Many healthcare professionals have unwittingly placed their facilities at risk for ransomware attacks.
Many of us watched Mark Zuckerberg testify before Congress last week, in the wake of the news that Facebook had released the data of 87 million users to a company named Cambridge Analytica, which in turn sold the data to political campaigns.
Let’s briefly talk about what happened at Facebook. A researcher named Aleksandr Kogan developed a Facebook application, or “app.” It was one of those “take a quiz” apps, on the surface. Unfortunately, if you took the quiz, your Facebook information was sent to the app creator. No big foul yet.
Now, this was a special app. It then pulled the information of all your friends and contacts on Facebook, without their permission. Here is how we get to 87 million users. The app then went on to gather data of the contacts of your contacts – the way a virus spreads.
Facebook and government bodies are still figuring out how much information was gathered. Cambridge Analytica has confirmed it also harvested some private messages. Facebook told them to delete the data once they found out what happened. The folks at Cambridge Analytica said they did, then continued selling the data to political campaigns.
Mr. Kogan, who began working for Cambridge Analytica after creating the app, insists that the app was modified to collect only user names, birth dates, and pages users liked. We only have the assurances of Mr. Kogan and Cambridge Analytica on what data they have, and we already know they have been less than forthcoming.
Why is this such a big concern for healthcare? If I know enough about you, I can breach your system accounts. If I know where you work, I can find out what systems are used by your healthcare company. I can get your company email address. If I just know where you work and your name, I can use it to send emails with hacking tools to you and your coworkers that look like they are coming from you.
Let’s assume that we trust Cambridge Analytica, and someone knows your name, birth date, and the Facebook pages you liked. Lots of people like their employers’ Facebook pages. Now I have your name, employer’s name, and your birth date. I can Google your company domain by Googling your company. Knowing your name and company domain, I can figure out your email address.
With just this much, I can start sending emails to you and your fellow employees. I can include special programs that allow me to take over computers in your company to access information – or maybe just lock the computers and demand payments to unlock them. If I can get control of your computer, maybe I can also log in to software with patient information that I can sell to identity thieves.
What can be done? First, a dose of reality: social media is here to stay. Platforms like Facebook are free to users, and Facebook makes huge profits from advertisements. Facebook users are the product. Facebook can’t allow users to block themselves off completely from advertisers – or potential hackers that want to use social media to break into systems.
Here are some common-sense things that can be done, keeping all this in mind.
First, you can start by being wary of emails that seem odd, like Dunn & Bradstreet suddenly needing a response to an impending issue when you never deal with this kind of information. Without opening such emails, notify your IT department. If you open an email that seems odd, immediately call IT.
Next, be careful what you share about your company on social media. You may think you know the members of a group of fellow employees on Facebook. You may not know them as well as you think. Consider staying away from these groups, or clearing memberships with your IT department. Review your company’s social media rules and comply with them.
Follow Mark Zuckerberg’s advice and review the privacy agreements and settings for your social media applications. If you are not comfortable with the privacy rules of a social media company, maybe you don’t need to use their apps. If you are comfortable, ask yourself: what privacy settings do you want to use for your account?
Never use personal information to make up company passwords. Change your passwords regularly, even if it is not required by your IT department. Consider adopting the same rules for your passwords for personal use.
When you walk away from your computer, lock it. You should also change your computer settings on your company computer to lock it after a period of inactivity. Even if someone can get access to your computer, they may not be able to unlock it without your computer login password.
All of these rules are like buying an alarm for your house or a getting a guard dog. You can’t guarantee you will stop any thief, but you can get them to pick the easier house down the block.
What details should the operative report include when billing code 31624? What requirements exist for bronchial alveolar lavage to be coded?
Under what conditions do we report new 2026 code 87494?
Please log in to your account to comment on this article.
Accurately determining the principal diagnosis is critical for compliant billing, appropriate reimbursement, and valid quality reporting — yet it remains one of the most subjective and error-prone areas in inpatient coding. In this expert-led session, Cheryl Ericson, RN, MS, CCDS, CDIP, demystifies the complexities of principal diagnosis assignment, bridging the gap between coding rules and clinical reality. Learn how to strengthen your organization’s coding accuracy, reduce denials, and ensure your documentation supports true medical necessity.
Denials continue to delay reimbursement, increase administrative burden, and threaten financial stability across healthcare organizations. This essential webcast tackles the root causes—rising payer scrutiny, fragmented workflows, inconsistent documentation, and underused analytics—and offers proven, data-driven strategies to prevent and overturn denials. Attendees will gain practical tools to strengthen documentation and coding accuracy, engage clinicians effectively, and leverage predictive analytics and AI to identify risks before they impact revenue. Through real-world case examples and actionable guidance, this session empowers coding, CDI, and revenue cycle professionals to shift from reactive appeals to proactive denial prevention and revenue protection.
Sepsis remains one of the most frequently denied and contested diagnoses, creating costly revenue loss and compliance risks. In this webcast, Angela Comfort, DBA, MBA, RHIA, CDIP, CCS, CCS-P, provides practical, real-world strategies to align documentation with coding guidelines, reconcile Sepsis-2 and Sepsis-3 definitions, and apply compliant queries. You’ll learn how to identify and address documentation gaps, strengthen provider engagement, and defend diagnoses against payer scrutiny—equipping you to protect reimbursement, improve SOI/ROM capture, and reduce audit vulnerability in this high-risk area.
Only ICD10monitor delivers what you need: updates on must-know changes associated with the FY26 IPPS, including new ICD-10-CM/PCS codes, CCs/MCCs, and MS-DRGs, plus insights, analysis and answers to your questions from two of the country’s most respected subject matter experts.
Stay ahead of the 2026-2027 audit surge with “Top 10 Audit Targets for 2026-2027 for Hospitals & Physicians: Protect Your Revenue,” a high-impact webcast led by Michael Calahan, PA, MBA. This concise session gives hospitals and physicians clear insight into the most likely federal audit targets, such as E/M services, split/shared and critical care, observation and admissions, device credits, and Two-Midnight Rule changes, and shows how to tighten documentation, coding, and internal processes to reduce denials, recoupments, and penalties. Attendees walk away with practical best practices to protect revenue, strengthen compliance, and better prepare their teams for inevitable audits.
As AI reshapes healthcare compliance, the risk of biased outputs and opaque decision-making grows. This webcast, led by Frank Cohen, delivers a practical Four-Pillar Governance Framework—Transparency, Accountability, Fairness, and Explainability—to help you govern AI-driven claim auditing with confidence. Learn how to identify and mitigate bias, implement robust human oversight, and document defensible AI review processes that regulators and auditors will accept. Discover concrete remedies, from rotation protocols to uncertainty scoring, and actionable steps to evaluate vendors before contracts are signed. In a regulatory landscape that moves faster than ever, gain the tools to stay compliant, defend your processes, and reduce liability while maintaining operational effectiveness.
Get clear, practical answers to Medicare’s most confusing regulations. Join Dr. Ronald Hirsch as he breaks down real-world compliance challenges and shares guidance your team can apply right away.
Federal auditors are zeroing in on Inpatient Rehabilitation Facility (IRF) and hospital rehab unit services, with OIG and CERT audits leading to millions in penalties—often due to documentation and administrative errors, not quality of care. Join compliance expert Michael Calahan, PA, MBA, to learn the five clinical “pillars” of IRF-PPS admissions, key documentation requirements, and real-life case lessons to help protect your revenue.
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 1 with code CYBER25
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
