The ransomware crisis continues to impact hospitals and health systems with little sign of slowing down.
In 2017, IT security in healthcare was in the media spotlight. In May, the WannaCry ransomware hit thousands of information systems. It was followed by NotPetya, which took down Merck and Nuance. In June, the Health Care Industry Cybersecurity Task Force released a number of security frameworks, and the number of cybersecurity training programs increased.
Security frameworks are not the answer to this problem, but they are organizing schema that sometimes help an organization think through its requirements to protect its healthcare data. By August, professionals were worrying about the Internet-of-things (IoT), including malware infection of medical devices – to possibly even include pacemakers active within patients’ bodies.
In Stockholm, at the October ITechLaw conference, practicing attorneys expressed concerns that there was no legal standard that defined the level of due diligence necessary in the management of their information systems. Organizations were being held responsible by government regulators, but with no objective standard of security. CMS delayed requirements for using the 2015 certified electronic health record (EHR) standard. eClinicalWorks’ software company was brought into court because its software could not identify cancer. Medicare continued to deny reimbursement for many telemedicine procedures, thus remaining Luddite in its orientation. Without an accepted standard for reasonable cybersecurity, organizations will remain unable to protect themselves from litigation claiming negligence in their data management.
The end-of-year statistics said it all. Healthcare system security breaches rose 24 percent, but ransomware incidents rose 89 percent.
We can expect that in 2018, IT security in the healthcare sector will continue to be a challenge. Hackers, terrorists, non-state actors, even state actors all continue to be antagonists to the global cyber infrastructure. Information systems can be compromised in a number of ways:
The industry already is off to a good start in 2018. Last Thursday, two North Carolina-based data centers of the giant company Allscripts had its cloud platform disabled by a ransomware attack. All patient information became unavailable. The e-prescribing system and EHR platform went offline. The Electronic Prescribing of Controlled Substances (EPCS) functionality went down. Physicians had to go back to paper records.
The previous week, Hancock Health in Greenfield, Ind. was hit by ransomware. All of the patient names in its EHR were changed to “I’m sorry.” They paid out $55,000, which is much less than it would have cost to restore the system had the records remained locked. The “I’m sorry” attack had been visited on Indiana’s Adams Memorial Hospital prior to this. In early January, it was reported that more than one-half of all patient information in Norway had been compromised.
The creativity of criminals is limitless, and law enforcement sometimes is a step behind. Likewise, healthcare security professionals and the security countermeasures they are able to deploy can be insufficient.
And in many cases, they will remain behind, because IT security involves what professionals describe as “asymmetric warfare,” a fancy way of saying that the cost of the attack is many times less than the cost of defense.
In particular, the tsunami of ransomware will continue to do damage to thousands of enterprises, both public and private.
Some have placed blame for ransomware on the outlaw government in North Korea. After all, it is a money-making operation, and the use of crypto-currency makes it easy to get paid. Or it could be Russian organized crime, or other governments, or rogue hackers, or someone else. It really doesn’t matter. What’s important is that ransomware is what the U.S. intelligence community calls an “advanced persistent threat.”
Efforts are being made to set up mechanisms for sharing of cyber threat information between organizations. Theoretically, this should mitigate the damage, but we will have to wait for 2019 to see if it really works as planned – and my guess is that it will not.
The Centers for Medicare & Medicaid Services (CMS) has published several new proposed rules regarding Medicare payments for 2025. In addition to updating payment rates,
The Centers for Medicare & Medicaid Services (CMS) has recently taken significant steps to enhance the Medicare Prescription Payment Plan by issuing final guidance and
Please log in to your account to comment on this article.
ICD10monitor has teamed up with renowned CDI expert Dr. Erica Remer to bring you an exclusive webcast on how to recognize sepsis, how to get providers to give documentation that will support sepsis, and how to educate to avert sepsis denials. Register now and become a crucial piece of the solution to standardizing sepsis clinical practice, documentation, and coding at your facility.
Optimize your inpatient clinical documentation and gain comprehensive knowledge from foundational practices to advanced technologies, ensuring improved patient care and organizational and financial success. This webcast bundle provides a holistic approach to CDI, empowering you to implement best practices from the ground up and leverage advanced strategies for superior results. Participants will gain actionable insights to improve documentation quality, patient care, compliance, and financial outcomes.
Join expert Angela Comfort, MBA, RHIA, CDIP, CCS, CCS-P., as she helps you navigate advanced inpatient CDI technologies, regulatory changes, and system interoperability. Angela will provide actionable strategies for integrating AI and predictive analytics into CDI practices, ensuring seamless system interoperability, and maintaining compliance with evolving regulations. Attendees will learn to select and implement advanced EHR systems and CDI software, leverage data analytics to enhance documentation accuracy, and stay audit-ready with the latest compliance updates. Real-world case studies and practical tools will empower you to drive continuous improvement in CDI, improve patient outcomes, and enhance organizational efficiency. Don’t miss this opportunity to advance your CDI practices and stay ahead in this dynamic field.
Join expert Angela Comfort, MBA, RHIA, CDIP, CCS, CCS-P, for an insightful webcast on improving inpatient clinical documentation integrity (CDI). Inaccurate documentation can lead to misdiagnosis, improper treatment, and compromised patient safety. High workloads, lack of standardized practices, and outdated EHR systems contribute to these issues, affecting care quality and financial outcomes. Angela will offer practical strategies and tools to enhance accuracy, consistency, and timeliness in documentation. Attendees will learn to use standardized templates, checklists, and advanced EHR systems, while staying compliant with regulations. Improve patient care, ensure accurate billing, and reduce audit risks with actionable insights from this essential webcast.
This webcast, presented by Tiffany Ferguson, LMSW, CMAC, ACM, addresses the critical gap in Social Determinants of Health (SDoH) reporting for pediatric populations. While SDoH efforts often focus on adults, this session emphasizes the unique needs of children. Attendees will gain insights into the current state of SDoH, new pediatric Z-codes, and the importance of interdisciplinary collaboration. By understanding and applying pediatric-specific SDoH factors, healthcare professionals can improve data capture, compliance, and care outcomes. This webcast is essential for those looking to enhance their approach to pediatric SDoH reporting and coding.
Join Becky Jacobsen, BSN, RN, MBS, CCS-P, CPC, CPEDC, CBCS, CEMC, VP of CDM, for a webcast addressing oncology service coding challenges. Learn to navigate coding for infusions and injections alongside Evaluation and Management (E/M) services, ensuring compliance and accurate reimbursement. Gain insights into documenting E/M services for oncology patients and determining medical necessity. This webcast is essential to optimize coding practices, maintain compliance, and maximize revenue in oncology care.
During this webcast Dr. Ronald Hirsch delves into the inpatient admission order process including when to get it, when it becomes effective, its impact on billing and payment, who can write it, how to cancel it, the effects on the beneficiary, and more. You’ll leave with a clear understanding of inpatient orders and guidelines for handling improper orders that you can implement immediately.
Michelle Wieczorek explores challenges, strategies, and best practices to AI implementation and ongoing monitoring in the middle revenue cycle through real-world use cases. She addresses critical issues such as the validation of AI algorithms, the importance of human validation in machine learning, and the delineation of responsibilities between buyers and vendors.
Copyright © 2024 RACmonitor. Powered by MedLearn Media.
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
