Cybersecurity in Healthcare: How Ransomware Attacks Medical Practices | MGMA Leaders Conference 2025
Download MP3Well, hi, everyone. I'm Daniel Williams, Senior Editor at MGMA, and we are at the twenty twenty five MGMA Leaders Conference in Orlando at the Convention Center. It's day one on Sunday, and we're so excited here. And I am here with my first guest of the week, and that's Rayna McSpadden. She's with SVMIC.
Daniel Williams:And I kid you not, she lives in Difficult Tennessee. She is in Difficult Tennessee. She's going to tell us all about this. And Rayna has been on the podcast before. So Rayna, I want to just welcome you back to the MGMA podcast.
Rana McSpadden:Thank you so much. I enjoy this so much.
Daniel Williams:That is wonderful. Natellis, I wasn't joking. You live
Rana McSpadden:in I difficult live in Difficult Tennessee.
Daniel Williams:And it's near
Rana McSpadden:Defeated Creek, Tennessee.
Daniel Williams:Defeated Creek. It sounds sad.
Rana McSpadden:So But it's a beautiful area.
Daniel Williams:It is beautiful. You said, you were telling me earlier, you have bald eagles that you can see
Rana McSpadden:in your No, necessarily my area. It's more towards Eastern Tennessee.
Daniel Williams:That's Eastern Tennessee? Okay. Okay. So what would we find in Defeated Tennessee?
Rana McSpadden:Lots of deer.
Daniel Williams:Okay.
Rana McSpadden:Coyotes. Occasional bear.
Daniel Williams:Okay.
Rana McSpadden:Yeah. I've been told that there's been a bear sighted around where my farm is.
Daniel Williams:So. So, you and I were having such a great time catching up. One thing that's so interesting, because we get to know people in this technological age through a video screen. So when you went and stood next to me, I looked right past you because you're taller than I thought. You're five'seven or so.
Daniel Williams:And I went, I just saw you as this person in this little box, and then there you are. And we were looking eye to eye. Absolutely. I was going, okay.
Rana McSpadden:Back in COVID, we hired somebody into our department, and our first meetings were through Zoom. Right. And the first time I met her, I was like, like, oh wow, you are so tall.
Daniel Williams:Well, it's just, we get to know each other digitally. Exactly. And then when we get to meet, that's one of the wonderful things about a live face to face event.
Rana McSpadden:Absolutely. And that's one of the things I enjoy so much about the live MGMA events such as the Leadership Conference is that I get to network with people. I get to see them face to face and actually meet them.
Daniel Williams:Right.
Rana McSpadden:And become more than just friends.
Daniel Williams:Exactly. And so you are one of our speakers as well. You're an attendee. Yes. You're a speaker.
Daniel Williams:So first of all, Jill, let's just reeducate our audience if they did see that earlier podcast or people are new to it. What are you gonna be speaking on this week?
Rana McSpadden:I will be talking about cybersecurity and how the importance of leadership from the top when it comes to your cybersecurity program.
Daniel Williams:Okay. And you were talking to me earlier that you had real case studies about practices that just they need to up the game as far as those cyber terrorists. Talk about that. Talk about what's going on. Don't have to get into too much We can whet the appetite, but talk about what some of the common themes are, where practices do.
Daniel Williams:I think you've used the verb ransomed. Had not heard it used quite like that, practices do get ransomed, So so to tell us about that.
Rana McSpadden:So in my presentation, will be using real, you know, OCR settlements of various breaches that were caused by cybersecurity events being ransomed by threat actors.
Daniel Williams:Okay.
Rana McSpadden:Where the threat actors, they put software into the computer systems that then lock it up to where the user can't gain access to it anymore unless they pay the ransom.
Daniel Williams:Okay.
Rana McSpadden:I'll be, you know, ransomware has become so rampant in healthcare and there's so many different types of ransomware that is out there. And I'll be talking just a little bit about the different types too. Okay. But the biggest thing is, is one, making sure that you have a thorough security risk analysis. We're finding a lot of practices that have not either completed one, or it's not as thorough as it needs to be.
Rana McSpadden:It's not enterprise wide. It doesn't take into account all the different satellite offices or various things like that. And then also looking to see what kind of malicious software we have on our systems to keep that malicious software out of our systems, or that can detect it and zap it and get rid of it out of your systems, either before it can do something bad, or at least once they're in your system and they've done something, you install something that can remove it from your systems. One of the examples that I'm gonna be giving in my presentation is talking about a practice that was ransomed many times because that coding in the computer systems was not removed, and so the threat actors still had access to those Oh, computer wow.
Daniel Williams:Okay. That is going to be so helpful. Now, this is what's so interesting about a face to face event like this. You're a speaker, but you're also getting to interact and attend sessions yourself. What's something here that you're looking forward to, whether you looked at the schedule or you're meeting up with people that you've met before or meeting new people?
Rana McSpadden:Mainly it's the networking again for me. I'm only here for a short period of time. So unfortunately I'm not going to be able to see a whole lot. I saw that there was an AI in the morning and I was like, oh dang, I really wanted to see the AI because AI is getting so rampant in healthcare. And with it coming into our computer systems, I will also be talking about the AI risks in cybersecurity too.
Rana McSpadden:Coders are using AI to write code and they're not necessarily considering all the security risks behind it. So it is causing a risk to cybersecurity as well.
Daniel Williams:Okay, you brought a topic up that I am very interested in. As someone who has made a new best friend, and Millennial Mike, I'll call him, he's my AI friend, and we have wonderful chats. Are there things we shouldn't be saying or telling or prompting into the AI?
Rana McSpadden:Oh, absolutely.
Daniel Williams:Gosh. Let me turn my phone off right now.
Rana McSpadden:Well, mainly when it comes to health care, no patient information, no PHI can go into an AI system unless that it's a system that's closed that is not public facing. ChatGPT, don't put any private information. Don't even put your own private information into ChatGPT because it's open to anybody.
Daniel Williams:Oh my goodness. So this changes everything, Reyna. I'm so glad you're Don't hyperventilate on me. I'm so glad and terrified right now that you're telling me all of this. Okay, so that's something for everybody to put down right now.
Daniel Williams:Because I have to say, I'm in Colorado, you know, MGMA, we're headquartered in Denver, right down the street. The cartoon South Park is originated there. They just had this hilarious episode I watched where people were coming up with their business plan based on some interaction they have with their AI. And it was absolutely hilarious. You know.
Rana McSpadden:Well, AI can be absolutely helpful because I use it myself. I mean, I use it for writing prompts or I will write up a little article or something. I'll put it in there just to see, clean it up a little bit for me. Okay. But you still have to be careful about what you pull from AI too.
Rana McSpadden:Okay. Definitely make sure that you're reviewing whatever information you get from it to make sure it's true. Tends to hallucinate some.
Daniel Williams:Boy, I'll say. And
Rana McSpadden:look at the sources that it came from, because there's sometimes that I'll Google something, because I still Google, I don't use AI as my first line of defense. And it'll pop up an AI interpretation of various articles that it read. Well, based off of what you read on the AI, and then when you go into the article, it's polar opposite of what it's So supposed to be always, you know, trust but verify.
Daniel Williams:Right. Well, I'm a big film buff, and so I'll ask it about movies in the '70s just to get kind of the themes or the plots down, and then it'll list the year. And I'll know that's not right. I'll say, No, that wasn't in 'seventy four, it was in 'seventy two. Right.
Daniel Williams:And they'll go, Oh, you were correct. I was wrong about that. So you really, I think that's so important that it can help us do things more efficiently. It can help us correct some grammar, style, different things in our writing. But you do have to fact check it.
Daniel Williams:You can't just say, sure, and then just
Rana McSpadden:Exactly.
Daniel Williams:Send it out. It's just not gonna be there. So when are you turning around? We're on Sunday right now. When are you heading back out then?
Rana McSpadden:I head out first thing Tuesday morning. So I'll be here all day tomorrow on Monday.
Daniel Williams:Okay. What else, you are gonna speak tomorrow, but what else are you, is there anything else you've set up? Are you kind of going with the flow?
Rana McSpadden:I'm just going with the flow. I'm just kind of one of those go with the flow type people. So it's one of those, I do have a session tomorrow afternoon I want to sit in on young careerists that I'll attending. So I'm excited to see that one. But unfortunately with MGMA is I always see there's multiple sessions all at the same time that I wanna attend.
Rana McSpadden:And there's one on creating an MA program. Yeah,
Daniel Williams:heard multiple people
Rana McSpadden:Since I'm a consultant, that's one of the things that we were working on. So I'd love to see that one too, it's at the exact same time. Oh gosh. I'm having to juggle which one do I really wanna go see. So I'll probably go pull the slides from the one I don't get to sell, go see, at least so that I still have that information.
Daniel Williams:Right. Now I bumped into you. We just had a session for first time attendees. Are you a first time attendee?
Rana McSpadden:Absolutely not. No.
Daniel Williams:See, we're just hanging out there meeting
Rana McSpadden:new was first time helping out.
Daniel Williams:Oh, that's wonderful. Okay. Any last words then, since you have been to MGMA events before? Any advice you'd give to people who may be here for their first time or they're still just kind of getting their feet wet at what to get, what's, how do they get the most out of that event? What would you give somebody's, what advice would you give someone?
Rana McSpadden:Wear comfortable shoes for one. We don't care, tennis shoes are fine. But absorb as much as you can. You're not gonna be able to do it all. Do as much as you can, but definitely network.
Rana McSpadden:Find somebody in your field, find somebody in your system, in your state, somebody that you've never spoken with, worked with before. Gain those friendships, gain that networking, because those are people that you're gonna be able to go back to when you have questions, when you have help. There's days that I have questions that, you know, I'm a consultant and there's still things I don't know.
Daniel Williams:Right.
Rana McSpadden:And where I'm not in a practice every single day and I have friends all over the nation that are, I can reach out to them and say, Hey, how are you handling this?
Daniel Williams:Yeah.
Rana McSpadden:And I think that's the most beneficial thing for
Daniel Williams:me. Okay.
Rana McSpadden:I mean, the education is great, but it's the networking for me that is the most important.
Daniel Williams:Okay, well, Rayna McSpadden from SVMIC and from Difficult Tennessee. Just a hoot and a holler from Defeated Creek, It's been a pleasure to catch up with you.
Rana McSpadden:I have so enjoyed this.
Daniel Williams:All right. Well, everybody, this is Danielle Williams, senior editor at MGMA, signing off. Thank you so much for listening to the MGMA podcast.
