EDITOR’S NOTE: Edward Roche, in association with RACmonitor, is writing a series of articles on the need for U.S. healthcare facilities to protect themselves from cybercriminals demanding ransoms for patient records. This is the ninth installment in the series.
Today, we take a brief look back in history to determine: What is the origin of the ransomware that has been attacking the healthcare sector of late?
It appears that the first software designed to attack a computing system and encrypt the data was demonstrated in 1996 at an Institute of Electrical and Electronics Engineers (IEEE) security and privacy conference. The creator of the software, Mordechai Moti Yung, was at Columbia University at the time, having invented the term “cryptovirology.” Although Young went on to a distinguished career at the IBM Thomas J. Watson Research Center, RSA Laboratories, and Google, the concept rapidly gained a foothold in criminal circles.
By 1992, ransomware was being used for collecting payments in human kidnapping cases. By 2006, a number of ransomware viruses were impacting the Internet. According to the Barkly Blog, the number of ransomware attacks is increasing rapidly: A new company is hit every 40 seconds; an individual is attacked every 10 seconds.
The Kaspersky Lab reported that around 35 percent of user computers receive at least one malware-class web attack each year. In 2016, the Lab itself repelled 758,044,650 attacks that were originating from 261,774,932 different URLs (website addresses).
These hackers are almost as good as our pharmaceutical companies in creating catchy names. Malware features titles such as GPcode, Archiveus, Krotten, Cryzip, and MayArchive.
The most recent large-scale attack was carried out by WannaCry, and like most other viruses, it targeted Microsoft Windows environments. The National Health Service in the United Kingdom was particularly hard hit in May.
Best Practices – A Security Update
In the world of ransomware, there is always a race between the attacker and the software vendor that creates a software patch to defeat the malware. Once a vendor is notified of vulnerability in its software, it typically works furiously to eliminate it. A skillfully constructed system has been put in place so that as soon as these weaknesses are found, software companies are notified that security patches are available. A new release of the software is compiled, and this then is pushed out to users. This gives healthcare providers an opportunity to secure their information systems.
But security researchers know that in many cases, users fail to keep their information systems updated. This perhaps is understandable, because there are so many malware attacks that almost daily updating is required. On average, upon receiving a security patch, it takes users approximately four business days to update their systems. This is not fast enough.
The IT professionals in every healthcare facility should update their systems within 3-4 hours after any new patch is released, no matter what time of day the release is made available. Every healthcare provider should have a zero-tolerance policy for this in place.
The threat is so severe that any management team hesitant to enforce such a policy could be considered negligent.
Leaks from U.S. Intelligence
Although everything done in the world of intelligence is supposed to be secret, sadly this is not the case in the United States. Public reporting by news organizations that publish leaked classified and sensitive information has revealed that the U.S. intelligence community over the years has developed a comprehensive set of cyber tools for spying. These tools often are used to break into the information systems of adversaries. They rely upon the exploitation of vulnerabilities in information systems. These tools are powerful, and they evidently work.
Since these cyber weapons are classified, it is a felony to reveal them. Once they are revealed, however, then the intelligence community loses a portal into organizations upon whom they are spying.
A recent leak of the hacking tools from the Central Intelligence Agency has been a gift to hackers worldwide. It is clear that leaked tools developed by U.S. intelligence have been used by criminals. The recent attack of “EternalBlue” is linked to this.
But at the same time U.S. intelligence is creating these cyber-hacking tools, other organizations such as the U.S. Department of Homeland Security and the Department of Health and Human Services Cybersecurity Task Force are working hard at developing a national strategy regarding cyberattacks.
It’s interesting – on the one hand, the U.S. government is spending billions of dollars developing hacking tools. At the same time, another part of the same government is organized to coordinate rapid patching of software, thus mitigating the risks of such hacking.
In previous segments of this series, we have reviewed how healthcare providers have a very challenging task in securely managing all of their information and data. If there is a breach that leads to the release of patient health data (or any other type of data, such as financial or insurance information), then the healthcare provider faces the difficult task of notification. Both state and federal agencies must be informed, but notices also must be sent out to each of the patients who have had their data compromised.
This is perhaps the great irony of today’s cyber security world: The government is creating many of the cyber tools that at the same time it is attempting to protect itself against; and healthcare providers can be subjected to fines and penalties if they fail to respond properly to an attack by cyber weapons that their own government has created.
As a provider, a question worth asking yourself these days is this: what degree of risk is there that you might have something on your
What is a “smart” hospital, and what states have the most of them? Furthermore, what makes them smart? Well, it is difficult to define exactly
Please log in to your account to comment on this article.
Accurately determining the principal diagnosis is critical for compliant billing, appropriate reimbursement, and valid quality reporting — yet it remains one of the most subjective and error-prone areas in inpatient coding. In this expert-led session, Cheryl Ericson, RN, MS, CCDS, CDIP, demystifies the complexities of principal diagnosis assignment, bridging the gap between coding rules and clinical reality. Learn how to strengthen your organization’s coding accuracy, reduce denials, and ensure your documentation supports true medical necessity.
Denials continue to delay reimbursement, increase administrative burden, and threaten financial stability across healthcare organizations. This essential webcast tackles the root causes—rising payer scrutiny, fragmented workflows, inconsistent documentation, and underused analytics—and offers proven, data-driven strategies to prevent and overturn denials. Attendees will gain practical tools to strengthen documentation and coding accuracy, engage clinicians effectively, and leverage predictive analytics and AI to identify risks before they impact revenue. Through real-world case examples and actionable guidance, this session empowers coding, CDI, and revenue cycle professionals to shift from reactive appeals to proactive denial prevention and revenue protection.
Sepsis remains one of the most frequently denied and contested diagnoses, creating costly revenue loss and compliance risks. In this webcast, Angela Comfort, DBA, MBA, RHIA, CDIP, CCS, CCS-P, provides practical, real-world strategies to align documentation with coding guidelines, reconcile Sepsis-2 and Sepsis-3 definitions, and apply compliant queries. You’ll learn how to identify and address documentation gaps, strengthen provider engagement, and defend diagnoses against payer scrutiny—equipping you to protect reimbursement, improve SOI/ROM capture, and reduce audit vulnerability in this high-risk area.
Only ICD10monitor delivers what you need: updates on must-know changes associated with the FY26 IPPS, including new ICD-10-CM/PCS codes, CCs/MCCs, and MS-DRGs, plus insights, analysis and answers to your questions from two of the country’s most respected subject matter experts.
As AI reshapes healthcare compliance, the risk of biased outputs and opaque decision-making grows. This webcast, led by Frank Cohen, delivers a practical Four-Pillar Governance Framework—Transparency, Accountability, Fairness, and Explainability—to help you govern AI-driven claim auditing with confidence. Learn how to identify and mitigate bias, implement robust human oversight, and document defensible AI review processes that regulators and auditors will accept. Discover concrete remedies, from rotation protocols to uncertainty scoring, and actionable steps to evaluate vendors before contracts are signed. In a regulatory landscape that moves faster than ever, gain the tools to stay compliant, defend your processes, and reduce liability while maintaining operational effectiveness.
Get clear, practical answers to Medicare’s most confusing regulations. Join Dr. Ronald Hirsch as he breaks down real-world compliance challenges and shares guidance your team can apply right away.
Federal auditors are zeroing in on Inpatient Rehabilitation Facility (IRF) and hospital rehab unit services, with OIG and CERT audits leading to millions in penalties—often due to documentation and administrative errors, not quality of care. Join compliance expert Michael Calahan, PA, MBA, to learn the five clinical “pillars” of IRF-PPS admissions, key documentation requirements, and real-life case lessons to help protect your revenue.
During this essential RACmonitor webcast Michael Calahan, PA, MBA Certified Compliance Officer, will clarify the rules, dispel common misconceptions, and equip you with practical strategies to code, document, and bill high-risk split/shared, incident-to & critical care E/M services with confidence. Don’t let audit risks or revenue losses catch your organization off guard — learn exactly what federal auditors are looking for and how to ensure your documentation and reporting stand up to scrutiny.
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 1 with code CYBER25
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
