Businesses have been paying an increasingly steep price over the past decade for cybercrime. The global cost of cybercrime jumped from $114 billion in 2010 to $445 billion in 2014 and approximately $600 billion in 2017. Analysts expect that number to increase to $6 trillion by 2021.
Cyberattacks are the fastest growing crime in the United States, costing businesses and other enterprises an average of $25 per minute. The healthcare industry is the second-most cyber-attacked industry, and medical billing companies aren’t exempt from these crimes.
A majority of cybercrime affecting the healthcare industry comes in the form of data breaches, which occur through a variety of incidents, including stolen devices, hacking, human error and negligence and cyberattacks. The following statistics show how costly cybercrime can be on healthcare enterprises:
- The average healthcare data breach costs an estimated $6.5 million – about $429 per patient record.
- Stolen medical data can sell for 10-20 times that of credit card information.
- More than 2,100 data breaches in the healthcare industry have been reported over the decade.
- Medicare numbers sometimes sell for $500 apiece.
- The number of cyberattacks last year – a total of 510 breaches of 500 or more records – was triple that of 2018.
- Of the 466 cybersecurity incidents in the healthcare industry in 2019, 304 included confirmed data disclosures.
Avoiding Costly Consequences
Businesses that fail to have plans and procedures in place to combat types of cybercrime, such as hacking, identity theft and ransomware, also can experience a damaged reputation and decreased revenue and customer trust. Placing protected health information (PHI) at risk further imperils enterprises through a lack of compliance with the Health Insurance Portability and Accountability Act (HIPAA).
One of the primary goals of HIPAA is to “assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well-being.” Under HIPAA, covered entities, which included healthcare providers, payers and clearinghouses that create, receive or transmit PHI, have to ensure they’re compliant with the Security Rule of HIPAA and its administrative, physical and technical safeguards.
Obstacles businesses encounter in complying with HIPAA include keeping communication secure, protecting mobile devices, addressing outside threats and staying aware of a changing regulatory environment. A lack of compliance can lead to costly HIPAA violations. Criminal penalties range from a fine of $50,000 and up to a year in prison to $250,000 and up to ten years of jail time. Civil penalties vary from $100 – $50,000 per violation, with an annual maximum of $25,000 for repeat violations, to $50,000 per violation, with an annual maximum of $1.5 million.
Maintaining Policies and Procedures
Even though cybercrime is a common problem for businesses of all sizes, four percent of business owners have administered each of the United States Small Business Administration’s cybersecurity recommendations and best practices. As a provider of medical billing services, ensuring your cybersecurity processes and procedures are up-to-date is essential. This can be accomplished cost-effectively and without the need for an expensive investment in your IT infrastructure.
For example, consider routinely educating and training your staff on cybersecurity. Because ransomware is usually spread through infected links or attachments in an e-mail, employees should be thoroughly and repeatedly educated and trained on how to identify such e-mails. Inform them about the risks of using a USB drive from an unreliable source. Try to utilize real-world scenarios to instruct your employees on what to do in specific cyberattack situations, giving them the tools to successfully achieve compliance and reduce errors.
As a business administrator, there are additional steps you can take to best ensure cybersecurity. Have your data backed up regularly, and keep a “gold image” of your systems and configurations. Develop a plan for dealing with a cyberattack if it occurs, and test that plan routinely. Evaluate all operating systems and networks that private information enters to identify vulnerabilities. Monitor all smart medical devices and implement firewalls and anti-virus protections, and verify all third-party vendors with whom you work are HIPAA-compliant. If necessary, hire qualified IT staff with cybersecurity knowledge and experience.
Investing in a Reliable Resource
Outsourcing medical billing enables healthcare enterprises to allocate more employee resources to other aspects of their business, achieve better payment rates and faster cash flow, and increase compliance with healthcare regulations. At 4D Global, because we take our customers’ business and our obligations very seriously, emails with HIPAA-related information sent via email are encrypted/password protected. Plus, all of our employees are educated and regularly trained on HIPAA guidelines.