A Strategic Response to Cyber Incidents in Health Care: Becoming Prepared and Resilient

Many organizations believe they are prepared for an emergency until crisis arrives.

At the beginning of 2024, would you have said you were equipped for a cyber incident with appropriate contingency plans in place? Probably many of us would. And yet, the major healthcare cyberattack this year rocked our industry, with effects that were far reaching and even disastrous.

As the dust begins to settle, now’s the time to figure out how to bolster emergency preparedness, focusing on financial security and data management. We can’t be complacent and wait until the next disaster. Preventing and mitigating disaster starts with a clear-eyed look back at what happened.

Emergency Preparedness: A Natural Disaster Perspective

Rewind to 2005. At the end of that August, the National Hurricane Center first began issuing advisories about Tropical Depression Twelve, which would within a few days become Hurricane Katrina, one of the most powerful and destructive storms in US history. Despite having several days of advance warning, people were still unprepared for this catastrophic natural disaster. How was that possible?

What can we learn as we compare Katrina to a “cyber disaster”? And how can that guide our next steps in helping us increase our financial and data preparedness?

Parallels in Emergency Preparedness

There are advance warning signs we can choose to heed. Just like hurricane forecasts provided advance warning of Katrina's approach, businesses also often get warning signs of potential financial or data risks, from economic indicators and market shifts to reports of cyberthreats or even dealing with smaller targeted incidents yourself. Heeding these early warnings is crucial for preparedness. But remember: just noticing isn’t enough—we need to act.

We need to honestly assess vulnerabilities. During Hurricane Katrina, the failure of the levee system exposed New Orleans's vulnerabilities to flooding. When you hear about security threats like cyberattacks and other emergencies affecting the industry, take stock. Healthcare organizations and systems need to thoroughly assess their own vulnerabilities, such as outdated systems, supply chain risks, which clearinghouses they use, vendors that should be replaced, data security weaknesses, etc. Understanding vulnerabilities allows us to shore up our own business “levees” or defenses.

Not having the right emergency plans in place can make things a lot worse. Lack of adequate emergency planning hampered the response to Katrina and created a human disaster larger than wind and water. Businesses need to create comprehensive emergency plans for worst-case scenarios, like surviving a period when cash flow is stopped. Include contingencies for everything from backup systems to financing to cybersecurity breach responses.

We must allocate resources strategically. No one has a blank checkbook. New Orleans faced challenges due to resource constraints, which led to an inability to respond properly to the hurricane. Health care always seeks to trim costs to increase profitability, but even so, we can’t shortchange preparedness. We must properly allocate budget, staffing and investments to bolster resilience.

Remembering these parallels helps us create a proactive and strategic response for future incidents. And the key is maintaining consistent cash flow.

Keeping Cash Flowing

When the flow of claims is interrupted, cash flow stops, which in a worst-case scenario can lead to going out of business. The spotlight fell on cash flow this year as some healthcare business owners, in response to our own cyber “Katrina” incident, had to use personal lines of credit and savings accounts to cover business expenses, payroll and rent.

We know some type of disaster will eventually strike again. A prepared, proactive cash flow response needs to consider at least three things:

  1. Cash reserves. The American Hospital Association studied the period of January 2022–June 2023 and found that cash reserves dwindled in the median health system from 173 to 124 days during that period. The trend is concerning since fewer days of cash available leaves health systems and hospitals vulnerable to sudden emergencies, including cyber incidents. Building up cash reserves will increase resilience and enable business continuity.

  1. Lines of credit. Identifying and quickly accessing available credit can also keep cash flowing during an emergency. Health systems that have access to flexible lines of credit can draw funds as needed to cover expenses such as payroll, supplies and other high-priority, critical expenses.

  1. Clearinghouses. Are there risks of relying on a single source of cash flow (e.g., a specific clearinghouse or third party)? Many healthcare organizations are taking a more proactive approach of using multiple clearinghouses to diversify cash sources. Since most of your claims have routes through various clearinghouses, using multiple solutions could actually accelerate business continuity if one clearinghouse were affected by a cyberattack.

    The market has fast, capable clearinghouse options, including some like Office Ally, that can get you submitting most claims the same day. You can ensure you have failover plans by choosing clearinghouses that will be proactive on your behalf so you can recover more quickly and maintain adequate reserves. 

Even if you are still trying to achieve business as usual, this is the ideal time to concurrently analyze potential points of failure in cash flow to mitigate the effects of potential future disasters.

What to Do Now

The tragic failures of Katrina prompted major reforms. We should likewise analyze the cyber and other disasters that affect health care and view this as an opportunity to improve resilience. As you respond strategically, prioritizing financial and data preparedness, you can enhance your organization’s abilities to endure disruptions and rebound quickly. We even created a road map to help you on your path to preparedness for financial and data resilience.

Office Ally is a clearinghouse alternative you can trust. We can help you get payments moving again. You can start submitting claims today with Service Center, a portal powered by the Office Ally all-payer Clearinghouse platform that includes more than 3,000 connected payers. We have specialized implementation plans for large-volume submitters. Contact us today.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Articles We Think You'll Like

 

Featured Whitepapers

Featured Webinars