records compromised. The medical/healthcare industry accounts for 23% of records compromised, with nearly 2.5 million records, and 22% of breaches with 159 breaches.*

Major Cyber Security Activity


The WannaCry outbreak was the largest ransomware attack to date! Over the course of one weekend the virus infected approximately 200,000 computer systems in 150 different countries. The ransomware targeted vulnerabilities in Microsoft Windows computers. Britain’s National Health System runs on Windows XP making its hospitals one of WannaCry’s largest victims.  Over 40 U.K. hospitals’ systems were paralyzed by the attack.  While the WannaCry attack did not hit healthcare systems in the US as hard, it was reported that numerous US medical devices were infected.

Although the attack effected so many different computer systems it is reported that the hackers only made $50,000. Which is a rather small amount for the high quantity of systems they took control of (for reference in 2016 a hospital in Hollywood paid $17,000 to a hacker to release one system.) Luckily, the attack was stopped by a hacker group known as “Shadow Brokers” and any new waves of WannaCry are not as harmful as the original.

TheDarkOverlord….. is back

The hacker know as, TheDarkOverlord is back.  This particular hacker or hacker group (it is still unknown if TheDarkOverlord is working alone or as a group), who is responsible for numerous other healthcare attacks including the breach of 9.3 million records from a health insurer, stole and released 180,000 patient healthcare records. These records were stolen from a New York based dentist, California’s OC Gastrocare and a Surgery Center in Florida. In TheDarkOverlord fashion, these records were made accessible to the public on Twitter. The database of records contained information such as medical conditions, insurer details, Social Security numbers, birth dates, and payment information.  TheDarkOverlord does not only specialize in extorting healthcare organizations, they are credited for leaking the newest season of Netflix’s show, Orange is the New Black.

A Simple URL Change

A glitch in a large healthcare organization’s online patient portal was giving unauthorized access to patient information with a simple change of a URL.  While this problem was reported in April 2017, it was not entirely fixed until May.  In April a patient portal user reported that when looking at their personal health records, they were able to access other’s records without a username or password by changing a number is the web address.  When accessing these records users could see, names, birthdates, addresses and information that may point to specific diseases. Once the issue was brought to light the organization immediately shut down the patient portal and corrected the problem.

*Values are approximate, based from a report release on June 6th, 2017 by the Identity Theft Resource Center



April 2017 Cyber Security Summary

Posted by Julia Foster on May 4, 2017 in Blog

April 17 CoverApril 2017 Cyber Security Summary

After the crazy month of March, the cyber security world seemed to settle down a little bit in April. April consisted of 21 total healthcare breaches and 122,877 records compromised which included a stolen laptop, a stolen vehicle, and a ransomware attack.

Screen Shot 2017-05-04 at 11.10.52 AM

Since the beginning of the year:

So far 2017 has had 558 total data breaches and almost 10 million records compromised! The healthcare industry has accounted for around 23% of those with 126 healthcare breaches and around 1.5 million records!


Some notable attacks included:

Stolen Laptop

A large health system in Rhode Island has notified over 20,000 patients of compromised personal information. The information was access and from an unprotected laptop that was stolen from an employee’s car. The laptop was used to store emails that may have contained patient information including names, medical record numbers, demographic information, and prescribed medications. At this time, there is no indication that the information has been used by the hackers.

Ransomware Attack

Last month, a small practice in Kentucky was attacked by cyber criminals. Their system was placed under a ransomware attack which resulted in their patient’s ePHI being encrypted. Almost 20,000 patient’s records were encrypted and inaccessible, but after two days of system downtime, the practice was able to recover the encrypted data from backups. Luckily, the practice did not have to pay the ransom that the hackers were demanding since the system was backed up.

Stolen Vehicle

In Montana, a health screening provider had to notify over 15,000 patients of a data breach after a facility owned vehicle was stolen on the way to a health fair. The stolen vehicle contained a flash drive which contained demographic information of health fair participants. Although there is no evidence of the information being misused, the organization offered a credit monitoring service to those affected.

growing your business



07_linkedin 02_facebook 01_twitter 13_pinterest 10_instagram

Egg-stremely, Egg-cellent ICD-10 Codes for Easter

Posted by Julia Foster on April 14, 2017 in Blog

Spring brings Easter and like most holidays there are ICD-10 for the occasion, keep an eye out for these codes:

Egg #2R73.9- Hyperglycemia, unspecified
You might be needing this code after eating an Easter basket full of chocolate and  jelly beans.


Egg #3W01.0XXA- Fall on same level from slipping, tripping and stumbling
One of the greatest Easter pastimes is egg hunts.  Be careful, you don’t slip, trip or stumble while looking for the golden egg.


Egg #1

F40.218- Animal type phobia
Face it, kids aren’t the only ones afraid of the giant bunny at the mall.


Egg #5

Z91.012- Allergy to eggs
If you didn’t know it before, you might discover this allergy.


Egg #4

W61.33XA- Pecked by chicken
Baby animals, including chicks, are icons of Easter.