EDITOR’S NOTE: Edward Roche, in association with RACmonitor, is writing a series of articles on the need for U.S. healthcare facilities to protect themselves from cybercriminals demanding ransoms for patient records. This is the ninth installment in the series.
Today, we take a brief look back in history to determine: What is the origin of the ransomware that has been attacking the healthcare sector of late?
It appears that the first software designed to attack a computing system and encrypt the data was demonstrated in 1996 at an Institute of Electrical and Electronics Engineers (IEEE) security and privacy conference. The creator of the software, Mordechai Moti Yung, was at Columbia University at the time, having invented the term “cryptovirology.” Although Young went on to a distinguished career at the IBM Thomas J. Watson Research Center, RSA Laboratories, and Google, the concept rapidly gained a foothold in criminal circles.
By 1992, ransomware was being used for collecting payments in human kidnapping cases. By 2006, a number of ransomware viruses were impacting the Internet. According to the Barkly Blog, the number of ransomware attacks is increasing rapidly: A new company is hit every 40 seconds; an individual is attacked every 10 seconds.
The Kaspersky Lab reported that around 35 percent of user computers receive at least one malware-class web attack each year. In 2016, the Lab itself repelled 758,044,650 attacks that were originating from 261,774,932 different URLs (website addresses).
These hackers are almost as good as our pharmaceutical companies in creating catchy names. Malware features titles such as GPcode, Archiveus, Krotten, Cryzip, and MayArchive.
The most recent large-scale attack was carried out by WannaCry, and like most other viruses, it targeted Microsoft Windows environments. The National Health Service in the United Kingdom was particularly hard hit in May.
Best Practices – A Security Update
In the world of ransomware, there is always a race between the attacker and the software vendor that creates a software patch to defeat the malware. Once a vendor is notified of vulnerability in its software, it typically works furiously to eliminate it. A skillfully constructed system has been put in place so that as soon as these weaknesses are found, software companies are notified that security patches are available. A new release of the software is compiled, and this then is pushed out to users. This gives healthcare providers an opportunity to secure their information systems.
But security researchers know that in many cases, users fail to keep their information systems updated. This perhaps is understandable, because there are so many malware attacks that almost daily updating is required. On average, upon receiving a security patch, it takes users approximately four business days to update their systems. This is not fast enough.
The IT professionals in every healthcare facility should update their systems within 3-4 hours after any new patch is released, no matter what time of day the release is made available. Every healthcare provider should have a zero-tolerance policy for this in place.
The threat is so severe that any management team hesitant to enforce such a policy could be considered negligent.
Leaks from U.S. Intelligence
Although everything done in the world of intelligence is supposed to be secret, sadly this is not the case in the United States. Public reporting by news organizations that publish leaked classified and sensitive information has revealed that the U.S. intelligence community over the years has developed a comprehensive set of cyber tools for spying. These tools often are used to break into the information systems of adversaries. They rely upon the exploitation of vulnerabilities in information systems. These tools are powerful, and they evidently work.
Since these cyber weapons are classified, it is a felony to reveal them. Once they are revealed, however, then the intelligence community loses a portal into organizations upon whom they are spying.
A recent leak of the hacking tools from the Central Intelligence Agency has been a gift to hackers worldwide. It is clear that leaked tools developed by U.S. intelligence have been used by criminals. The recent attack of “EternalBlue” is linked to this.
But at the same time U.S. intelligence is creating these cyber-hacking tools, other organizations such as the U.S. Department of Homeland Security and the Department of Health and Human Services Cybersecurity Task Force are working hard at developing a national strategy regarding cyberattacks.
It’s interesting – on the one hand, the U.S. government is spending billions of dollars developing hacking tools. At the same time, another part of the same government is organized to coordinate rapid patching of software, thus mitigating the risks of such hacking.
In previous segments of this series, we have reviewed how healthcare providers have a very challenging task in securely managing all of their information and data. If there is a breach that leads to the release of patient health data (or any other type of data, such as financial or insurance information), then the healthcare provider faces the difficult task of notification. Both state and federal agencies must be informed, but notices also must be sent out to each of the patients who have had their data compromised.
This is perhaps the great irony of today’s cyber security world: The government is creating many of the cyber tools that at the same time it is attempting to protect itself against; and healthcare providers can be subjected to fines and penalties if they fail to respond properly to an attack by cyber weapons that their own government has created.
EDITOR’S NOTE: Matt Bridge continues his three-part series on how to achieve a high-performing revenue cycle for your facility. Bridge reports that you need an
EDITOR’S NOTE: Senior healthcare consultant, Rose Dunn, past president of AHIMA, reported this story today during her appearance on Talk Ten Tuesdays. The Electronic Health
Please log in to your account to comment on this article.
Only ICD10monitor delivers what you need: updates on must-know changes associated with the FY26 IPPS, including new ICD-10-CM/PCS codes, CCs/MCCs, and MS-DRGs, plus insights, analysis and answers to your questions from two of the country’s most respected subject matter experts.
This third session in our 2026 IPPS Masterclass will feature a review of FY26 changes to the MS-DRG methodology and new technology add-on payments (NTAPs), presented by nationally recognized ICD-10 coding expert Christine Geiger, MA, RHIA, CCS, CRC, with bonus insights and analysis from Dr. James Kennedy.
This second session in our 2026 IPPS Masterclass will feature a review the FY26 changes to ICD-10-PCS codes. This information will be presented by nationally recognized ICD-10 coding expert Christine Geiger, MA, RHIA, CCS, CRC, with bonus insights and analysis from Dr. James Kennedy.
This first session in our 2026 IPPS Masterclass will feature an in-depth explanation of FY26 changes to ICD-10-CM codes and guidelines, CCs/MCCs, and revisions to the MCE, presented by presented by nationally recognized ICD-10 coding expert Christine Geiger, MA, RHIA, CCS, CRC, with bonus insights and analysis from Dr. James Kennedy.
RACmonitor is proud to welcome back Dr. Ronald Hirsch, one of his most requested webcasts. In this highly anticipated session, Dr. Hirsch will break down the complex Two Midnight Rule Medicare regulations, translating them into clear, actionable guidance. He’ll walk you through the basics of the rule, offer expert interpretation, and apply the rule to real-world clinical scenarios—so you leave with greater clarity, confidence, and the tools to ensure compliance.
Bring your questions and join the conversation during this open forum series, live every Wednesday at 10 a.m. EST from June 11–July 30. Hosted by Chuck Buck, these fast-paced 30-minute sessions connect you directly with top healthcare experts tackling today’s most urgent compliance and policy issues.
Fraud convictions don’t just punish a few bad claims; they can wipe out years of reimbursements. Don’t wait for an audit to learn the rules. Join Frank Cohen, MPA, for a live Q&A on spotting red flags, avoiding liability, and protecting your practice. Register now and bring your questions!
Substance abuse is everywhere. It’s a complicated diagnosis with wide-ranging implications well beyond acute care. The face of addiction continues to change so it’s important to remember not just the addict but the spectrum of extended victims and the other social determinants and legal ramifications. Join John K. Hall, MD, JD, MBA, FCLM, FRCPC, for a critical Q&A on navigating substance abuse in 2025. Register today and be a part of the conversation!
Copyright © 2025 ICD10monitor. Powered by MedLearn Media.
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
