The scope and frequency of healthcare fraud is the subject of an extensive Bank of America Merrill Lynch report. Fighting Cyber Crime: How Healthcare Organizations Can Stay Safe offers in-depth analysis from senior executives and best practices for administrators and finance professionals. Below are highlights:
WHY HOSPITALS ARE VULNERABLE
Industry consolidation and technology are key contributors, says Lynn Wiatrowski, national treasury executive for healthcare financial solutions at Bank of America Merrill Lynch. “Until recently, cybersecurity was just not a topic that was extensively discussed in healthcare. With increasing scale and complexity, the industry has become a target for fraud, and now finds itself having to deal with cybersecurity issues.”
TECHNOLOGY INCURS RISK
Electronic records, online portals, data networks and digital devices that are designed to improve care and efficiency can also provide cybercriminals with access to hospital computer systems. Even medical equipment, such as imaging systems and infusion pumps, can provide criminals with entry points into a hospital’s computer systems.
BLACK MARKET DATA
Whether it’s patient and employee records or insurance information, cybercriminals assign high value to hospital data. “Compared to what a stolen credit card is worth, your healthcare and history is much more valuable to a fraudster,” says Mary Rosendahl, fraud education and risk management executive at Bank of America Merrill Lynch. She explains that a stolen credit card can be turned off immediately, but stolen medical records avoid detection for prolonged periods of time, enabling criminals to open credit accounts, obtain prescription drugs, medical services and devices and much more.
MONITORING THIRD PARTIES
Insurance companies, physicians’ offices, billing systems and other third-parties require continuous monitoring says Roger Boucher, market executive for healthcare financial solutions at Bank of America Merrill Lynch. Common transactions, such as claim reimbursements, are highly vulnerable to security breaches. “A healthcare organization should be asking, ‘Where is all my data going, and who is keeping an eye on it?’” Boucher says.
National Treasury Executive
Healthcare Financial Solutions
Bank of America Merrill Lynch
As organizations work to grow and integrate ever-larger networks of medical facilities and legacy systems, they need to safeguard against data breaches. The sheer scale of many mergers, acquisitions and partnerships creates exceptional change-management challenges, says Charles Alston, market executive, Bank of America Merrill Lynch. “If you are bringing together 20 or 25 hospitals, there are so many disparate points of entry to the system: for patient care data, for collection and billing, for all the different medical providers and alliances.”
DEFENDING HEALTHCARE’S MISSION
Unlike businesses whose data management efforts defend against monetary and reputation loss, the stakes are different for hospital and health systems. “These breaches not only pose brand and reputational risk, but in a worst-case scenario, can directly impact patient care,” says Lynn Wiatrowski. “The bar is going to continue to be raised for what’s demanded from healthcare providers and those who partner with them.”