The Revenue Cycle Management Technology Adoption Model (RCMTAM)

    RCMTAM offers healthcare providers a comprehensive tool to evaluate and enhance financial and technological performance through an evidence-based, five-stage maturity model.

    Learn More

    Featured Content

      FinThrive_EXEC_Revenue Management Automation Guide-svg

      Your Guide to an Autonomous Revenue Cycle
      Plot a course toward forward-thinking innovation that improves efficiency, the patient experience and your bottom line.

      Cyber Security in Healthcare: How Providers Can Improve Data Safety and Cyber Resilience

      Featured Image

      The escalation of data breaches and cyberattacks targeting hospitals and healthcare facilities is a growing concern. According to the HHS Office for Civil Rights (OCR), there has been a notable increase in cyber incidents within the healthcare sector. Between 2018 and 2022, the reported large breaches to OCR rose by 93% (from 369 to 712), with a staggering 278% surge in significant breaches involving ransomware.

      These cyber incidents have resulted in prolonged care disruptions, patient redirection to other facilities and delays in medical procedures, all of which jeopardize patient safety.

      Proactive organizations can adopt proven strategies immediately to mitigate cybersecurity risks.

      1. Implement multi-factor authentication

      Studies show that more than 80% of healthcare data breaches stem from inadequate password practices. To diminish the reliance on passwords for security, multi-factor authentication (MFA) requires users to present one or two additional verification factors.

      According to Microsoft, utilizing MFA can prevent 99.9% of automated attacks. Consider these MFA best practices to ensure this enhanced access control is effective:

      • Implement MFA across the entire healthcare organization

      • Provide a range of authentication methods (i.e., Security questions, email, phone call, SMS/text message, etc.)

      • Conduct regular assessments of MFA within the organization

      Through MFA, healthcare organizations can exert greater control by confining access to specific systems and resources solely to individuals possessing designated hardware authenticators.

      2. Regularly train staff on cybersecurity best practices

      One of the best lines of defense against a hacker for any healthcare organization is its employees. A proficient and informed employee serves as a vigilant guardian, adept at recognizing the initial indicators of a security breach and promptly notifying their cybersecurity team of potential threats. Conversely, inexperienced employees may unknowingly stumble into pitfalls that can incur substantial financial losses for their respective organizations.

      Enterprise cybersecurity tools, such as continuous monitoring and vulnerability scanning, have made it much more advantageous for cyber attackers to target individual employees to breach secure networks.

      It is essential to educate employees on recognizing prevalent cybersecurity threats they may encounter, such as common attack vectors like phishing and social engineering. Attackers often employ tactics like spoofing email addresses and domains to masquerade as legitimate entities, establishing trust before soliciting sensitive information.

      Empower employees to identify a phishing email and understand the basics of social engineering attacks. Alarmingly, 91% of cyberattacks originate from phishing attempts, underscoring the critical importance of equipping your team to detect phishing indicators and respond securely.

      3. Ensure your technology vendors possess the industry’s top security certifications

      When it comes to prioritizing security, vendors often turn to reputable security performance evaluation firms to ensure they uphold current and robust security practices.

      Common certifications and standards that are worth considering include:

      HITRUST CSF-certified
      Health Information Trust Alliance (HITRUST) Common Security Framework certification independently validates industry-recognized security standards.

      SOC 2 Type 2-certified
      Security Organization Control (SOC) 2 Type 2 certification independently verifies an organization’s adherence to the pillars of security best practices over a period.

      EHNAC Direct Trust
      Governed by the Electronic Health Network Accreditation Commission, the Direct Trust Accreditation ensures certified organizations meets rigorous standards for data security and privacy, complies with regulatory requirements, demonstrates a commitment to high-quality healthcare data exchange practices and supports interoperability.

      icon-symbols-checkmarks  RELATED:  [Webinar] Cyber Resilience in Healthcare—Navigating Post-Breach Challenges and Accelerated Solutions

      4. Ask vendors security questions during your evaluation process

      In healthcare, security certifications and accreditations foster trust among stakeholders, enhance operational efficiency and safeguard patient information. Collectively, these efforts lead to improved healthcare outcomes and decreased risks.

      But certifications aren’t everything. When evaluating different tech vendors for your healthcare organization, make sure to ask about security. It’s imperative that the vendor your organization partners with is a trusted resource on how to navigate the complexities of data security and cyber resilience.

      You can use the following questions to get you started:


      What you should ask


      What you should hear

      How do you proactively monitor systems?
      • 24/7/365 monitoring

      • Internal SOC team for proactive monitoring and governance

      • Dedicated security and compliance program with oversight from company executives and security SMEs to proactively address potential issues

      How do you assess vulnerabilities?
      • Regular red team/penetration testing

      • Proprietary and open-source code analysis

      • Threat modeling

      When is your data encrypted?
      • Data is encrypted in transit and at rest

      • Adhere to industry-leading certifications, including HITRUST, SOC II and EHNAC Direct Trust

      What processes are in place in case you get hacked?
      • Disaster Recovery and Business Continuity plan and annual testing and certification by EHNAC. Return to normal operations in 48 hours

      • Prioritizes speed, transparency and ongoing communication to clients


      When you team up with a trustworthy partner, it can really change the game when it comes planning for a data breach or navigating through it when one occurs. At FinThrive, security is a top priority–not a box to be checked. Throughout the organization, we foster a culture focused on safeguarding data for our clients and their patients.

      If your organization was impacted by a recent cybersecurity incident, learn how FinThrive is helping affected organizations maintain business continuity and stay cyber resilient.


      View All Blogs

      How Healthcare Organizations Can Improve Their Insurance Verification Process

      In the healthcare industry, accurate insurance verification is crucial for patient care and overall revenue. Despite its importance, many healthcare...

      Read More

      What You May Have Missed at HFMA 2024 – Industry Trends and More

      The 2024 HFMA Annual Conference returned to Las Vegas this year…and man was it HOT! Not only did we have triple-digit temps all week, the conference...

      Read More

      Enhance Patient Experience with Continuous Insurance Coverage Search

      Navigating the complex landscape of healthcare can be challenging for patients, especially when it comes to understanding and managing insurance...

      Read More