EDITOR’S NOTE: Edward Roche, in association with RACmonitor, is writing a series of articles on the need for U.S. healthcare facilities to protect themselves from cybercriminals demanding ransoms for patient records. This is the ninth installment in the series.
Today, we take a brief look back in history to determine: What is the origin of the ransomware that has been attacking the healthcare sector of late?
It appears that the first software designed to attack a computing system and encrypt the data was demonstrated in 1996 at an Institute of Electrical and Electronics Engineers (IEEE) security and privacy conference. The creator of the software, Mordechai Moti Yung, was at Columbia University at the time, having invented the term “cryptovirology.” Although Young went on to a distinguished career at the IBM Thomas J. Watson Research Center, RSA Laboratories, and Google, the concept rapidly gained a foothold in criminal circles.
By 1992, ransomware was being used for collecting payments in human kidnapping cases. By 2006, a number of ransomware viruses were impacting the Internet. According to the Barkly Blog, the number of ransomware attacks is increasing rapidly: A new company is hit every 40 seconds; an individual is attacked every 10 seconds.
The Kaspersky Lab reported that around 35 percent of user computers receive at least one malware-class web attack each year. In 2016, the Lab itself repelled 758,044,650 attacks that were originating from 261,774,932 different URLs (website addresses).
These hackers are almost as good as our pharmaceutical companies in creating catchy names. Malware features titles such as GPcode, Archiveus, Krotten, Cryzip, and MayArchive.
The most recent large-scale attack was carried out by WannaCry, and like most other viruses, it targeted Microsoft Windows environments. The National Health Service in the United Kingdom was particularly hard hit in May.
Best Practices – A Security Update
In the world of ransomware, there is always a race between the attacker and the software vendor that creates a software patch to defeat the malware. Once a vendor is notified of vulnerability in its software, it typically works furiously to eliminate it. A skillfully constructed system has been put in place so that as soon as these weaknesses are found, software companies are notified that security patches are available. A new release of the software is compiled, and this then is pushed out to users. This gives healthcare providers an opportunity to secure their information systems.
But security researchers know that in many cases, users fail to keep their information systems updated. This perhaps is understandable, because there are so many malware attacks that almost daily updating is required. On average, upon receiving a security patch, it takes users approximately four business days to update their systems. This is not fast enough.
The IT professionals in every healthcare facility should update their systems within 3-4 hours after any new patch is released, no matter what time of day the release is made available. Every healthcare provider should have a zero-tolerance policy for this in place.
The threat is so severe that any management team hesitant to enforce such a policy could be considered negligent.
Leaks from U.S. Intelligence
Although everything done in the world of intelligence is supposed to be secret, sadly this is not the case in the United States. Public reporting by news organizations that publish leaked classified and sensitive information has revealed that the U.S. intelligence community over the years has developed a comprehensive set of cyber tools for spying. These tools often are used to break into the information systems of adversaries. They rely upon the exploitation of vulnerabilities in information systems. These tools are powerful, and they evidently work.
Since these cyber weapons are classified, it is a felony to reveal them. Once they are revealed, however, then the intelligence community loses a portal into organizations upon whom they are spying.
A recent leak of the hacking tools from the Central Intelligence Agency has been a gift to hackers worldwide. It is clear that leaked tools developed by U.S. intelligence have been used by criminals. The recent attack of “EternalBlue” is linked to this.
But at the same time U.S. intelligence is creating these cyber-hacking tools, other organizations such as the U.S. Department of Homeland Security and the Department of Health and Human Services Cybersecurity Task Force are working hard at developing a national strategy regarding cyberattacks.
It’s interesting – on the one hand, the U.S. government is spending billions of dollars developing hacking tools. At the same time, another part of the same government is organized to coordinate rapid patching of software, thus mitigating the risks of such hacking.
In previous segments of this series, we have reviewed how healthcare providers have a very challenging task in securely managing all of their information and data. If there is a breach that leads to the release of patient health data (or any other type of data, such as financial or insurance information), then the healthcare provider faces the difficult task of notification. Both state and federal agencies must be informed, but notices also must be sent out to each of the patients who have had their data compromised.
This is perhaps the great irony of today’s cyber security world: The government is creating many of the cyber tools that at the same time it is attempting to protect itself against; and healthcare providers can be subjected to fines and penalties if they fail to respond properly to an attack by cyber weapons that their own government has created.
EDITOR’S NOTE: Matt Bridge continues his three-part series on how to achieve a high-performing revenue cycle for your facility. Bridge reports that you need an
EDITOR’S NOTE: Senior healthcare consultant, Rose Dunn, past president of AHIMA, reported this story today during her appearance on Talk Ten Tuesdays. The Electronic Health
Please log in to your account to comment on this article.
Gain clarity and confidence in OB‑GYN coding with this expert‑led webcast featuring Stacey Shillito, CDIP, CPMA, CCS, CCS‑P, CPEDC, COPC. You’ll learn how to apply global maternity package rules accurately, select the right CPT codes for procedures and visits, and identify documentation gaps that lead to denials. With practical guidance and real examples, this session helps you strengthen compliance, reduce audit risk, and ensure accurate reimbursement for women’s health services.
Uncover essential coding insights with nationally recognized coding authority Kay Piper, RHIA, CDIP, CCS. Through ICD10monitor’s interactive, on‑demand webcast series, Kay walks you through the AHA’s 2026 ICD‑10‑CM/PCS Quarterly Coding Clinics, translating each update into practical, easy‑to‑apply guidance designed to sharpen precision, ensure compliance, and strengthen day‑to‑day decision‑making. Available shortly after each official release.
Uncover critical guidance on the ICD-10-CM/PCS code updates. Kay Piper reviews and explains ICD-10-CM/PCS coding guidelines in the AHA’s fourth quarter 2026 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
Uncover critical guidance on the ICD-10-CM/PCS code updates. Kay Piper reviews and explains ICD-10-CM/PCS coding guidelines in the AHA’s third quarter 2026 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
Federal auditors are intensifying their focus on inpatient psychiatric facilities, using advanced data analytics to spotlight outliers and pursue high‑dollar repayments. In this high‑impact webcast, Michael Calahan, PA, MBA, Compliance Officer and V.P., Hospital & Physician Compliance, breaks down what regulators are really targeting in IPF-PPS admissions, documentation, treatment and discharge planning. Attendees will learn practical steps to tighten processes, avoid common audit triggers and protect reimbursement and reduce the risk of multimillion-dollar repayment demands.
In this timely session, Stacey Shillito, CDIP, CPMA, CCS, CCS-P, CPEDC, COPC, breaks down the complexities of Medical Decision Making (MDM) documentation so providers can confidently capture the true complexity of their care. Attendees will learn practical, efficient strategies to ensure documentation aligns with current E/M guidelines, supports accurate coding, and reduces audit risk, all without adding to charting time.
Join Ronald Hirsch, MD, FACP, CHCQM for The PEPPER Returns – Risk and Opportunity at Your Fingertips, a practical webcast that demystifies the PEPPER and shows you how to turn complex claims data into actionable insights. Dr. Hirsch will explain how to interpret key measures, identify compliance risks, uncover missed revenue opportunities, and understand new updates in the PEPPER, all to help your organization stay ahead of audits and use this powerful data proactively.
Stay ahead of the 2026-2027 audit surge with “Top 10 Audit Targets for 2026-2027 for Hospitals & Physicians: Protect Your Revenue,” a high-impact webcast led by Michael Calahan, PA, MBA. This concise session gives hospitals and physicians clear insight into the most likely federal audit targets, such as E/M services, split/shared and critical care, observation and admissions, device credits, and Two-Midnight Rule changes, and shows how to tighten documentation, coding, and internal processes to reduce denials, recoupments, and penalties. Attendees walk away with practical best practices to protect revenue, strengthen compliance, and better prepare their teams for inevitable audits.
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
BLOOM INTO SAVINGS! Get 25% OFF during our spring sale through March 27. Use code SPRING26 at checkout to claim this offer.
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 1 with code CYBER25
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
