Leading the Business of Healthcare
RCM Advisor

Quarter 1 2024 - Volume 29, ISSUE 1

A Hacking Horror Story

Feature Article

By Cindy Groux

Have you ever answered the phone and known that it wasn’t good news, even while the phone was still ringing? That is how I felt on Sunday, July 2, 2023. At 9:10 am, just as I sat down with my coffee and book, my cell phone rang and showed the phone number of my IT company, and the owner was calling me while on vacation! I just said, “This can’t be good,” and he responded, “You are correct.”

Let’s review a textbook hacking attempt – summer holiday weekend, holiday on Tuesday, vacation time, and hackers getting ready to try and steal everything they could get their hands on.

By 9:20 am I learned that a hacking attempt took place on my servers; this started on Saturday afternoon July 1st, and we were able to determine that they had been in our system for approximately 12 hours.

My IT company was able to identify three of the following types of programs which were implanted on our server: scanning software, a program called Anydesk, and a software program that captures logins and passwords. Additionally, they wiped the security logs clean so we could not track what they did or where they had gone. This apparently was a textbook operation. Routine hacking would set the stage to access a server, download the necessary software, plant malware and spyware software, wipe the security logs clear, and wait. A typical ransom attack can be triggered by a date, and the minute that event happens, they now have your data and will hold you ransom until you pay to get it back.

The playbook scammers use is to plant the necessary software, access your system without your knowledge, and then use it against you.

  • Once they have your sensitive data and passwords, they can commit identity theft and withdraw money from bank accounts, steal your identity (or your clients patients’ identities), and extort you for money.
  • Malware or spyware allows scammers ongoing access to your computer without your knowledge. If the hackers had our Administrator password, we would have had no indication that they had accessed our server and implanted the software to destroy us later. Additionally, when I notified my vendor at 9:20 on Sunday morning, they were unaware that they were also under attack. We are guessing that ransomware was installed on our computers and once triggered, it would lock all our files – unless we paid the ransom.
  • If that wasn’t bad enough, they would then sell our information on the dark web and make more money!

The hackers were able to get to my software through my software vendor. They accessed a login that was utilized by my vendor to access our software for maintenance or support issues, but fortunately for me, my IT company never provided Administrator password access to my vendor; therefore, the hackers were not able to get to my data!

Because they continued to “knock on the door” by trying to get to my data, it presented a red flag to my IT company, and they immediately shut down our servers and called me to advise.

This was the beginning of an exceptionally long, painful, and stressful three weeks! My saving grace is my IT company was able to rebuild my servers with the help of my software practice management vendor by working around the clock. We had no connectivity on Monday, July 3rd and were closed on the holiday. My clients and my staff were able to access our software on Wednesday, July 5th.

We had excellent backups which were reloaded to our new servers, and we did not lose any data. We literally lost only one day for client and staff access.

The next few weeks were difficult to get through as we experienced several hurdles that needed to be addressed to get the claims out the door to the clearinghouses. After 17 years with my vendor, we didn’t realize how many specialized programs we had loaded to meet the company’s growing needs and then had to be put back into place. For example, copier/fax machine issues needed to be addressed. My biggest fear was not being able to access Business Intelligence software; that took three weeks to get back. This is what we use to complete our month end processes, so it was an incredibly stressful period.

In the big scheme of things, we were very well positioned to manage this matter, but you really don’t know that until, God forbid, you have no choice but to test it.  

It is sad to learn that these types of hacks happen much more frequently than we realize. I cannot stress the importance of making sure you and your staff utilize a password manager to keep everyone’s passwords safe.

Additionally, it is important that your IT company tests all your staff by sending them phishing emails, etc., to help educate them about potential harmful emails which could easily implant malicious software and would be devasting to your company.

Also, make sure your business insurance covers cyber-attacks.

Be prepared to keep hackers from knocking on your door.

Cindy Groux, CHBME, is president and CEO of Health Care Practice Management, which she founded in 1992. In addition to providing billing services, HCPM contracts with private practices and groups in the tristate area for practice management and consulting assignments. Cindy was a member of the HBMA Board of Directors for six years. She chaired the Publications Committee for fourteen years and after serving as a committee member, is chairing the committee again.