The impact of any data breach cannot be overstated, especially in healthcare. Unlike other sectors, such as financial services or travel, healthcare records contain “one of one” data – medical history cannot simply be replaced or revoked, making this data uniquely valuable to threat actors.
Unfortunately, healthcare has seen a clear surge in data breaches in recent years.
Financially motivated hackers and insider threats are increasingly exploiting cybersecurity gaps that were underscored during the COVID-19 pandemic to access sensitive data such as patient records and vaccine research. Healthcare data breaches grew from 519 in 2019 to 663 in 2020, and just last year, the healthcare industry experienced 725 data breaches, with each breach affecting 500 or more records – a 96% increase from 369 in 2018.
Among the increased incidents last year was the largest healthcare data breach ever reported in the U.S., which affected over 190 million people in Spring 2024. This was a turning point; the entire industry was forced to evaluate data protection and cybersecurity best practices.
The breach caused significant disruptions to patient care, prescriptions, and reimbursement. Thousands of providers were affected by service disruptions, with 80% reporting losing revenue to unpaid claims, 85% having to commit additional staff time/resources to complete revenue cycle tasks, and 78% having lost revenue from claims they could not submit.
At the one-year milestone of the biggest ransomware attack in healthcare’s history, here are three key lessons learned that will continue to impact the industry and responses to future cybersecurity threats across the care continuum.
- Cybersecurity is taking the wheel of RCM vendor-provider relationships
The rise in data breaches has led to heightened security considerations when vetting new vendors or partners. Buying behaviors are different, as healthcare professionals are now more aware than ever of the short- and long-term implications of a data breach, including the erosion of patient trust, operational disruptions, and significant financial losses (the average cost of a healthcare data breach is $9.8 million).
Provider organizations are not wasting any time getting right to the question on everyone’s minds, “How can I trust this connection is secure?”. They’re now starting with extensive vetting earlier in the buying process, checking for cybersecurity best practices and system reliability as they explore a vendor’s offerings and product capabilities, as well as their vulnerabilities.
To get ahead of changes in buyer expectations, companies must take decisive action to improve their cybersecurity posture by safeguarding sensitive data and maintaining operational integrity. This may include measures such as implementing a Zero Trust architecture, enhancing MFA protocols, offering employee cybersecurity training, or building security requirements into contractual agreements as a new standard.
- Single points of failure pose significant business risk
While the short-term response following any breach is a heightened focus on security and privacy, the long-term learning is that relying exclusively on one vendor creates a possible single point of failure.
In the immediate days and weeks after last Spring’s major incident, healthcare experienced a 180 in vendor management. The industry realized that diversification, rather than consolidation, is more critical than ever – particularly in the revenue cycle.
Healthcare organizations – from single practices to large, multi-location groups – learned that they must diversify their revenue cycle management operations and move workflows to the cloud to enable secure, data-driven operations that they can trust will keep running even if some pieces of their workflow are impacted by a breach. Diversification is how healthcare vendors and provider organizations can maintain flexibility and drive financial success in the face of disruption.
However, as healthcare continues to evolve into a technology-driven, data-centric ecosystem, the line between moving quickly to replace manual, outdated processes and getting the most out of organizational data without compromising data security must be toed carefully.
- The need for agility to accommodate rapid changes in buyer needs
In the initial response to the hack, healthcare leaders were focused on helping providers keep their doors open for the patients they serve, underscoring the need for speedy, flexible responses in times of crisis.
Revenue cycle solution vendors and provider organizations alike were working around the clock to get claims processing capabilities back up and running as soon as possible. However, every provider had a unique situation – while one had lost visibility to tracking their submitted claims, another was more concerned in creating and processing new claims. This meant there was only one path forward for RCM vendors – success in this period meant rolling up sleeves and supporting providers by getting in the weeds of each organization’s specific needs.
Without a one-size-fits-all approach to navigate the initial aftermath, short-term resolutions – and new contracts – were set up to get existing and new customers back into the systems they needed to keep both their revenue afloat and their doors open to serve patients. This also meant ensuring customers had the proper payer connections, which lead to vendors adding payers to their connection capabilities at record speeds.
This approach had many providers re-connected to their revenue cycle in a matter of days, or even hours for some. For them, getting claims processing and tracking back up and running meant critical risk management; they minimized the impact to their revenue and avoided further delays in patient care. Meanwhile, this hand-in-hand, round-the-clock approach to support and resolution laid the bedrock for trust and sustained relationships with RCM vendors who were in the weeds with providers to get them back online.
Moving ahead: Adapting to evolving threats and changes in buyer needs
While it’s impossible to prevent cybersecurity events from ever happening, healthcare is well-positioned to learn from previous events to continue evolving best practices and prepare for future incidents.
Maintaining cybersecurity, increasing agile response capabilities, and expanding vendor diversification all serve as inflection points for how the industry will adapt its response to future breaches and threat actors.
Cyberattacks will continue to be a threat, so building systems that can react to change and disruption is critical for organizations to swiftly adapt, respond to threats, and keep operations in check, even during the most challenging times. Healthcare organizations should continue to prioritize diversified relationships and connections with vendors who have proven to adapt quickly and efficiently.
About Karly Rowe
Karly is the President of the Provider Business Unit at Inovalon, where she oversees a diversified portfolio of revenue cycle management, care quality management, and workforce management solutions. Leveraging a diverse background across credit, retail, and healthcare, Karly is responsible for leveraging Inovalon’s data to deliver innovative solutions to the provider market. Inovalon is a provider of cloud-based SaaS solutions empowering data-driven healthcare.
