LA Department of Health latest ransomware victim

February 29, 2016 | By Susan D. Hall

The Los Angeles County Department of Health Services has been targeted in a ransomware attack, just days after Hollywood Presbyterian Medical Center paid about $17,000 to hackers who left employees without access to systems for more than a week, reports the Los Angeles Times.
At the LA health department, remnants of a ransomware thread were found on five work computers last Wednesday, but the attack did not affect operations, spokesman Michael Wilson told the LA Times. The malware did not spread and the network was not compromised, he added.

The incident was reported to the Los Angeles County district attorney's office and the county's chief information office, and Wilson said the country will not pay the ransome.

While often the source of a ransomware attack is unknown, Turkish hackers have recently claimed credit for the Hollywood Presbyterian attack. They vowed to keep up attacks as long as the U.S. government continues to support Kurdish rebels,according to the International Business Times.

Health systems in the U.S. are not the only victims in the recent growth of ransomware incidents. At least two German hospitals also have come under attack, according to DW.com. IT officials at Lukas Hospital in Germany's western city of Neuss took systems down after noticing unusual pop-up warnings and the network running slowly. Malware infected systems at Klinikum Arnsberg hospital in the German state of North Rhine-Westphalia apparently through a booby-trapped email attachment.

Security experts have previosuly predicted a rise in ransomware attacks. Last month, Mount Pleasant Texas-based Titus Regional Medical Center's electronic health record system was left inaccessible by such an attack.
Experts have also said attackers could use ransomware to target medical devices.

To learn more:
- here's the LA Times article
- read the Register story
- check out the International Business Times piece

New Threat to Clinical Documentation

by  Laurie M. Johnson, MS, RHIA | Monday, 22 February 2016 

On Feb. 5, Hollywood Presbyterian Medical Center experienced an electronic health record (EHR) outage that began due to ransomware. This type of malware had shut down the hospital’s internal computer system and communication devices, with only a software “key” capable of reopening the internal data files. The hospital has reported that patient care was not compromised at any time or in any way. 

Hollywood Presbyterian returned to paper registrations and documenting on paper forms throughout the incident. The emergency department and fax machines were some areas that were affected by the hacking, however. 

The hospital released a statement on Feb. 17 noting that it had paid the ransom of 40 bitcoins, or approximately $17,000, in order to obtain the decryption key and return the operations to normal as soon as possible. Bitcoin is a type of digital currency that is difficult to trace. Operations were restored on Feb. 15.
Hollywood Presbyterian Medical Center notified law enforcement immediately, and the Federal Bureau of Investigation (FBI) is now involved with the case. Computer experts assisted the facility in getting their health information systems back online and in understanding the event. According to a memo released by the hospital’s president, Allen Stefanek, “we have no evidence at this time that any patient or employee information was subject to unauthorized access.”

This incident raises the importance of backup systems, redundancy, security, and information governance. Could a hacker invade an electronic health record and impact patient care? Could a hospital be shut down permanently? How do security measures need to change in order to keep our health information safe?     
February is Information Governance Month. You may wonder, “what is information governance?”   This American Health Information Management Association (AHIMA) initiative is focused on protecting and maintaining high quality of data and integrity of all types of data. As we have learned in recent years, data is very important in the healthcare industry to providing high quality of care, a safe environment, and cost-effective treatment. Information is an asset to any organization that must be kept safe and secure. We need information governance so that we can extract clinical and business information and optimize its usefulness.  
Health information management (HIM) professionals have always understood the importance of data security and consistent data. As healthcare delivery becomes more electronic in nature, the need for security and management will become heightened.

This cyberattack highlights the need to remain diligent in our security practices to protect the most personal of information – our health records.

About the Author
Laurie Johnson, MS, RHIA, FAHIMA is the director of health information management (HIM) consulting services for Panacea Health Solutions Inc. She has conducted ICD-10 education sessions and documentation reviews for multiple organizations. Prior to working for Panacea, Laurie worked for Peak Health Solutions and Optum.

$25 billion in ICD-10 claims already!

RelayHealth counts $25 billion in ICD-10 claims already

Firm predicts "groundswell of issues," including increased denials and rejections

By Henry Powderly

Revenue cycle firm RelayHealth said that ICD-10 claims "are flowing succesfully," to the tune of approximately $25 billion thus far. 

"Now the industry must be ready to tackle the next set of challenges: timely and correct reimbursement," said Joshua Berman, ICD-10 Lead for RelayHealth, in the announcement. Berman added that RelayHealth will be tracking closely days until final bill, an important metric that will signal just how disruptive the code change is to the industry.

According to RelayHealth's ICD10Central website, days until final bill has averages 14.8 days since the Oct. 1, but most of those claims were coded in ICD-9. There are still a few weeks until the wave of ICD-10 claims begin to be paid.

In an earlier announcement, Berman discussed what he saw on Oct. 1.

"RelayHealth saw about five million institutional claims pass through the clearinghouse. Only around 50,000, or .01 percent, of these claims were coded ICD-10.  As of October 5, the ICD-10 volume grew to approximately 4 percent  (or about one million claims) -- still a small part of the volume. The jump on professional claims (physician billing) was more significant; increasing from 1 percent to 36 percent. in the same timeframe," he said."

"We did see a one day decrease in Days to Final Bill from 14.8 to 13.6 days, which is counterintuitive to what you may expect post-ICD-10 deadline and likely due to a hard push to get to get ICD-9 claims completed."

Berman, however, said troubles with ICD-10 could be felt soon.

"As the majority of providers -- representing a majority of the healthcare dollars -- move fully to ICD-10, post-ICD-10 technical claims are released, and the time for expected remittances arrives, we continue to anticipate a groundswell of issues in getting claims out the door and an increase in denials and rejections."