| View this email online if it doesn't display correctly |
|
|
|
| |
The Other Pandemic: Healthcare Cyber Attacks
|
| According to recent reports, 2021 saw another pandemic: 45 million individuals’ protected health information (PHI) was exposed that year as the result of cybersecurity breaches, a 32% jump over 2020 and more than a 300% jump from 14 million impacted individuals in 2018.
As opposed to the “merely” financial data held by, say, credit card companies, healthcare data contains a plethora of additional personal information, and is extremely valuable in terms of the price for which can be sold by hackers to other criminals. Additionally, it’s a highly valuable “hostage” to hold for ransom against physicians and other healthcare providers as well as against hospitals, surgery centers, and other facilities.
Criminal attacks take various forms, from hacking, to ransom ware, to harvesting credentials, to physically stealing devices.
The problem has become so severe that on September 14, 2022, the Federal Bureau of Investigation issued a notification to the industry that they have received multiple reports of cybercriminals increasingly targeting healthcare payment processors.
The threat identified by the FBI involves criminals compromising user login credentials in order to divert payments to accounts controlled by criminal organizations. Among other routes into the necessary credentials, criminals use a variety of techniques including phishing campaigns and social engineering.
Among the breaches reported by the FBI:
- In April 2022, an entity with more than 175 medical providers discovered that a cybercriminal posing as an employee had changed the ACH instructions of one of their payment processing vendors to direct payment to the cybercriminal rather than the intended providers.
- From June 2018 to January 2019, cybercriminals targeted and accessed at least 65 healthcare payment processors to replace legitimate customer banking and contact information with accounts controlled by the criminals.
Note that the term “payment processors” in the context of both the FBI notification and the cybercriminal world absolutely includes outsourced billing and collection providers, AKA “billing companies” and “revenue cycle management” companies.
Protecting against a cyberattack involves a combination of efforts, from the adoption of actual, implemented HIPAA security programs, to enabled antivirus and anti-malware software, to updated security protocols, to staff training, just to name a few.
Medical groups, especially, but by no means limited to, hospital-based groups, which have already migrated billing and collection, payment processing, etc. to third-party vendors for business reasons, can take some solace from the fact that those vendors are likely (but are they actually?) better equipped to deal with cybersecurity threats. Yet, just because you have outsourced those functions does not mean that your practice is free from concern or from potential liability as a result of a data leak.
In addition to the prophylactic measures mentioned, as well as many more, medical groups must focus on the issue of potential liability. To the extent solvable, what that means is cyber liability insurance. This is the case even if, in the classic example of an anesthesiology or other hospital-based group, you do not perform any of your own cyber processes in house, i.e., every single billing, collection, warehousing of PHI, etc. function is performed by a vendor. There is potential liability beyond what can be offloaded to the Vendor. Additionally, cyber liability insurance generally provides protections that are broader than what are normally seen as cyber related.
The problem, though, is that it takes special legal and brokerage skill to be able to place coverage when your entity is lacking in, as again is often the case, any entity computer system of any kind. Just because it’s difficult doesn’t mean that you should ignore the importance of this coverage.
We’ve developed a team approach to obtaining cyber liability insurance working in concert with experienced brokers. Contact me to discuss your situation, both in regard to coverage and in regard to the other elements you should explore to reduce the chance of a successful cyberattack.
|
| | How to Deploy the Secret Sauce of Opportunistic Strategy - Webinar On Demand
They say that COVID-19 has changed the world, creating the "new normal." Many of your colleagues and many hospital administrators are running scared.
Others, leaders like you, know that crisis means opportunity.
Let me provide you with the strategic tools and insights that you need in order to seize opportunities, whether they’re in the context of your current business relationships, the expansion of your business activities, or the creation of new ventures.
You will learn:
• Defense as a defective default: It’s necessary, but not sufficient.
• Exploiting weakness: Drop the guilt and identify opportunity.
• Flat line negotiation is fatal: Understand its myths and limitations.
• Negotiation reality: Learn to identify and deploy on multiple planes to affect the outcome.
• Maneuver: Harness the power of maneuver, both in overall strategy and in specific negotiation strategy.
Others see a crisis and freeze in fear. Learn how to see the opportunities and obtain the tools to increase your odds of obtaining them.
The price to attend is $479. The cost of not attending is astronomical.
|
| | | Newsflash: Business Life In the Time of Coronavirus - The Way Out
The coronavsaaairus crisis, especially as it has become politicized, raises a number of business issues and, quite frankly, business opportunities in regard to future disruptive events.
Check out our mini-series, with actionable business lessons for medical group leaders.
Sooner or later this crisis will end. You can’t allow yourself to be too busy, too occupied,
too concerned with current events, to devote time and effort to strategizing for your future.
|
| |
In an organization we tend to be judged for what we do - not for the decisions that we make not to do something.
|
| | All Things Personal
Doing more. Call it a tip. Call it a lagniappe. Call it whatever you want, but it could have a very high return.
Among the four elements required to establish the existence of a contract are the offer, which is essentially the promise to do something, and the consideration, the value, usually money, that the other party has promised in exchange.
A month or so ago the glass window on my car’s convertible top begin to separate from the canvas, a known weakness of the manufacturer’s cars. Fortunately, and perhaps oddly, one of the few workshops in the region that can repair the top properly is located a short drive away.
I dropped the car off, found out what it would cost, told them that that was fine (there’s our contract) and mentioned a few spots on the top, stuff that probably dripped down in an office building garage.
And that’s when the doing more began. They asked how I was getting home and I said by Uber. They said don’t worry, we’ll drive you. They did. When the car was ready a few days later, they said don’t worry, they would drive it to me. They did. And when it arrived, the spots on the top were removed; not only was the window like new, the entire top appeared new.
Doing a good job, even a great job, has become expected. And, in most medical practices, that’s all that’s done even if there’s no argument that it’s excellent medical care. That’s what’s expected--it’s simply the price of admission.
But there are ways of doing more, of doing things that delight, of doing things that trigger reciprocity from the recipient. Consider, just as examples, the development of special programs for the hospital at which a group holds an exclusive contract, to the patient appreciation party being thrown by my internist next weekend, complete with music and a taco truck.
What can you do to exceed expectations, to actually delight, and at the same time help to cement relationships far beyond the delivery required by the contract?
|
| | Help Us Help You With Helpful Content
What tailored content would you most like to see during this time? How can we focus on solutions to your most pressing
strategic concerns?
|
| | Podcast Compilation Greatest Hits - Manage Your Practice Edition
We've curated our most popular podcasts on managing your practice into our second compilation album.
Sit back, enjoy, and think about your future.
Listen here. |
| | | | | | We all hear, and most of us say, that the pace of change in healthcare is quickening. That means that the pace of required decision-making is increasing, too. Unless, that is, you want to take the “default” route. That’s the one is which you let someone else make the decisions that impact you; you’re just along for the ride. Of course, playing a bit part in scripting your own future isn’t the smart route to stardom. But despite your own best intentions, perhaps it’s your medical group’s governance structure that’s holding you back. In fact, it’s very likely that the problem is systemic. The Medical Group Governance Matrix introduces a simple four-quadrant diagnostic tool to help you find out. It then shows you how to use that tool to build your better, more profitable future. Get your free copy here.
|
| | | Whenever you're ready, here are 4 ways I can help you and your business:
1. Download a copy of The Success Prescription. My book, The Success Prescription provides you with a framework for thinking about your success. Download a copy of The Success Prescription here.
2. Be a guest on “Wisdom. Applied. Podcast.” Although most of my podcasts involve me addressing an important point for your success, I’m always looking for guests who’d like to be interviewed about their personal and professional achievements and the lessons learned. Email me if you’re interested in participating.
3. Book me to speak to your group or organization. I’ve spoken at dozens of medical group, healthcare organization, university-sponsored, and private events on many topics such as The Impending Death of Hospitals, the strategic use of OIG Advisory Opinions, medical group governance, and succeeding at negotiations. For more information about a custom presentation for you, drop us a line.
4. If You’re Not Yet a Client, Engage Me to Represent You. If you’re interested in increasing your profit and managing your risk of loss, email me to connect directly. |
|
|
