Advanced Search

Revenue Cycle Insider

Technology & Innovation:

Don’t Rest on MFA Protections

Published on Wed Dec 11, 2024

Question: Our IT team requires us to use multifactor authentication (MFA) for all logins throughout our healthcare organization. I understand the need for added security measures, but several staff members have complained of the need for MFA when they need to access multiple systems throughout the workday.

Aside from protection, why do we need to use MFA so much in healthcare?

RCI Subscriber

Answer: Implementing MFA in your healthcare organization certainly helps with protecting the sensitive information on your network from falling into the wrong hands, but it also helps the users develop healthy habits for accessing different systems.

Cyberthreat actors prey on a user’s exhaustion from receiving multiple MFA texts, phone calls, or emails to gain access to the user’s account. This tactic is known as MFA fatigue, MFA spamming, MFA prompt spamming, or MFA bombing.

Typically, the malicious person already has the user’s login information and then bombards the user with MFA prompts or text messages until the user becomes fed up and approves the MFA request. This simple approval provides the malicious threat actor with access to the user’s account.

Using MFA processes multiple times per day may be tiresome, especially in healthcare settings where you need to access emails, electronic health records (EHRs), and web-based time clocks, but taking the extra step each time will help protect your patients’ data. Safeguard your organization’s information with the following MFA best practices:

Number matching: The user types in a specific code provided via a text message or an authenticator app.
Context displays: A screen appears on a physical device, such as a smartphone, with additional information like IP address, location, and operating system. The user must confirm the information to complete the login.
Automate password changes: Users who are receiving repeated MFA approval requests from bad actors are considered at risk of a breach. IT teams can automatically generate new passwords for the users to reduce the risk and help stop malicious entities in their tracks.

Mike Shaughnessy, BA, CPC, Development Editor, AAPC

Other Articles of

December 2024

Cardiology Coding:
Credentials May Matter for EKG Readings
Question: Can I report 93000-93010 when a nonphysician practitioner (NPP) produces a reading of an [...]

Podiatry Coding:
Stabilize Your Plantar Fasciitis Coding Knowledge
Question: An established patient presented to their podiatrist for treatment of their plantar fasciitis. The [...]

General Coding:
Appending Modifier 22? Add an Explanation
Question: Do you have any tips for getting claims paid when the procedure code is [...]

Pediatric Coding:
Look to Encounter Reason for Primary Diagnosis
Question: Our provider saw a patient whose appointment was scheduled to discuss the patient not [...]

Podiatry Coding:
Remember the 6th Character When Coding Joint Effusion Dx
Question: I have a medical record that lists the diagnosis as “effusion of the left [...]

E/M Coding:
Code Cerumen Encounter Based on Method of Removal
Question: Are multiple procedure codes required for a physician to both diagnose and treat cerumen [...]

Cardiology Coding:
Become Familiar With Acronyms Surrounding Heart Failure
Question: There are so many acronyms pertinent to cardiology! What’s the difference between the acronyms [...]

Otolaryngology Coding:
Let Guidelines Lead You to Correct Long COVID Reporting
Question: What is long COVID, how is it coded, and how does that differ from [...]

Emergency Department Coding:
Don’t Slip and Miss This Reportable Fracture Tx
Question: A patient reports to the emergency department (ED) after slipping and falling off the [...]

Medicare Regulations:
Don’t Use an ABN to Counteract a MUE
Question: Is it ever appropriate to fill out an advance beneficiary notice (ABN) form for [...]

General Surgery Coding:
Drain the Confusion From This Pleural Drainage Procedure
Question: Our surgeon wrote an op note in which they drained pleural fluid and performed a [...]

Gastroenterology Coding:
Pinpoint the Correct Peptic Ulcer of Esophagus Code
Question: I have a gastroenterologist’s report that lists the diagnosis as “peptic ulcer of the [...]

Otolaryngology Coding:
FESS Up to Endoscopic Sinus Surgery Coding Confusion
Don’t forget to pay attention to combo codes and descriptors. Coding for functional endoscopic sinus [...]

Gastroenterology Coding:
Does G-Tube Removal Have a Designated CPT® Code?
Question: A patient presented to a gastroenterology practice for removal of the patient’s gastrostomy tube [...]

General Surgery Coding:
Clarify Venipuncture Code Variances
Question: What are the differences between venipuncture codes 36400-36410, 36420-36425, and 36415 other than the age [...]

Emergency Department Coding:
Don’t Let Typhoid Dx Options Overwhelm You
Question: A patient who returned from an overseas trip a week ago reports to the [...]

Anesthesia Coding:
Use Correct Modifier to Specify Medical Supervision
Question: I’m hoping you can help me with understanding medical direction versus medical supervision. All [...]

ICD-10-CM Coding:
Stay on Top of Code Updates
Question: I’ve been using code F50.8- pretty regularly for years, but I tried to use [...]

Emergency Department Coding:
Follow These Steps to Correct ED Arthrocentesis Coding
Labs, X-rays could be part of ED E/M. Arthrocentesis, commonly known as joint drainage or [...]

Technology & Innovation:
Don’t Rest on MFA Protections
Question: Our IT team requires us to use multifactor authentication (MFA) for all logins throughout [...]

Pediatric Coding:
Look to Modifier 59 for This Combination Test
Question: When our practice tests one patient for flu A and flu B simultaneously, we bill [...]

Ob-Gyn Coding:
Adopt These Subtle but Extensive E/M Changes Before January 1 Hits
Say goodbye to 99441 through 99443 next year. When CPT® 2025 becomes effective on Jan. 1, [...]

Technology & Innovation:
Precisely View at all Distances With IOLs
Question: I’ve recently heard of intraocular lenses (IOLs) to treat patients with vision difficulties. What [...]

Primary Care Coding:
Find Medication Source to Bill Injections Correctly
Question: When a patient comes to one of our providers for an injection, does the [...]

Practice Management:
Don’t Change a Lab Order Without Authorization
Question: Our practice is submitting claims for lab orders and they keep getting denied. Our [...]

Gastroenterology Coding:
How Well Do You Know the Top 5 Gastroenterology Codes?
Refresh your knowledge of 91200, 91065, 91110, 91010, and 91122. You don’t have to memorize [...]

Urology Coding:
Figure Out This Foreign Body Removal With Urethrotomy
Question: During the procedure, my urologist made an attempt to remove a foreign object that was [...]

Ob-Gyn Coding:
Learn How to Report Simple Skinning Vulvectomy
Question: I have a procedure that has me wondering if it meets the requirement for a [...]

Ob-Gyn Coding:
When You Should Start the Ob Record
Question: My ob-gyn saw a patient who knows that she’s pregnant via a positive home [...]

Primary Care Coding:
Get to Know the New Obesity-Designated-by-Class Codes
Go beyond documentation to help end the stigmatization of your obese patients. On Oct. 1, [...]

Orthopedic Coding:
Follow These Steps to Osteoarthritis Dx Success
Question: I am new to orthopedic coding; only on the job six months. One of [...]

Technology & Innovation:
Everything You Need to Know About Participating in the TEFCA
TEFCA allows for secure information sharing between health information networks. A reliable, secure way to [...]

Orthopedic Coding:
Check Approach, Then Code Kyphosis Treatment
Question: Encounter notes indicate the surgeon performed spinal arthrodesis for a patient suffering from cervicothoracic [...]

Orthopedic Coding:
Know Joint Size on Arthrocentesis Codes
Small, medium, or large? Deciding might not be so easy. When patients report to the [...]

Medicare Regulations:
Explore Whether Your Medicare Claims are at Risk
Federal agencies uncovered double payments after providers billed Medicare and the VA. A recent Office [...]

Anesthesia Coding:
Understand Context for Using GC Modifier
Question: Can you tell me if a GC modifier for residents is only required by [...]

Path/Lab Coding:
Distinguish Bone Codes for Accurate Payment
Question: Our pathologist examines many specimens of bones, joints, and various bony fragments from an [...]

Path/Lab Coding:
Get Ready for CRC Screening Under 2025 Medicare Rules
Question: I’ve heard there are recent changes to Medicare coverage for colorectal cancer (CRC) screenings. [...]

E/M Coding:
Could You Be Accused of Upcoding for Your Level 4 E/M Code Selections?
Hint: Never forget medical necessity when selecting codes. Ever since the evaluation and management (E/M) [...]

Practice Management:
Prep Your Holiday Schedule With 5 Proven Fee-for-Time Billing Tips
Accurately collect for these fill-in providers, previously called locum tenens. With the holiday season approaching, [...]

Compliance:
Find 4 More Crucial Elements to Boost Your Compliance Program
Tip: A log of issues is a means of troubleshooting — and insurance. CJ Wolf, [...]

Pulmonology Coding:
Know How to Identify Pleural Infection Codes
Question: A pulmonologist in a private practice saw a patient who was experiencing chest pain, cough, [...]

Pulmonology Coding:
Find Out What Critical Care Services Include
Question: I have a medical record that indicates the pulmonologist performed critical care services for a [...]

View All