EDITOR’S NOTE: Following last week’s global cyberattack that spread through approximately 150 nations, particularly impacting the U.K.’s National Health Service, Edward Roche, in association with RACmonitor, is producing a series on the need for healthcare facilities in the U.S. to protect themselves from cybercriminals, demanding ransom for patient records. This is the first in a series of stories on the ransomware crisis.
The world is now witnessing one of the largest ransomware attacks in history. Computers all over the world have been hit, particularly in the United Kingdom. Healthcare providers, including both large and small hospitals and medical practices, have been a significant focus of the attacks.
In the U.S., the Department of Homeland Security has mobilized a full task force. The President of the United States issued an executive order on “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” It is rumored that some of the tools used were taken from the infamous “Vault 7” materials stolen from the Central Intelligence Agency’s Center for Cyber Intelligence. These tools – malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems amounting to several hundred million lines of computer code – spread quickly across the Internet. It is impossible to determine the identity of the attacker, or even if the attacker was a human or an artificial intelligence algorithm that is out of control.
When the information system of a healthcare provider is infected with ransomware, a special computer virus will encrypt most if not all of its electronic medical records (EMR) data. In order to get the electronic “key” to “unlock” the data, a ransom must be paid. Often, even when the ransom is paid, the decryption key does not work, and the data needs to be restored from backup or paper records. The costs to the attacked healthcare provider may go far beyond the financial outlay of the ransom, putting at risk its ability to provide patient care, its ability to collect revenue, its reputation in the community, and even exposing it to legal liability for putting highly confidential patient data in jeopardy.
The Illusion of Effective Security
We can be sure that every organization under attack believes it has in place a full panoply of safeguards, firewalls, consultants, defensive software, and possibly even cyber insurance, all aimed at keeping out of harm’s way should an incident occur. And it all may still fail. Whatever is in place, no matter how advanced, may be unable to withstand the onslaught of specially designed hacking tools paid for at great expense by the American taxpayer and intended originally to safeguard security, not obliterate it.
Where does that leave us today? At a minimum, healthcare organizations are and should be doing the following:
Reviewing their policies and procedures in place to see if they are up to date with the latest cyber threats;
Learning what financial resources are in place in case it is necessary to make a giant and unexpected cash payment;
Making sure their IT systems and applications are up to date and properly patched to guard against known ransomware exploits;
Maintaining off-site backups to allow replacement of corrupted or stolen operational data; and
Examining the role of law enforcement and even national security experts in helping solve the problem.
Yet even these relatively technical and defensive steps will not resolve the problem, because the reality is that in the United States, we have built a giant, loosely integrated Medicare and Medicaid billing system that has so many points of vulnerability, they could not be counted.
Clear and Present Danger
The United States operates the world’s most complex claims processing system. For Medicare alone, around 5 million claims are processed every day. But instead of having a single integrated information system, the U.S. government has fallen into the habit of outsourcing much of its critical information infrastructure to third-party private subcontractors.
So, how does it work? Each healthcare provider – and there are more than 5,000 hospitals alone in the U.S. – operates an information system that keeps track of its service delivery and billing. When claims are ready for the government, they are filed not with the government, but with a subcontractor. These subcontractors in turn must process these billions of claims and then pass them along to the the next level of process, also paid subcontractors. Finally, once the claims are electronically organized, they are transmitted to the federal government.
The problem with this arrangement is that at every level there is potential vulnerability. There are over one million Medicare providers. There may be exceptions, but we can assume that every one of these providers is operating an information system. Consequently, if only one out of a million information systems becomes infected with ransomware, the whole system could be taken down.
This infection would then hitch a ride on the Medicare claims that are filed. They would travel up the system to the next level of claims processing, usually the giant claims clearinghouses. These also would become infected. Finally, the malware would be sent directly into the heart of the federal government’s claims processing system.
If this happened, the entire Medicare system could be held hostage in a massive, unprecedented ransomware attack.
So ask yourself – out of the more than one million providers, what is the chance that at least one provider-operated computer will become infected?
The odds are good – for the extortionist – but this is not such great news for the rest of us.
EDITOR’S NOTE: Matt Bridge continues his three-part series on how to achieve a high-performing revenue cycle for your facility. Bridge reports that you need an
EDITOR’S NOTE: Senior healthcare consultant, Rose Dunn, past president of AHIMA, reported this story today during her appearance on Talk Ten Tuesdays. The Electronic Health
Please log in to your account to comment on this article.
Gain clarity and confidence in OB‑GYN coding with this expert‑led webcast featuring Stacey Shillito, CDIP, CPMA, CCS, CCS‑P, CPEDC, COPC. You’ll learn how to apply global maternity package rules accurately, select the right CPT codes for procedures and visits, and identify documentation gaps that lead to denials. With practical guidance and real examples, this session helps you strengthen compliance, reduce audit risk, and ensure accurate reimbursement for women’s health services.
Uncover essential coding insights with nationally recognized coding authority Kay Piper, RHIA, CDIP, CCS. Through ICD10monitor’s interactive, on‑demand webcast series, Kay walks you through the AHA’s 2026 ICD‑10‑CM/PCS Quarterly Coding Clinics, translating each update into practical, easy‑to‑apply guidance designed to sharpen precision, ensure compliance, and strengthen day‑to‑day decision‑making. Available shortly after each official release.
Uncover critical guidance on the ICD-10-CM/PCS code updates. Kay Piper reviews and explains ICD-10-CM/PCS coding guidelines in the AHA’s fourth quarter 2026 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
Uncover critical guidance on the ICD-10-CM/PCS code updates. Kay Piper reviews and explains ICD-10-CM/PCS coding guidelines in the AHA’s third quarter 2026 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
Federal auditors are intensifying their focus on inpatient psychiatric facilities, using advanced data analytics to spotlight outliers and pursue high‑dollar repayments. In this high‑impact webcast, Michael Calahan, PA, MBA, Compliance Officer and V.P., Hospital & Physician Compliance, breaks down what regulators are really targeting in IPF-PPS admissions, documentation, treatment and discharge planning. Attendees will learn practical steps to tighten processes, avoid common audit triggers and protect reimbursement and reduce the risk of multimillion-dollar repayment demands.
In this timely session, Stacey Shillito, CDIP, CPMA, CCS, CCS-P, CPEDC, COPC, breaks down the complexities of Medical Decision Making (MDM) documentation so providers can confidently capture the true complexity of their care. Attendees will learn practical, efficient strategies to ensure documentation aligns with current E/M guidelines, supports accurate coding, and reduces audit risk, all without adding to charting time.
Join Ronald Hirsch, MD, FACP, CHCQM for The PEPPER Returns – Risk and Opportunity at Your Fingertips, a practical webcast that demystifies the PEPPER and shows you how to turn complex claims data into actionable insights. Dr. Hirsch will explain how to interpret key measures, identify compliance risks, uncover missed revenue opportunities, and understand new updates in the PEPPER, all to help your organization stay ahead of audits and use this powerful data proactively.
Stay ahead of the 2026-2027 audit surge with “Top 10 Audit Targets for 2026-2027 for Hospitals & Physicians: Protect Your Revenue,” a high-impact webcast led by Michael Calahan, PA, MBA. This concise session gives hospitals and physicians clear insight into the most likely federal audit targets, such as E/M services, split/shared and critical care, observation and admissions, device credits, and Two-Midnight Rule changes, and shows how to tighten documentation, coding, and internal processes to reduce denials, recoupments, and penalties. Attendees walk away with practical best practices to protect revenue, strengthen compliance, and better prepare their teams for inevitable audits.
Celebrate Lab Week with MedLearn! Sign up to win one year of our Laboratory All Access Pass! Click here to learn more →
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
BLOOM INTO SAVINGS! Get 25% OFF during our spring sale through March 27. Use code SPRING26 at checkout to claim this offer.
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 1 with code CYBER25
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
