Hospital pays hackers ransom of 40 bitcoins to release medical records

By Kim Smiley

In February 2016, Hollywood Presbyterian Medical Center’s computer network was hit with a cyberattack.  The hackers took over the computer system, blocking access to medical records and email, and demanded ransom in return for restoring the system.  After days without access to their computer system, the hospital paid the hackers 40 bitcoins, worth about $17,000, in ransom and regained control of the network.

A Cause Map, an intuitive visual format for performing a root cause analysis, can be built to analyze this incident.  Not all of the information from the investigation has been released to the public, but an initial Cause Map can be created to capture what is now known.  As more information is available, the Cause Map can easily be expanded to incorporate it.

The first step in the Cause Mapping process is to fill in an Outline with the basic background information.  The bottom portion of the Outline has a place to list the impacts to the goals.  In this incident, as with most, more than one goal was impacted.  The patient safety goal was impacted because patient care was potentially disrupted because the hospital was unable to access medical records.  The economic goal was also impacted because the hospital paid about $17,000 to the hackers.  The fact that the hackers got away with the crime could be considered an impact to the compliance goal.  To view a filled-in Outline as well as a high level Cause Map, click on “Download PDF” above.

Once the Outline is completed, defining the problem, the next step is to build the Cause Map to analyze the issue. The Cause Map is built by asking “why” questions and laying out the answers to show all the cause-and-effect relationships that contributed to an issue.  In this example, the hospital paid ransom to hackers because they were unable to access their medical records.  This occurred because the hospital used electronic medical records, hackers blocked access to them and there was no back-up of the information.  (When more than one cause contributed to an effect, the causes are listed vertically on the Cause Map and separated with an “and”.)

How the hackers were able to gain access to the network hasn’t been released, but generally these types of ransomware attacks start by the hacker sending what seems to be routine email with an attached file such as a Word document. If somebody enables content on the attachment, the virus can access the system. Once the system is infected, the data on it is encrypted and the user is told that they need to pay the hackers to gain access to the encryption key that will unlock the system. Once the system has been locked up by ransomware, it can be very difficult to gain access of the data again unless the ransom is paid.  Unless a system is designed with robust back-ups, the only choices are likely to be to pay the ransom or lose the data.

The best way to deal with these types of attacks is to prevent them. Do not click on unknown links or attachments.  Good firewalls and anti-virus software may help if a person does click on something suspicious, but it can’t always prevent infection.  Many experts are concerned about the precedent set by businesses choosing to pay the ransom and fear these attacks may become increasingly common as they prove effective.

Patient death after ambulance delayed due to “extreme demand”

By ThinkReliability Staff

An inquest into the death of a young patient in London after a significant delay in the arrival of an ambulance released some disturbing details into the emergency process. We can perform a root cause analysis of the issues that led to the delay, and death, by capturing cause-and-effect relationships in a visual Cause Map.   As with many complex incidents, it will be helpful to capture the chronology of an event within a timeline. This timeline should not be confused with an analysis, but can be useful in organizing information related to the incident.

In this case, the patient, who had type 1 diabetes and had been feeling sick for more than a day, asked a friend to call an ambulance at about 5:00 pm on September 7, 2015. The friend dialed 111, which is the non-emergency medical helpline from the National Health Service. The initial call handler determined that the situation was not an emergency, but marked it for a 20-minute follow-up with a clinician. A clinical supervisor called back and spoke to the patient at 5:42 pm. She determined that it was an emergency that required an ambulance within 30 minutes. However, because it was known that the ambulance service was delayed, she asked the patient if she could get a friend to drive her to the hospital. The patient said she preferred an ambulance.

At this point it appears there was no contact until 10:15 pm, at which point a call-back was made to check on the patient’s ongoing symptoms. The friend at this time found the patient unconscious, having suffered cardiac arrest, and called 999, the emergency call system, at 10:23 pm. The ambulance arrived at 10:30 pm and took the patient to a hospital, where she died 5 days later.

At the inquest, the coroner testified that if the patient “had received definitive hospital care before she suffered a cardiac arrest in the evening of September 7, the likelihood is she would have survived.” Thus, from the perspective of the National Health Service, the patient safety goal is impacted because a death occurred that was believed to be at least partially due to an ambulance delay. Additional goals impacted are the patient services goal because of the delayed emergency treatment (the stated goal for the patient’s medical condition was 30 minutes, whereas the ambulance arrived nearly 4 hours after that goal). The schedule and operations goal is also impacted due to the insufficient capacity of both ambulances and the call system.

The Cause Mapping begins with an impacted goal and develops cause-and-effect relationships by asking “why” questions. The patient death was due to diabetic ketoacidosis, a severe complication of type 1 diabetes that may have resulted from an additional illness or underlying condition. As stated by the coroner, the delayed emergency treatment also resulted in the patient’s death. The ambulance that would take the patient to the hospital was delayed because the demand exceeded capacity. Demand was “extreme” (there were 200 other patients waiting for ambulances in London at the same time). The lack of capacity resulted from low operational resourcing, though no other information was available about what caused this. (This is a question that should be addressed by the service’s internal investigation.)

The patient was not driven to the hospital, which would potentially have gotten her treated faster and maybe even saved her life. The patient requested an ambulance and the potentially significant delay time was not discussed with the friend who had originally called. At the time of the first call-back, the estimated arrival time of an ambulance was not known. (By the time of the second call-back, it was too late.)

The second call-back was also delayed. Presumably this call was to update the patient’s symptoms as necessary and reclassify the call (to be more or less urgent) as appropriate. However, the demand exceeded supply for the call center as well as for ambulances. The call center received 300 calls during the hour of the initial call regarding this patient, which resulted in the service operations being upgraded to “purple-enhanced”. (This is the third-most serious category, the most serious being “black” or “catastrophic”.)   The change in operations meant that personnel normally assigned to call-backs were instead assigned to take initial emergency calls. Additionally, it’s likely the same “operational resourcing” issues that affected ambulance availability also impacted the call center.

Additional details of the causes related to the insufficient capacity of emergency medical services are required to come up with effective solutions. The ambulance service has completed its own internal investigation, which was presented to the family of the patient. The patient’s brother says, “I hope these lessons will be learnt and this case will not happen again” and the family says they will continue to raise awareness of the dangers of diabetes.

To view the initial analysis of this issue, including the timeline, click on “Download PDF” above. Or click here to read more.


Study finds many patients don’t understand their discharge instructions

By Kim Smiley 

Keeping patients as comfortable and safe as possible following hospitalization is difficult if they aren’t receiving appropriate follow-up care after returning home.  But a recent study “Readability of discharge summaries: with what level of information are we dismissing our patients?” found that many patients struggle to understand their follow-up care instructions after leaving the hospital.  

Generally, follow-up care instructions are verbally explained to patients prior to discharge, but many find it difficult to remember all the necessary information once they return home.  The stress of the hospitalization, memory-clouding medication, injuries that may affect memory and the sheer number of instructions can make remembering the details of verbal follow-up care instructions difficult. 

In order to help patients understand and remember their recommended discharge instructions, written instructions are provided at the time of discharge.  However, the study found that many patients cannot understand their written follow-up care instructions.  The study determined that a significant percentage of patients are either functionally illiterate or marginally literate and lack the reading skills necessary to understand their written instructions.  One assessment found that follow-up care instructions were written at about a 10th grade level and another assessment determined that the instructions should be understood by 13 to 15-year-old students.  

One of the causes that contributes to this problem is that discharge instructions are written with two audiences in mind – the patient and their family as well as their doctor.  Many patients need simple, clear instructions, but other doctors understand medical jargon and more complicated care instructions.  

It is important to note that the study did have several limitations.  Researchers did not give patients reading tests and instead relied on the highest level of education attained to estimate literacy skills.  Non-English speakers were excluded.  Even with this limitation, the study provided information that should help medical professionals provide clear guidance on follow-up care recommendations. 

The obvious solution is to work towards writing care instructions that are as simple and clear to understand as possible. In order to help patients clearly understand their follow-up care instructions, the American Medical Association already recommends that health information be written at a sixth grade reading level.  Providing clear contact information and encouraging patients to call their nurse or doctor with any questions about discharge instructions could also improve the follow-up care patients are receiving.

What’s the best way to screen for breast cancer? Opinions differ.

By ThinkReliability Staff

In 2015, there were 40,000 deaths from breast cancer and 232,000 new cases of breast cancer in the United States. It is the second-leading cause of cancer death in women in the United States. The very high level cause-and-effect is that people (primarily women) die from breast cancer due to ineffective treatment. The later the cancer is detected, the later the treatment begins so early detection can help prevent breast cancer deaths. Currently the best solution for detecting breast cancer is a mammogram. But the matter of when mammograms should occur is based on risk-benefit analysis.

There’s no question that mammograms save lives by detecting breast cancer. This is the benefit provided in the analysis. Lesser known are the risks of mammograms. Risks include false negatives, false positives, unnecessary biopsies, and unnecessary treatment. The radiation that may be used in treatment can actually be a cause of future breast (and other types) of cancer.

On January 11, 2016, the United States Preventive Services Task Force (USPSTF) issued an update of their guidelines on mammogram starting and ending age (as well as other related recommendations). To develop these recommendations, the task force attempted to quantify the risks and benefits of receiving mammograms at varying ages.

For women aged 40 to 49, the task force found that “there is at least moderate certainly that the net benefit is small.” The net benefit here reflects the benefits of screening (~.4 cancer deaths prevented for every 1,000 screened and an overall reduction in the risk of dying from breast cancer from ~2.7% to ~1.8%) compared to the risks of screening. Risks of mammograms every other year for women aged 40 to 49 include ~121 false positives, ~200 unnecessary biopsies, ~20 harmless cancers treated, and ~1 false negative for every 1,000 women screened. The task force determined that in this case, the benefits do not significantly outweigh the risks for the average woman. Thus, the recommendation was rated as a C, meaning “The USPSTF recommends selectively offering or providing this service to individual patients based on professional judgment and patient preferences.” (Women who are at high risk or who feel that in their individual case, the benefits outweigh the risk, may still want to get screened before age 50.)

For women aged 50 to 74, the task force found that “there is high certainty that the net benefit is moderate or there is moderate certainty that the net benefit is moderate to substantial.” The types of benefits and risks are the same as for screening women ages 40 to 49, but the benefits are greater, and the risks are less. For women aged 50 to 74, there are ~4.2 cancer deaths prevented for every 1,000 screened and an overall reduction in the risk of dying from breast cancer from 2.7% to ~1.8%.   Risks of mammograms every other year for women aged 50 to 74 include ~87 false positives, ~160 unnecessary biopsies, ~18 harmless cancers treated, and ~1.2 false negatives for every 1,000 women screened. The task force determined that for women aged 50 to 74, the benefits of mammograms every other year outweighs the risk. Thus, the recommendation was rated as a B (the USPSTF recommends the service).

The task force determined it did not have enough evidence to provide a recommendation either way for screening women over age 74.

Comparing these risks to benefits is a subjective analysis, and some do not agree with the findings. Says Dr. Clifford A. Hudis, the chief of breast cancer medicine at Memorial Sloan Kettering Cancer Center, “The harm of a missed curable cancer is something profound. The harm of an unnecessary biopsy seems somewhat less to me.” To those that disagree, the task force reiterates that personal preference should determine the age screening begins. However, insurers may choose to base coverage on these recommendations. (Currently, private insurers are required to pay for mammograms for women 40 and over through 2017.)

Determining these recommendations – like performing any risk-benefit analysis – was no easy task and demonstrates the difficulty of evaluating risks vs. benefits. Because these analyses are subjective, results may vary. To view the risk vs. benefit comparison overview by the task force, click on “Download PDF” above.