Get Live Chat Request a Callback Get live demo

← Back

The Microsoft Healthcare Threat Intelligence Briefing

Public Policy

Disclaimer: This blog article was written by an AdvancedMD partner. The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or position of AdvancedMD.

securityBreachLocks

The Microsoft Threat Intelligence Briefing: Healthcare has reported that the healthcare/public health sector was one of the top 10 most impacted industries in the second quarter of 2024, with a 300% surge in ransomware attacks. There is now an entire industry of RaaS – Ransomware as a service. Bad actors can subscribe to services that will create ransomware for them. Bad actors are also utilizing AI to create ransomware and better target ransomware attacks.

The cost of ransomware has been estimated to be up to $900,000 per day for the US healthcare industry.

You can view:

Microsoft Intelligence Report

Crowdstrike’s article on AI and ransomware

The takeaway from this information is that we, as healthcare providers, are in the cross hairs of bad actors who are looking to disrupt our ability to provide quality care to our patients. They are doing this for a variety of reasons, not the least of which is financial gain.

If we are hit with a ransomware attach the impacts can include:

  • Loss of access to our medical records causing
    • Adverse outcomes for patients
    • Disruptions of our Revenue Cycle Management Activities
    • Inability to respond to Insurance Company Audits
    • Inability to respond to patient requests for copies of their Health Information (a violation of the HIPAA right of Access Rule)
    • Inability to respond to administrative requests for medical records
  • Needing to respond to a HIPAA Breach including
    • Sending out a letter to each and every patient informing them of the breach
    • Publishing a notification in the news of the breach
    • Hiring a IT team to repair the damage caused
    • Responding to a government investigation about the breach
    • Paying fines as a result of the breach

The best way to avoid all of these negative impacts is to not have a ransomware event in the first place. But what if you do have one?

Ransomware is a type of disaster that can hit your office. By being prepared for a disaster you are in a better position to respond and recover from that disaster. On December 3, CMEonline is hosting a free program “Disaster Preparedness and Disaster Recovery”. The program will talk about various disasters that can impact your IT systems and your ability to function, how to prepare in advance so that when a disaster does hit you can recover as quickly and painlessly as possible. Register for this free program here.



Avatar photo
Michael Brody, DPM
Dr. Brody has been actively involved in computers and medicine since the 1980s. He is a Residency Director at a VA hospital located in Long Island, NY. Notably, he was present as the VA moved from paper records to computerized records. During this time, he was exposed to the stringent rules and regulations that government employees must adhere to when protecting patient information. He co-founded TLD Systems with Warren Melnick. They wanted to create a platform for private practice doctors that provides a cost-effective method of implementing HIPAA compliance in their practices. He has served on the Health Information Technology Standards Panel (HITSP), the Standards and Interoperability Framework (S&I), as a member of the Ambulatory Care Committee at the Certification Commission on Health Information Technology (CCHIT), and numerous other organizations. He is currently a member of the Physicians Committee at the Healthcare Information and Management Systems Society (HIMSS) and a co-chair of the EHR workgroup at Health Level Seven International (HL7). He co-founded TLD Systems with Warren Melnick to create a platform that doctors who wish to work in private practice have a cost-effective method of implementing HIPAA compliance in their practices in a manner that does not interfere with their ability to practice medicine. He has served on the Health Information Technology Standards Panel (HITSP), the Standards and Interoperability Framework (S&I), as a member of the Ambulatory Care Committee at the Certification Commission on Health Information Technology (CCHIT), and numerous other organizations. He is currently a member of the Physicians Committee at the Healthcare Information and Management Systems Society (HIMSS) and a co-Chair of the EHR workgroup at Health Level Seven International (HL7)

Topic: Public Policy


Other Resources Related to This Topic


MACRA/MIPS

Promoting Interoperability 2025 Guide

Use this step-by-step guide in conjunction with the AdvancedMD Help Files or the MIPS Promoting...

MACRA/MIPS

MIPS Value Pathways (MVP) 2025 Highlights

Each MVP includes measures and activities from the quality performance category, improvement activities performance category,...

MACRA/MIPS

Traditional MIPS Highlights 2025

2025 updates for Traditional MIPS Highlights.