Here at AvidXchange, we feel it’s our responsibility to help you learn about – and overcome – one of the biggest challenges facing healthcare finance pros: cybersecurity. These heightened cybersecurity concerns and threats are widespread and will be a serious situation for healthcare industry finance pros next year and beyond.
Think of all the sensitive patient information that, if stolen by fraudsters, would damage the financial stability and brand reputation of the healthcare provider victim. And consider the potentially profound negative effects on the patient whose personal privacy was compromised.
We want to help quantify the extent of these healthcare cybersecurity threats and go one step further. We believe there’s a better way to tackle these challenges within finance teams by leveraging innovative technologies and strategies. You’ll learn about those here.
Pandemic accelerates cybersecurity threats
Not surprisingly, healthcare cybersecurity concerns have intensified because fraudsters have been taking advantage of the disruptions to businesses. Of all the disruptions one of the most important has been the massive shift to remote working and the potential for cybercriminals to penetrate those less secure networks often used for healthcare online communications.
Given this change, it’s more important than ever to prevent cybersecurity attacks against healthcare organizations and protect consumers’ highly sensitive personal health records and financial data.
48 percent increase in cybersecurity budgets
These pressing security conditions prompted healthcare organizations to respond. Forty-eight percent of health industry executives increased their cybersecurity budgets in 2021, according to a PwC report. They’re focused on fending off many different types of cybersecurity attacks including one of the most prevalent, ransomware. These attacks occur when fraudsters steal company information and demand to be paid to give the information back. Comparitech exposed the magnitude of ransomware crimes:
- In 2020, 92 individual ransomware attacks — a 60 percent increase from 2019 — affected more than 600 separate clinics, hospitals, and organizations and more than 18 million patient records;
- Costs of these attacks to U.S. healthcare groups amounted to nearly $21 billion; and
- 18,069,012 individual patients/records were affected – a stunning 470 percent increase from 2019
As striking as these numbers are, healthcare cybersecurity challenges don’t end there. A PYMNTS.com survey of healthcare executives found fraud, waste and abuse (FWA) schemes are becoming more widespread in the industry, costing health insurers almost 12 percent of annual revenues. The attacks impact payments, insurance claims management and overall costs to access healthcare.
As you can tell, this is a big problem. So, what’s being done about it? Investing in technology is one widely used countermeasure. The PYMNTS.com survey revealed 44 percent of larger firms have already invested in artificial intelligence (AI) to prevent FWA. Similarly, 74 percent of healthcare firms that already invested in AI to detect FWA expect the technology to help them detect fraud before it happens.
How to address heightened healthcare cybersecurity concerns
Complementary to AI, healthcare providers use other innovative strategies technologies to help prevent ransomware and other cybersecurity attacks. Strategically, that includes a layered security plan to protect the provider’s network and make sure it stays trustworthy and secure. For its part, AvidXchange uses several techniques to secure its AP automation software used by healthcare providers. These tactics include:
- protecting corporate information using malware and advanced encryption;
- training product developers on secure software techniques;
- performing regular checks for software code vulnerabilities or logic flaws;
- using role-based access controllers to make sure the correct people have appropriate access to resources when they should;
- ensuring payment card industry (PCI) compliance, which are standards for protecting credit card data; and
- analyzing all the right inputs, including:
- Qualys Scan, a technology for simplifying security compliance leveraging cloud computing;
- PCI approved scanning vendors (ASVs) for providing external vulnerability scanning services; and
- Security Socket Layer (SSL) tests that determine approvals of SSL certificates or ensure an SSL system has been set up the right way.
As you know, people who commit cybercrimes against businesses gravitate to where the money is. And that’s often in the finance department where invoices and payments get processed. However, it’s much more difficult for these criminals to steal money from AP automation software systems than more theft-friendly paper checks and paper invoices.
Final thoughts
Considering these dynamics, now is a great opportunity for your healthcare finance team to rethink its cybersecurity priorities, approaches, strategies and technologies. That starts with embracing one simple fact: If you continue to use paper checks and invoices, your sensitive information is more likely to get stolen, and this will likely distract you from providing high-quality healthcare.
Taking advantage of automation and ditching manual, paper processes, you’ll be able to pay your vendors and suppliers faster with lower risks of cybersecurity attacks and fraud.
Also, make sure you consider using all the AP automation security tools we listed above. They’re available and effective and will go a long way towards preventing cybercriminals from stealing your invoice and payment data. And make certain the AP automation software you choose integrates easily with the most widely used healthcare accounting software. This integration is not a given. So be sure to consider this integration capability up front.
