Spring 2024 Issue

Editor’s Note: Cybersecurity Blues
By Kate Jackson
For The Record
Vol. 36 No. 2 P. 3

It’s not news that cyberattacks continue to bedevil health care organizations, leaving security professionals endlessly trying to thwart threats—an effort that often may resemble a hair-raising and dreadful game of Whac-A-Mole.

Consider the impact of the February attack on Change Healthcare that disrupted numerous functions of health systems and providers’ practices across the country, which the American Hospital Association (AHA), in a March 4th letter to congressional leaders, called “the most significant cyberattack on the US health care system in American history.” A cybercriminal group reportedly claimed responsibility and demanded and received a massive payment in cryptocurrency to return Change Healthcare control of its systems.

According to the AHA, key parts of Change Healthcare’s functionality were maimed or immobilized. It describes Change Healthcare, a subsidiary of UnitedHealth Group, as “the predominant source of more than 100 critical functions that keep the health care system operating.” As a result, some providers may not have been able to verify patients’ health insurance, pay claims, or take in revenue. Diminished cash flow hobbled payroll and the purchase of medical supplies, and some patients lost access to health care and prescription medications—existential threats to physician practices, hospitals, and health systems. The AMA urged Congress to press Health and Human Services (HHS) and the executive branch for an immediate response to prevent further catastrophic effects.

In the wake of that breach and pressure from provider groups, HHS announced specific steps CMS is taking to help affected providers and encouraged all technology vendors and providers to “double down on security, with urgency.” The AMA in response credited HHS for its first steps but insisted that much more action was needed to ensure the viability of many medical practices.

As long as these attacks dominate the headlines, we’re committed to ongoing coverage of the problems and emerging solutions. An example in this issue is an article by Bart Howe, CEO of HealthMark Group, on “Safeguards to Consider in the Era of Interoperability.”

Also in this issue are features on practices for maintaining the chargemaster in revenue cycle management, coding guidance regarding the new CMS office and outpatient evaluation and management visit complexity add-on code G2211, a new naming policy framework for patient identity management, and strategies for alleviating the burden of documentation and the burnout it engenders. In departments, look for articles on cancer registry careers, automating release of information workflows, implementing robotic process automation in the revenue cycle, and five steps to triaging automation needs.

— Kate Jackson
kjackson@gvpub.com