Cyberattacks and ransomware have been an ongoing story throughout the entire year, with hospitals and healthcare systems being one of the most popular targets for hackers attempting to shut down services and access personal information in hopes of a payout.
Take, for example, an attack on patient records that happened just last week at Ardent Health Services hospitals in New Jersey, Texas, Oklahoma, and New Mexico: one of, if not the largest operator to be hit so far. The attack shut down a significant number of the health system’s computerized services, causing a temporary shutdown of affected hospitals’ emergency rooms and rescheduling of surgeries, all while nurses rushed to print out paper patient records.
While the first time health systems and hospitals were specifically targeted on record in this fashion was in 2016, the U.S. Department of Health and Human Services (HHS) estimated recently that more than 61 million people’s medical data has been exposed just since January – and the Biden Administration has been very keen to address this.
Back in March, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) launched a program to warn American companies that their systems are vulnerable to ransomware attacks in the brief but vital time period between a hacker gaining access to a network and when they lock up the network and demand payment. Indeed, in the Ardent Health incident, CISA officials reached out to the company to alert them about suspicious activity in their system.
Now CISA has released a new mitigation guide for healthcare and public health organizations that identifies common vulnerabilities and how the sector can shore up their systems to prevent these attacks in the first place. The agency previously released a Cyber Risk Summary document back in July, and this new release is being called a “supplemental companion” to that.
The guidelines are, of course, optional, but are intended to help health system IT teams and others in the industry looking for best practices and recommendations.
The new guide looks at three main areas where healthcare is vulnerable: asset management and security, identity management and device security, and vulnerability and configuration management. Now, I won’t go into explicit detail about each of these – I’ll leave you something to look forward to reading – but some highlighted recommendations include having employees use phishing-resistant multifactor authentication, allowing encrypted connections and watermarked emails, and restricting access to sensitive data to only those who need it.
CISA also goes on to note that they’ve additionally published guidelines for software design that direct technology manufacturers to develop programs with cybersecurity in mind. The agency makes clear that this is not solely the responsibility of healthcare and public health organizations; it is a joint effort.
This effort is vitally important; a CISA study found that cyberattacks in hospitals resulted in reduced capacity and worsened health outcomes, both immediately and long after the attack. Aside from the rescheduled surgeries and necessity for paper records, the study found downstream effects of delayed cancer treatments, loss of communication between hospitals in the network, inability to submit radiology imaging, and delayed communication of test results.
As we close out 2023, cyberattacks unfortunately add another layer to the healthcare industry’s struggles. Amid staffing and budget concerns, organizations are going to need to consider CISA’s and other recommendations to ensure their networks’ safety. But as studies show, it’s worth it. And like FBI Director Christopher Wray stated when discussing the issue: “The best time to patch the roof is before there’s a leak.”
A current movement within the clinical revenue cycle is putting utilization review and clinical documentation integrity (CDI) under the same reporting structure. There are many
Last week MedLearn Media published an article by Bryan Nordley titled “Defend Against IR Dialysis Circuit Denials: Expert Coding Tips to Promote Success in 2026.”
Please log in to your account to comment on this article.
Uncover essential coding insights with nationally recognized coding authority Kay Piper, RHIA, CDIP, CCS. Through ICD10monitor’s interactive, on‑demand webcast series, Kay walks you through the AHA’s 2026 ICD‑10‑CM/PCS Quarterly Coding Clinics, translating each update into practical, easy‑to‑apply guidance designed to sharpen precision, ensure compliance, and strengthen day‑to‑day decision‑making. Available shortly after each official release.
Uncover critical guidance on the ICD-10-CM/PCS code updates. Kay Piper reviews and explains ICD-10-CM/PCS coding guidelines in the AHA’s fourth quarter 2026 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
Uncover critical guidance on the ICD-10-CM/PCS code updates. Kay Piper reviews and explains ICD-10-CM/PCS coding guidelines in the AHA’s third quarter 2026 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
Uncover critical guidance on the ICD-10-CM/PCS code updates. Kay Piper reviews and explains ICD-10-CM/PCS coding guidelines in the AHA’s second quarter 2026 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
Federal auditors are intensifying their focus on inpatient psychiatric facilities, using advanced data analytics to spotlight outliers and pursue high‑dollar repayments. In this high‑impact webcast, Michael Calahan, PA, MBA, Compliance Officer and V.P., Hospital & Physician Compliance, breaks down what regulators are really targeting in IPF-PPS admissions, documentation, treatment and discharge planning. Attendees will learn practical steps to tighten processes, avoid common audit triggers and protect reimbursement and reduce the risk of multimillion-dollar repayment demands.
In this timely session, Stacey Shillito, CDIP, CPMA, CCS, CCS-P, CPEDC, COPC, breaks down the complexities of Medical Decision Making (MDM) documentation so providers can confidently capture the true complexity of their care. Attendees will learn practical, efficient strategies to ensure documentation aligns with current E/M guidelines, supports accurate coding, and reduces audit risk, all without adding to charting time.
Join Ronald Hirsch, MD, FACP, CHCQM for The PEPPER Returns – Risk and Opportunity at Your Fingertips, a practical webcast that demystifies the PEPPER and shows you how to turn complex claims data into actionable insights. Dr. Hirsch will explain how to interpret key measures, identify compliance risks, uncover missed revenue opportunities, and understand new updates in the PEPPER, all to help your organization stay ahead of audits and use this powerful data proactively.
Stay ahead of the 2026-2027 audit surge with “Top 10 Audit Targets for 2026-2027 for Hospitals & Physicians: Protect Your Revenue,” a high-impact webcast led by Michael Calahan, PA, MBA. This concise session gives hospitals and physicians clear insight into the most likely federal audit targets, such as E/M services, split/shared and critical care, observation and admissions, device credits, and Two-Midnight Rule changes, and shows how to tighten documentation, coding, and internal processes to reduce denials, recoupments, and penalties. Attendees walk away with practical best practices to protect revenue, strengthen compliance, and better prepare their teams for inevitable audits.
Prepare for the 2025 CMS IPPS Final Rule with ICD10monitor’s IPPSPalooza! Click HERE to learn more
Get 15% OFF on all educational webcasts at ICD10monitor with code JULYFOURTH24 until July 4, 2024—start learning today!
BLOOM INTO SAVINGS! Get 25% OFF during our spring sale through March 27. Use code SPRING26 at checkout to claim this offer.
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 1 with code CYBER25
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
