Author: mikemallaro

CEO of VGM Group, Inc., a 100% employee-owned company. Interested in healthcare, golf, restaurants, insurance, public policy and life.



If you’re a provider of healthcare, then it’s likely that you’re not allocating enough leadership and resources toward protecting your company from cybercrime.

Cybercrime against healthcare providers receives a fair amount of attention in the media and in industry circles. People are aware of the threat. They talk about it, and most even worry about it, but the actual threat posed by cybercrime far exceeds the effort and resources put forth to combat it in my opinion. This mismatch between the threat level and resources expended poses an enormous threat to our industry and the people who rely on it for their healthcare needs.

There’s a strange stigma that surrounds getting hacked. If someone breaks into your car, you talk about it to everyone. If someone hacks into your systems, you don’t tell anyone. Ever. That’s probably because it’s unpleasant, complicated, and involves technology in a way that we don’t always readily understand. Many hacks aren’t required to be reported because they are settled with the payment of ransom. The silence that surrounds cybercrime means that most of us fail to recognize the enormity of the threat.

I find that it’s helpful to sort healthcare cybercrimes into two buckets. First, and most commonly, there are hacks that expose patient records to bad guys and get reported as HIPAA breaches. The numbers of this type of breach have and will continue to rise. In fact, they’ve doubled in the past year alone. The second bucket of cybercrimes is filled with “successful” ransom incidents, whereby the victims have paid ransom to recover data or access to their own systems again.

There are far more ransomware incidents in healthcare than reported HIPAA breaches. Unfortunately, since HIPAA violations require public reporting and the ransoms very often don’t, misconceptions are created. Ransom incidents are growing at an alarming rate. It is estimated that one quarter of all healthcare providers have paid a ransom to cybercriminals. Eleven billion dollars have been paid in ransom this year alone, and it isn’t even over yet. Just because ransomware attacks are out of sight doesn’t mean we can safely ignore this risk.

Healthcare is the favorite target of cybercriminals because healthcare providers possess valuable information about patients (social security numbers, addresses, etc.), while at the same time being generally under-invested in protection against such crimes. Listen, folks: You’re not up against a nerdy kid living in their parents’ basement. You’re up against the military and intelligence arms of several large and powerful nations. Much of this cyberwar is being waged by foreign governments or government sponsored organizations against American businesses and consumers in an attempt to transfer American wealth overseas. This is not something to take lightly. The US government is doing precious little to protect us, leaving the responsibility for defending ourselves up to you and I.

I am sounding the alarm bell here and now: It is highly likely that you are not devoting enough resources to protect yourself against cybercrime. I’m not a cybersecurity expert, so I’m not here to tell you all the technical answers to this problem, but I will offer some of the lessons I’ve learned as a leader in a healthcare organization.

  1. Addressing this problem is a journey, not a destination. We all want a silver bullet. We want a simple answer, be it a software or service, that we can buy, set, and forget to protect ourselves. That is not the way this stuff works. You will actually need to buy several dozen products and take ongoing action to move toward adequate security, and the things you need will evolve over time.
  2. It will be costly to protect your organization. You must find a way to re-allocate financial resources, creating a robust budget for strengthening your cybersecurity defenses.
  3. Your employees and their behaviors are your biggest cyber threat. You heard me. Your employees, no matter how well intentioned, are likely to be the weakest link in your defenses. Hackers don’t just manipulate systems. They manipulate people. A human-centric cyber protection plan is an absolute necessity.
  4. If you are a leader, you are probably exacerbating the cyber threat. Establishing a culture that values cybersecurity comes from the top. Set the tone. Lead by example. This Achilles heel will most likely manifest itself when people in the organization are asked by your IT department to change a behavior or practice. Examples might include using two factor authentication or locking out external drives and devices. People often resist these changes because they’re inconvenient, and if you fail to stand strong for making the right security moves, your organization will be exposed.
  5. Take a long term view. Payers are increasingly vigilant when it comes to cyber protection, and that will be flow down to you as a provider. If you don’t put the right security in place, you’ll soon find that you won’t be able to do business directly with many payers or referral sources.
  6. Listen to the people who know. Chances are your IT people know and have told you some things that need to be done differently. Do yourself a favor and listen to them.


Hands breaking a twig. Isolated on white background.

The branch that won’t bend is easily broken. – Chinese Proverb

Recently, I had an important project to do, and, unfortunately, things didn’t go so well. I ended up doing a very poor job, and the product that I provided fell well short of expectations. I wish that I could say that being a CEO means that you never do substandard work, but I’m afraid that just isn’t the case. My shortcoming, my failure on this assignment, was a plain and simple lack of preparation. I was quite frustrated with myself in the aftermath of this project, and my post-mortem analysis led me to reflect deeply on what exactly had happened.

Strong preparation is one of the keys to doing good work. If we prepare properly and rigorously for a meeting, a call, a presentation, or an interview, then we’re far more likely to be successful. I am usually a beneficiary of preparation. I do it well, and that typically leads to good outcomes. Unfortunately, in this case, rigidity got the better of me. You see, I have a ritual that I go through when it comes time to prepare for a major project. I schedule time for it, and then I go through a useful set of routines and processes. My preparation rituals have served me well over the years.

On this particular project, however, my failure to adjust to changing circumstances did me in. The task required collaboration, and I was working with a team. When the time arrived for my scheduled preparation, certain files and materials were not available to me because I hadn’t requested them yet. I made one effort to reschedule the prep, but something came up. I failed to accommodate these and other disruptions, I didn’t collaborate as well as I probably should have, and in the end I just never recovered.

I completed the assignment with a substandard product because I was too rigid, too set in my ways of doing things. When my routine was disrupted, I allowed it to scuttle the whole effort.

We all have rituals. We have systems and processes for getting things done, and patterns that have been useful to us in the past. That’s fine as long as we don’t let habits become handcuffs. We can’t let the way things were dominate our perception of the way things are now. The world changes every day, and you can’t successfully navigate it if you’re constantly staring at your rear view mirror. I learned a lot about myself, the way I work, and the way I’ll need to work in the future through this mistake. I’m sharing it with you in the hope that you can learn the same lessons a little less painfully.

Better Late Than Never


For the first one-hundred and forty-four years of America’s existence, women were not allowed to vote. In 1920, ninety-nine years ago this summer, women finally won the right to vote in the United States via ratification of the Nineteenth Amendment to the U.S. Constitution. That was a really long wait!

Our history classes teach us about Susan B. Anthony’s role in leading the fight for women’s suffrage. What you might not know is that Anthony began her quest in the 1850’s, almost seventy years before the Nineteenth Amendment. Susan B. Anthony died in 1906, long before women won the vote. It was another extraordinary but lesser-known woman who picked up the mantle and led the movement during those last fourteen years. Carrie Chapman Catt, who grew up in my hometown of Charles City, Iowa, leveraged her tenacity, charm, and courage to execute a strategy that ultimately gave women the right to make their voices heard in American politics.

The Iowa-girl spent that hot summer of 1920 in Tennessee, which was the final battleground state. The Volunteer State was their last chance for victory. Failure to pass the legislature in Tennessee would have killed the Nineteenth Amendment, but Catt and company worked tirelessly and won the day. Tennessee ratified, and women finally had the vote. That’s your history lesson for today!

Earlier this week I had the honor to present the 2019 HME Woman of the Year Award to Wendy Russalesi, the Chief Compliance Officer at AdaptHealth. We at VGM created the HME Woman of the Year Program four years ago to recognize the incredibly important role women play in our industry. Like the right to vote, better late than never. We’re extremely proud of the program and the amazing women who have been finalists and award winners. Congratulations to Wendy!

You can learn more about Wendy, the award, and the other impressive finalists at

The Impact of the ACA


I’m going to take a bit of a risk this week and talk about Obamacare. The Affordable Care Act, a/k/a Obamacare, was signed into law in 2010. This “reform” of our healthcare system remains an emotional flashpoint for many on both sides of the aisle, but at the same time is often misunderstood. If we can, I’d like to set aside the emotional baggage that surrounds the law for a moment and try to take a look at the actual impact that Obamacare has had on our country and our industry since it was passed:

  • About 20 million more Americans have insurance coverage because of the ACA. We know two things about people being insured: First, they are much better able to pay for healthcare than uninsured people. Second, the data tells us that insured people use significantly more healthcare resources than uninsured people. Insuring more people creates more paying customers for healthcare providers, including those in the DMEPOS industry.
  • The increase in the number of people with insurance is primarily because more people are on Medicaid. Prior to the ACA, about 13% of Americans had insurance coverage through Medicaid. That figure has since grown to 21%. An additional effect has been that nearly 7 in 10 people on Medicaid receive their coverage under MCOs (managed Medicaid plans that are run by private insurance companies) rather than under state-run plans. The proportion of Medicaid enrollees using MCOs has doubled since the passing of Obamacare.
  • Intriguingly, the mandates requiring individuals to have health coverage and businesses with more than fifty employees to provide it really didn’t have much of an effect. The percentage of the population insured through employer sponsored group plans has actually declined from 54% to 49% since the coming of Obamacare. Most of this decline came about because more people reached the age of 65 than reached the age of 18 during that time period, which led to a swelling of the Medicare rolls. The remainder is probably due to a shift of the working poor from employer plans to Medicaid. A slightly larger proportion of people got insured under individual plans after the ACA, but it was a relatively small impact.
  • Just like with Medicaid, there are more privately managed Medicare plans today, too. One-third of Medicare beneficiaries are opting to be covered under Advantage plans, which is about fifty percent more than prior to Obamacare.
  • There is, and has been, much dialog about shifting healthcare from pay for volume to pay for performance, with many efforts to evangelize for that objective. Despite this, it mostly remains an unfulfilled aspiration. Almost all healthcare reimbursement is still pay for volume. The pay for performance crusade is aimed at reducing the overall costs for healthcare, and it does remain a promising idea for the future. However, to date, it has gotten relatively little traction. Advocates of pay for value plans like to proclaim that more than a third of healthcare payments already fall under this payment structure. This is deceptive, as most of the actual reimbursements made under those types of arrangements are, in fact, fee-for-service with a tiny element of pay for performance. The shift to MCO in Medicaid, which does lower costs, is probably the biggest side-effect of the ACA impacting costs. Unfortunately, this is generally achieved by rationing through inconvenience. That’s one way to bring down costs, but it’s got to be one of the least desirable ways to do it.
  • Taxes were higher after Obamacare, but they’ve now been lowered, so that probably shouldn’t be a part of the discussion anymore.
  • There is more money spent on regulation and compliance today than prior to Obamacare.
  • Many young people stay on their parents plans until age 26, which is a popular provision of Obamacare.
  • For a relatively small group of people, pre-existing conditions are no longer a barrier to insurance coverage because of the ACA. This is often misunderstood, since people with pre-existing conditions have been protected for at least a decade prior to the ACA. As long as those people carried health insurance continuously, they had full protection for pre-existing conditions long before the ACA came into being.
  • There are many other provisions of the ACA that impacted narrow bands of people or narrow industry segments.

There were two major problems that led to the ACA in the first place – (1) there were far too many uninsured people in America, and, (2) healthcare costs were too high and increasing rapidly.

The law has driven significant progress toward solving the uninsured problem by reducing the ranks of people without insurance by 20 million and shifting the burden of paying for their healthcare from private healthcare providers to the government. On the other hand, Obamacare has largely failed to deliver results with respect to lowering costs, outside of working around the edges to slow cost inflation in some areas.

The Times, They Are A-Changin’

Young Workforce

“Come gather ’round, people
Wherever you roam
And admit that the waters
Around you have grown
And accept it that soon
You’ll be drenched to the bone
If your time to you is worth savin’
And you better start swimmin’
Or you’ll sink like a stone
For the times they are a-changin’”

Bob Dylan, from The Times They Are A-Changin’

Millennials are the largest generation in the workforce today. The Baby Boomers are a rapidly declining segment, while the Greatest Generation has almost entirely retired. Within seven years, Post-Millennials will begin to eclipse Baby Boomers. As recently as 2010, Boomers and Greatest Generation workers made up a combined 42% of the total workforce. By next year, Millennials and Post-Millenials will be at a combined 43%, while the Boomers and Greatest Generation will have declined to only 23%. If you’re a leader in any organization, these significant shifts in workforce demographics will require your awareness and, in many cases, adjustments to your thinking.

There are no “good” or “bad” age groups. There are simply segments of people who have differing priorities, aspirations, and values. To pivot your leadership approach and adjust for this seismic demographic flip, consider two very important values: Meaningfulness and Flexibility.

Meaningfulness is among the most important values to Millennial and Post-Millennial workers, and was not considered particularly important by prior generations. You can win these younger people’s hearts in three ways. First, you must make a clear and direct connection between the work you’re having them do and how it is helping someone else in a meaningful way. You must be clear and direct about this connection between societal impact and the work that they are doing, and then you must reinforce it. Often.

Second, keep an eye on your philanthropy strategy. It matters much more today than it did in the past. Younger workers want to work for companies that are making a positive impact in their communities, and doing so is great way to differentiate yourself from other employers in their eyes. Giving them some choice or say in the direction of your philanthropy efforts will lift your organization even higher in their estimation.

Finally, for many, meaningfulness comes from helping a team. They want those around them to succeed, and to share the fruits of their labors. They also want others around them to be treated fairly, and they want equality of opportunity for every member of our increasingly diverse workforce. In all three of these realms, connect the dots clearly and often for your employees so that they can see the meaning behind their work and share together in the rewards and opportunities that it creates.

Flexibility is a much higher priority for Millennial/Post-Millennial workers than it was for older generations. Employers often cling to a “one-size-fits-all” mentality when it comes to workplace policy, but the truth is that conventions around where and when people work for us are often the products of history and reactions to past events rather than carefully considered or optimally chosen tools to engage employees.

Step back and find ways to adjust your policies with an intent toward being more flexible while still meeting the needs of your customer. If your policies, work schedules, or other office rules are not directly derived from or established to meet customer needs, then they are worth reconsidering. Our world is increasingly large and complex, and the individual needs and circumstances of the people who work for us are more varied than ever before. If you can be adaptable and extend trust to your younger employees while holding them accountable for their performance, then they will often reward you with increased productivity and loyalty to your organization.

Remember that the flexibility of the younger members of your staff works both ways. Millennial and Post-Millennial workers are dramatically more flexible when it comes to accepting organizational change, adapting to new workplace procedures, solving unexpected problems, and adopting new technology. Since change is one of the few constants in business these days, the flexibility of your younger workers can be an enormous advantage if you can harness it properly by asking them to take lead roles when it comes to tackling unconventional projects, getting new initiatives off the ground, or selecting and implementing new technologies.

The word “Millennial” gets tossed around a lot, and too often it’s made to sound dirty. It’s easy to dismiss the needs of an increasingly youthful workforce as being nothing more than frivolous and selfish wants, but those who think this way do so at their peril. The times really are a-changin’, and if we don’t change with them, our organizations will pay a heavy price.

It’s worth remembering that these younger generations of workers desperately want to make meaningful and lasting contributions to their companies and their communities. If we’re willing to show them the meaning behind their work and grant them a little flexibility about when, where, and how it gets done, then they can and will achieve great things for us and for the customers that we serve.

Us vs Them


“When one half of the nation demonizes the other half, tendrils of resentment reach out and strangle whatever charitable impulses remain in us.” 

― Ben Sasse, Them: Why We Hate Each Other–and How to Heal

Division and divisiveness seem to be everywhere these days. From Capitol Hill to Main Street, the arguments surrounding the pressing issues of our day threaten to tear the fabric of our institutions asunder. Political tribalism has always been with us, but there certainly seems to be an unhealthy separation between “us” and “them” lately.

Our divisions are probably the most evident in the battles raging across the digital landscape on social media, but they manifest themselves in the workplace too. Leaders would be well served to combat the tribalism that is infecting our society whenever and wherever they can. Here are a few things I’ve been thinking about lately that might be helpful:

  • Help the people within your sphere of influence look for and find common ground. The truth is that most Americans actually agree on most things. We love our country, our state, and our community. We want our children to thrive and do better than we did. We want to be safe. We want to pursue our passions and want others to be able to pursue theirs.
  • Listen more than you talk. Look for similarities, not for differences. Try to understand where another person is coming from.
  • Be thoughtful about what you post on social media. You have every right to be opinionated, and to share your opinions wherever you choose. We’re fortunate to live in a country that affords us that right. Before you post, however, take a moment to think about whether your comment or “like” is going to bring people together and further your cause, or simply create more division.
  • Be intentional about the words you use. Certain words have long been a part of our English language, but they’ve picked up a lot of baggage over the years. Some have become code words that trigger emotional responses of division within the people who hear them. You know many of these words. Be cautious when using them in any context.
  • Be curious, not contemptuous, of differences of opinion. As Covey says, seek first to understand, then to be understood.  Rather than categorize the other person as “them”, or to condemn them for their viewpoint, engage in a curious discovery of why they hold the viewpoint. Usually, when you intend to understand their perspective, you will find something in common or a partial meeting of the minds.


Lives & Limbs – Soldiers

Robert Heinlein once wrote that the most noble fate a man can endure is to place his own mortal body between his loved home and the war’s desolation. The line is based on the fourth stanza of our national anthem, which no one ever seems to sing at sports games for some reason.

As my series inspired by Nicole Ver Kuilen continues, I’d like to take the opportunity to remind you all that there are a hell of a lot of women who put their bodies on the line as well, and a lot of them leave pieces behind when they come home.

Marine Turned Mountaineer

#11 - Kirstie Ennis Final

I was spending yet another layover at Chicago O’Hare on my way home from a business trip last month when I caught sight of a provocative painting on the wall. You don’t see a lot of pictures of beautiful, powerful-looking amputees in their underwear hanging around in airports, so I got curious and stopped to read the plaque underneath it. It turned out that I was looking at U.S. Marine Corps Sergeant Kirstie Ennis, who lost her leg in a chopper crash back in 2012.

That’s putting her injuries lightly, actually. The crash also tore her rotator cuff, damaged her spine, shattered her jaw, lacerated her face, and left her with a case of brain damage and PTSD. Her recovery took three years and required over 40 surgeries. That she was able to recover at all is a testament to the power of modern medicine. What she’s done since her brush with death on the battlefield is a testament to the power of the human spirit. Kirstie is a United States Marine, and Marines don’t quit.

As a life-long athlete, Kirstie turned to sports to get her back into fighting shape during her recovery. The same year that her leg was amputated, she participated in a 1,000 mile hike across England called Walking with the Wounded. She went on to compete in rowing, swimming, and cycling during the 2016 Invictus Games, and joined the U.S. Snowboarding Team for the 2018 Paralympics after that. Her current passion is rock-climbing. She’s the first woman with an above-the-knee amputation to reach the top of Mount Kilimanjaro, and she eventually plans to stand on top of each of the world’s Seven Summits.

Pilot Turned Politician

Back in the early Nineties, there weren’t a lot of combat roles for women in the United States Armed Forces. That’s why Tammy Duckworth, who comes from a long line of fighters going all the way back to the Revolutionary War, chose to train as a helicopter pilot after joining U.S. Army Reserve back in 1992. In 2004, Tammy’s unit was deployed to Iraq during the War on Terror, where her Blackhawk helicopter was struck by an RPG while on patrol. Tammy tried to land her damaged chopper, but had some trouble reaching the pedals because she’d lost both of her legs in the explosion. Fortunately, her co-pilot got the job done and pulled her from the wreckage.

Tammy recovered from her injuries at Walter Reed Army Medical Center, where OPGA’s Dennis Clark saw to her prosthetic care and rehabilitation. Unable to return to active combat duty, Tammy needed a new way to serve her country. She found it in politics. Returning to Illinois, Duckworth became the Director of the Illinois Department of Veteran’s Affairs. Her efforts got her noticed at the national level, and she was nominated by President Barak Obama to serve as Assistant Secretary of Public and Intergovernmental Affairs for the United States Department of Veterans Affairs in 2009.

She resigned her position in 2011 so that she could run for an open seat in the House of Representatives in 2012. Her election to that office made her the first disabled woman to serve in Congress. She was elected to the U.S. Senate in 2016, where her service continues today. Since her time at the VA, Senator Duckworth’s government service has been characterized by her common sense, fighting spirit, and dogged determination to do what’s best for her constituents. She’s been particularly active as an advocate for veterans, the disabled, women, and minorities.