Cyberattacks and ransomware have been an ongoing story throughout the entire year, with hospitals and healthcare systems being one of the most popular targets for hackers attempting to shut down services and access personal information in hopes of a payout.
Take, for example, an attack on patient records that happened just last week at Ardent Health Services hospitals in New Jersey, Texas, Oklahoma, and New Mexico: one of, if not the largest operator to be hit so far. The attack shut down a significant number of the health system’s computerized services, causing a temporary shutdown of affected hospitals’ emergency rooms and rescheduling of surgeries, all while nurses rushed to print out paper patient records.
While the first time health systems and hospitals were specifically targeted on record in this fashion was in 2016, the U.S. Department of Health and Human Services (HHS) estimated recently that more than 61 million people’s medical data has been exposed just since January – and the Biden Administration has been very keen to address this.
Back in March, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) launched a program to warn American companies that their systems are vulnerable to ransomware attacks in the brief but vital time period between a hacker gaining access to a network and when they lock up the network and demand payment. Indeed, in the Ardent Health incident, CISA officials reached out to the company to alert them about suspicious activity in their system.
Now CISA has released a new mitigation guide for healthcare and public health organizations that identifies common vulnerabilities and how the sector can shore up their systems to prevent these attacks in the first place. The agency previously released a Cyber Risk Summary document back in July, and this new release is being called a “supplemental companion” to that.
The guidelines are, of course, optional, but are intended to help health system IT teams and others in the industry looking for best practices and recommendations.
The new guide looks at three main areas where healthcare is vulnerable: asset management and security, identity management and device security, and vulnerability and configuration management. Now, I won’t go into explicit detail about each of these – I’ll leave you something to look forward to reading – but some highlighted recommendations include having employees use phishing-resistant multifactor authentication, allowing encrypted connections and watermarked emails, and restricting access to sensitive data to only those who need it.
CISA also goes on to note that they’ve additionally published guidelines for software design that direct technology manufacturers to develop programs with cybersecurity in mind. The agency makes clear that this is not solely the responsibility of healthcare and public health organizations; it is a joint effort.
This effort is vitally important; a CISA study found that cyberattacks in hospitals resulted in reduced capacity and worsened health outcomes, both immediately and long after the attack. Aside from the rescheduled surgeries and necessity for paper records, the study found downstream effects of delayed cancer treatments, loss of communication between hospitals in the network, inability to submit radiology imaging, and delayed communication of test results.
As we close out 2023, cyberattacks unfortunately add another layer to the healthcare industry’s struggles. Amid staffing and budget concerns, organizations are going to need to consider CISA’s and other recommendations to ensure their networks’ safety. But as studies show, it’s worth it. And like FBI Director Christopher Wray stated when discussing the issue: “The best time to patch the roof is before there’s a leak.”
Properly managed identity queues like roster management engines (RMEs) that mitigate errors and potential overlays lay the foundation for a well-maintained master person index (MPI)
In its Inpatient Prospective Payment System (IPPS) Proposed Rule for the 2025 fiscal year (FY), the Centers for Medicare & Medicaid Services (CMS) is considering
Please log in to your account to comment on this article.
Michelle Wieczorek explores challenges, strategies, and best practices to AI implementation and ongoing monitoring in the middle revenue cycle through real-world use cases. She addresses critical issues such as the validation of AI algorithms, the importance of human validation in machine learning, and the delineation of responsibilities between buyers and vendors.
Frank Cohen shows you how to leverage the Comprehensive Error Rate Testing Program (CERT) to create your own internal coding and billing risk assessment plan, including granular identification of risk areas and prioritizing audit tasks and functions resulting in decreased claim submission errors, reduced risk of audit-related damages, and a smoother, more efficient reimbursement process from Medicare.
Dr. Ronald Hirsch presents an essential “A to Z” review of Observation, including proper use for Medicare, Medicare Advantage, and commercial payers. He addresses the correct use of Observation in medical patients and surgical patients, and how to deal with the billing of unnecessary Observation services, professional fee billing, and more.
Explore the top-10 federal audit targets for 2024 in our webcast, “Top-10 Compliance Risk Areas for Hospitals & Physicians in 2024: Get Ahead of Federal Audit Targets,” featuring Certified Compliance Officer Michael G. Calahan, PA, MBA. Gain insights and best practices to proactively address risks, enhance compliance, and ensure financial well-being for your healthcare facility or practice. Join us for a comprehensive guide to successfully navigating the federal audit landscape.
Dive deep into the world of Social Determinants of Health (SDoH) coding with our comprehensive webcast. Explore the latest OPPS codes for 2024, understand SDoH assessments, and discover effective strategies for integrating coding seamlessly into healthcare practices. Gain invaluable insights and practical knowledge to navigate the complexities of SDoH coding confidently. Join us to unlock the potential of coding in promoting holistic patient care.
HIM coding expert, Kay Piper, RHIA, CDIP, CCS, reviews the guidance and updates coders and CDIs on important information in each of the AHA’s 2024 ICD-10-CM/PCS Quarterly Coding Clinics in easy-to-access on-demand webcasts, available shortly after each official publication.
Kay Piper reviews the guidance and updates coders and CDISs on important information in the AHA’s fourth quarter 2024 ICD-10-CM/PCS Quarterly Coding Clinic in an easy to access on-demand webcast.
Kay Piper reviews the guidance and updates coders on information in the AHA’s third quarter 2024 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
Copyright © 2024 ICD10monitor. Powered by MedLearn Media.
Happy World Health Day! Our exclusive webcast, ‘2024 SDoH Update: Navigating Coding and Screening Assessment,’ is just $99 for a limited time! Use code WorldHealth24 at checkout.
