Cyberattacks and ransomware have been an ongoing story throughout the entire year, with hospitals and healthcare systems being one of the most popular targets for hackers attempting to shut down services and access personal information in hopes of a payout.
Take, for example, an attack on patient records that happened just last week at Ardent Health Services hospitals in New Jersey, Texas, Oklahoma, and New Mexico: one of, if not the largest operator to be hit so far. The attack shut down a significant number of the health system’s computerized services, causing a temporary shutdown of affected hospitals’ emergency rooms and rescheduling of surgeries, all while nurses rushed to print out paper patient records.
While the first time health systems and hospitals were specifically targeted on record in this fashion was in 2016, the U.S. Department of Health and Human Services (HHS) estimated recently that more than 61 million people’s medical data has been exposed just since January – and the Biden Administration has been very keen to address this.
Back in March, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) launched a program to warn American companies that their systems are vulnerable to ransomware attacks in the brief but vital time period between a hacker gaining access to a network and when they lock up the network and demand payment. Indeed, in the Ardent Health incident, CISA officials reached out to the company to alert them about suspicious activity in their system.
Now CISA has released a new mitigation guide for healthcare and public health organizations that identifies common vulnerabilities and how the sector can shore up their systems to prevent these attacks in the first place. The agency previously released a Cyber Risk Summary document back in July, and this new release is being called a “supplemental companion” to that.
The guidelines are, of course, optional, but are intended to help health system IT teams and others in the industry looking for best practices and recommendations.
The new guide looks at three main areas where healthcare is vulnerable: asset management and security, identity management and device security, and vulnerability and configuration management. Now, I won’t go into explicit detail about each of these – I’ll leave you something to look forward to reading – but some highlighted recommendations include having employees use phishing-resistant multifactor authentication, allowing encrypted connections and watermarked emails, and restricting access to sensitive data to only those who need it.
CISA also goes on to note that they’ve additionally published guidelines for software design that direct technology manufacturers to develop programs with cybersecurity in mind. The agency makes clear that this is not solely the responsibility of healthcare and public health organizations; it is a joint effort.
This effort is vitally important; a CISA study found that cyberattacks in hospitals resulted in reduced capacity and worsened health outcomes, both immediately and long after the attack. Aside from the rescheduled surgeries and necessity for paper records, the study found downstream effects of delayed cancer treatments, loss of communication between hospitals in the network, inability to submit radiology imaging, and delayed communication of test results.
As we close out 2023, cyberattacks unfortunately add another layer to the healthcare industry’s struggles. Amid staffing and budget concerns, organizations are going to need to consider CISA’s and other recommendations to ensure their networks’ safety. But as studies show, it’s worth it. And like FBI Director Christopher Wray stated when discussing the issue: “The best time to patch the roof is before there’s a leak.”
Clinical documentation integrity (CDI) professionals work in a variety of settings, and although I mostly focus on topics related to hospital inpatient billing, this week
As the federal government shutdown drags into its fifth week, the collapse of key safety-net supports such as nutrition benefits, health-insurance subsidies, and the disruption
Please log in to your account to comment on this article.
Accurately determining the principal diagnosis is critical for compliant billing, appropriate reimbursement, and valid quality reporting — yet it remains one of the most subjective and error-prone areas in inpatient coding. In this expert-led session, Cheryl Ericson, RN, MS, CCDS, CDIP, demystifies the complexities of principal diagnosis assignment, bridging the gap between coding rules and clinical reality. Learn how to strengthen your organization’s coding accuracy, reduce denials, and ensure your documentation supports true medical necessity.
Denials continue to delay reimbursement, increase administrative burden, and threaten financial stability across healthcare organizations. This essential webcast tackles the root causes—rising payer scrutiny, fragmented workflows, inconsistent documentation, and underused analytics—and offers proven, data-driven strategies to prevent and overturn denials. Attendees will gain practical tools to strengthen documentation and coding accuracy, engage clinicians effectively, and leverage predictive analytics and AI to identify risks before they impact revenue. Through real-world case examples and actionable guidance, this session empowers coding, CDI, and revenue cycle professionals to shift from reactive appeals to proactive denial prevention and revenue protection.
Sepsis remains one of the most frequently denied and contested diagnoses, creating costly revenue loss and compliance risks. In this webcast, Angela Comfort, DBA, MBA, RHIA, CDIP, CCS, CCS-P, provides practical, real-world strategies to align documentation with coding guidelines, reconcile Sepsis-2 and Sepsis-3 definitions, and apply compliant queries. You’ll learn how to identify and address documentation gaps, strengthen provider engagement, and defend diagnoses against payer scrutiny—equipping you to protect reimbursement, improve SOI/ROM capture, and reduce audit vulnerability in this high-risk area.
Only ICD10monitor delivers what you need: updates on must-know changes associated with the FY26 IPPS, including new ICD-10-CM/PCS codes, CCs/MCCs, and MS-DRGs, plus insights, analysis and answers to your questions from two of the country’s most respected subject matter experts.
Federal auditors are zeroing in on Inpatient Rehabilitation Facility (IRF) and hospital rehab unit services, with OIG and CERT audits leading to millions in penalties—often due to documentation and administrative errors, not quality of care. Join compliance expert Michael Calahan, PA, MBA, to learn the five clinical “pillars” of IRF-PPS admissions, key documentation requirements, and real-life case lessons to help protect your revenue.
During this essential RACmonitor webcast Michael Calahan, PA, MBA Certified Compliance Officer, will clarify the rules, dispel common misconceptions, and equip you with practical strategies to code, document, and bill high-risk split/shared, incident-to & critical care E/M services with confidence. Don’t let audit risks or revenue losses catch your organization off guard — learn exactly what federal auditors are looking for and how to ensure your documentation and reporting stand up to scrutiny.
Learn how to navigate the proposed elimination of the Inpatient-Only list. Gain strategies to assess admission status, avoid denials, protect compliance, and address impacts across Medicare and non-Medicare payors. Essential insights for hospitals.
RACmonitor is proud to welcome back Dr. Ronald Hirsch, one of his most requested webcasts. In this highly anticipated session, Dr. Hirsch will break down the complex Two Midnight Rule Medicare regulations, translating them into clear, actionable guidance. He’ll walk you through the basics of the rule, offer expert interpretation, and apply the rule to real-world clinical scenarios—so you leave with greater clarity, confidence, and the tools to ensure compliance.
Prepare for the 2025 CMS IPPS Final Rule with ICD10monitor’s IPPSPalooza! Click HERE to learn more
Get 15% OFF on all educational webcasts at ICD10monitor with code JULYFOURTH24 until July 4, 2024—start learning today!
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
