Sympathy following massive attacks
It was not a great week for cyber security in healthcare around the world as malicious actors let loose, taking out Waikato DHB’s IT systems on Tuesday and having a go at the Alaskan Department of Health later in the week. Those incidents follow the massive attack on Ireland’s healthcare service last week, which was described by its CEO as catastrophic and affected the whole country. It is still recovering, but so is the Scripps Health network in San Diego, which continues to struggle two weeks later.
Early reports linked the perpetrators of the Irish attack to Waikato but that has since been disputed by the Ministry of Health, and it is still not clear who or what is responsible. One unexpected consequence has been disruption to the DHB’s payroll system – not only are clinicians having to revert to pen and paper, but the beancounters are too. The Victorian health system, which has had its fair share of cyber issues in the last few years, got a bit of cash in Thursday’s state budget to fix some of its cyber gaps, including money for next generation anti-virus protections, a Security Operations Centre, and a recovery service in the event of a successful attack.
In a busy week for Kiwi health IT, its budget delivered some much needed funds to get the national health information platform (nHIP) off and running. Now named Hira, the project has been on the drawing board for a couple of years as business cases were developed, pondered and finally approved. There is $NZ170 million in capital funding and $230m for operating costs for data and digital infrastructure for the healthcare system over four years, a substantial amount for NZ amid a big spend on the COVID-19 vaccine and immunisation program, billions more for the operation of the DHBs, and initial funding to make a start on implementing the new health system operating model.
There is also the previously announced funding for IT to support the breast and cervical cancer screening programs. The cost of those projects, along with the money for IT such as the national booking solution and the interim COVID-19 immunisation register, certainly got Orion Health CEO Ian McCrae’s attention when Auditor-General John Ryan released his report into the government’s management of the Covid-19 immunisation program this week.
Overall, Mr Ryan was happy enough with the management of the program but he was a bit worried about some aspects of the plan, including that information systems are still being developed, including the booking system. “If everything goes to plan these will be ready, but only just in time,” he said.
Mr McCrae insists he’d have had a booking system live by now and he was scathing about the $38 million price tag for the National Immunisation Solution. He also does not sound too keen on the way Salesforce is hoovering up a lot of these government projects. Ministry of Health deputy director-general of data and digital Shayne Hunter gave a breakdown of the costs of the immunisation solution to NZ Reseller News which challenged a few assumptions, but we doubt this will placate Mr McCrae or other critics of the spend.
Over in Australia, and some of the discussion in a webinar held this week by the Aged Care Industry IT Council (ACIITC) was about the money for aged care IT announced in the Australian federal budget last week as part of the government’s response to the Royal Commission into Aged Care Safety and Quality. That included $45.4 million towards linking residential aged care to My Health Record as well as the roll-out of electronic medication charts.
Recommendation 68 of the Royal Commission’s final report called for universal adoption of digital care management systems and the My Health Record system by July next year, but there is pretty unanimous agreement that there’s absolutely no way that is going to happen. According to figures tossed out in the webinar, only 10 per cent of residential aged care facilities are even registered for My Health Record, and only about one per cent are actually using it. And with the Australian Digital Health Agency representative spending most of her presentation explaining the ins and outs of IHIs, HPI-Is, HPI-Os and OMOs, it appears that few aged care providers have any idea about how to go about it.
We’ve argued this point before but far more emphasis should have been placed on getting aged care using the system from the get go. Almost a decade has gone by since aged care was part of the Wave 2 trials for the PCEHR and very little, if anything, has been achieved for the sector.
Nonetheless, money keeps being thrown at My Health Record. We asked readers last week in our poll whether they thought the $503m for digital health in the budget was well targeted, and it was a pretty strong result in the negative: 80 per cent said no, while just 20 per were in favour.
This week, we ask:
Are large health services well equipped to handle cyber security?
Vote here and feel free to leave your comments below.