| The untold story in these things is the role of forced EMR regulations. I've worked in healthcare for some time, as does my spouse and my family. These record systems used to all be developed in-house systems, fully self supporting, with little outside involvement. Then in the 2000s gov regulations started mandating adoption of EMRs. Especially here this seems like a no-brainer but in actuality for many hospitals they were unnecessary and introduced with massive cost overruns as hospitals were forced to buy them from a limited pool of vendors that were approved by deadline rather than by intrinsic need. How does this relate to the ransoms? Because if the EMRs were adopted organically, my guess is it would have happened more gradually, with more diversity of systems, more open source, more testing, and more emphasis on security, backup, and self-reliant reliability. It's hard to overemphasize the change in records infrastructure in hospitals due to mandated EMRs, and a lot of it has been for the worse. EMRs would have been implemented eventually without the mandates, but at lower cost and greater security probably. It's just another example of how overregulation in healthcare that sounds good but in practice ends up creating unnecessary costs and causing problems. It also once again doesn't get attention in healthcare price discussions, because it's structural, indirect, and removed from the immediate billing. I blame these types of ransomware attacks in part on EMR mandates and those who encouraged them. Should bthe federal gov, which encouraged this mess, pay the costs, either of the ransoms, or the cost of not paying? |