Cyberattacks on Health Systems are on the Rise: How to mitigate tech-related risks

Technology is revolutionizing the healthcare industry in several ways. From electronic charts to billings and collections, digital tools are ubiquitous. Meanwhile, data analytics is becoming a crucial tool for improving both operational decisions and the patient experience. However, with the rise of technology comes concerns about financial, physical, internet, and data security. There have been multiple instances of major healthcare systems suffering ransomware attacks. Along with disrupting services, breaches to health systems often impact sensitive data. Once healthcare system breaches are discovered, it often turns out that a lack of strict policy enforcement is to blame. As healthcare systems become increasingly digitized and interconnected, ensuring the security of patient data becomes paramount. The recent Change Healthcare cyberattack serves as a stark reminder of the vulnerabilities present in healthcare IT systems. Given the high stakes involved, healthcare organizations must prioritize robust cybersecurity measures, including safeguarding financial assets, protecting physical infrastructure, and fortifying defenses against cyber threats. In many cases, working with a strong financial partner can help healthcare systems mitigate those risks.

Implementing stringent security protocols, encryption techniques, and access controls are imperative to safeguard sensitive patient information from unauthorized access or malicious attacks. Moreover, investing in cybersecurity training and awareness programs for staff is essential to mitigate human error, which remains a significant factor in data breaches. Discuss how your organization can access the tools it requires to continue to manage its financial operations during a cybersecurity incident. This includes:

• 

  Outlining the procedures for processing critical financial transactions (i.e., payroll, tax, and debt service payments) in the absence of access to the internet, email, phone systems, your organization’s enterprise resource planning (ERP) software, or your treasury management system

• 

  Ensure you have established multiple ways to access your banking services under emergency protocols. This may include accessing bank platforms from various geographic locations, nonstandard IP addresses, and alternate callback numbers.

Your banking partner should work with your organization to ensure all profiles for these alternate protocols are updated. Knowing which staff members have the authority to initiate and authorize requests over the phone or in writing can save valuable time in emergency situations. Other best practices a financial partner would recommend include conducting regularly scheduled reviews of your deposit accounts, and implementing fraud prevention tactics to ensure vulnerabilities are identified and closed on a routine basis. These reviews also help ensure your finance and IT staffs are educated on the industry best practices for protecting your data and funds.

Should your organization find itself in a cybersecurity incident, it’s critical to notify your banking partner immediately to advise them of the situation. This helps you quickly take the necessary action to prevent further damage. Full transparency regarding the severity of the attack and what information may be compromised will allow the bank to assist in monitoring your accounts for suspicious activity and fraudulent transactions. By prioritizing cybersecurity, healthcare organizations can ensure patient trust, maintain regulatory compliance, and safeguard the integrity and confidentiality of healthcare data in an increasingly digital landscape. Partnering with a financial institution with expertise in financial crimes, information security, and cybersecurity is vital to developing the appropriate processes and fraud mitigation strategies. Working closely with your financial institution to build a security plan (and keep it current) should a cyber event arise help keep your data and assets safe.