Diabetes is a costly illness that affects tens of millions of Americans. Joslin Diabetes Center is a world renowned specialist located in the heart of Boston’s Longwood Medical Center. It seems like it should be booming, but in fact diabetes treatment is not a great business and Joslin has not had strong financial performance.
Cancer, cardiology and orthopedics –with their invasive procedures– are much better for making money. But good diabetes care means coordinating lots of people to examine and guide the patient. That’s expensive to provide but not well reimbursed.
And standalone specialty hospitals, even prestigious ones, need strong connections to integrated health systems if they want patients.
Drug pricing is the hottest topic in healthcare, and ICER founder Dr. Steve Pearson is the coolest person to discuss it with.
In this episode of the HealthBiz podcast, Steve describes how the Institute for Clinical and Economic Review (ICER) compiles and analyzes clinical evidence to estimate the fair value of treatments for cancer and other serious illnesses. ICER has been especially active during the pandemic, developing a pricing model for remdesivir and other COVID-19 therapies that’s being used in the United States and by health technology assessment agencies around the world.
Jean Mixer has been guiding Boston Children’s Hospital into the digital future for the past seven years, so she was more than prepared when the COVID-19 pandemic arrived and suddenly everyone was forced to go remote. I first met Jean at Boston Consulting Group in the 1990s when she led growth strategy projects in healthcare, financial services and consumer goods. We stayed in touch and reunited five years ago when Health Business Group helped Jean put the Children’s digital strategy in place.
In this episode of the HealthBiz podcast, Jean traces her journey from JP Morgan to BCG to her own consulting practice and then to Boston Children’s. She shares her experience as a director of public companies in biotech, medical devices, and banking. And she explains what she’d do if she had a time machine.
Mike Totterman and Alex Zapesochny grew up on the same street of immigrants in Rochester, NY. Two decades later they joined with Sasha Latypova to co-found iCardiac Technologies, a high-tech success story that helped pharmaceutical companies measure cardiac safety in clinical trials. Now, with Clerio Vision they’re plotting to revolutionize the world’s eyesight with innovative contact lenses and a noninvasive procedure to replace LASIK. I’ve been along for the ride, as an investor and board member in both companies.
In this episode of the HealthBiz podcast, Alex and Mike talk about entrepreneurship, spinning technologies out of universities, making partnerships last, and what they do in their spare time.
As I re-listened to the interview, I was struck by the wisdom they shared about how to turn a cool technology into a real business. It’s hard to do but there are some best practices to follow.
Chances are you’ve been hearing a lot about cyberattacks and specifically ransomware in healthcare lately. Attackers take over systems and encrypt files, demanding payment in Bitcoin. They often get away with it.
Attacks like the recent ones on Universal Health Services and ERT that make the papers are just the tip of the iceberg. No one wants to report that something like this happened to them.
Until recently, I had assumed that such attacks were really hard to stop. Some are. But it turns out there are often many ways to thwart ransomware, and often hours or even days in which to do so.
I asked security experts at Gamayan to analyze the UHS attack and was amazed that they found at least 28 ways it could be stopped. Check out the UHS ransomware case study that breaks down the attack and potential response step by step.
If you want to learn how to prevent such attacks at your organization, contact me.
Here’s the timeline of the attack:
16:37 Bazar Malware Executed (Remote IP)
16:48 Domain discovery commands
17:06 Registry discovery commands
17:28 More domain discovery and network checks to domain controllers
17:41 AdFind used to map active directory
18:49 checks again for domain trusts and AdFind using Bazar (FTP exfiltration to remote IP)
20:12 First lateral movement attempt with WMIC (SMB transfer, Multiple payloads tried)
20:23 P64.exe Cobalt Strike beacon run on beachhead host (Remote IP)
21:04 Second P64.exe Cobalt Strike beacon dropped on beachhead host (New remote IP)
21:09 Next lateral movement attempt via a service and PowerShell (First Successful Lateral Movement)
21:10-22:06 Continual lateral movement using Cobalt Strike beacons via SMB across the environment
21:43 Windows Defender begins to be disabled using Powershell commands
21:45 First RYUK ransomware executable transferred to the backup system (Ryuk Executed)