If you’ve never experienced the nightmare of fraud, you may be underestimating its prevalence. Complex data breaches continue to climb year after year and according to the HIPPA Journal, reached a staggering 725 breaches involving 500 or more records in 2023. During this time, more than 133 million records were exposed or impermissibly disclosed. Indeed, while technology is making electronic payments easier, it’s also helping bad actors attack those same payment methods.
Health systems, hospitals and physician practices of all sizes are being targeted. According to the previously mentioned HIPPA Journal report, there has been a 239% increase in hacking-related data breaches between January 1, 2018 and September 30, 2023, and a 278% increase in ransomware attacks over the same period.
The cost of fraud.
So, what does all this attempted and actual fraud cost the healthcare providers involved? The average cost of a data breach is now $9.42 million for the healthcare industry. But financial loss isn’t the only issue. Healthcare leaders are well aware that fraud can expose confidential patient and organization information and adversely affect a provider’s reputation.
All of this begs the question: What is your organization doing to protect itself against the growing threat of fraud? Better yet, what are your critical financial providers (banks, insurance companies, investment firms) doing to protect your accounts with them? Not only should they be keeping their employees up to date on the latest schemes, but they should be educating their clients on how to spot fraudulent attempts to gain access or information that could compromise your organization.
Here are 11 strategies to help mitigate fraud:
- Dual Controls: Dual control approvals completed from separate computers help protect against multiple users’ credentials being captured on a single infected device.
- Separation of Duties: A separation of duties between the individual verifying activity/reconciling accounts and the staff person(s) with authority to originate transactions protects a single bad actor initiating a fraudulent scheme alone.
- Secure Location: Position computers used to transact business in a secure location.
- Internet Security: Ensure your device has current anti-virus software and all operating system and application updates and patches. Firewalls should be enabled if possible.
- Dedicated PC: Devote dedicated computers for online financial transactions.
- Email Security: Train employees to recognize phishing email and how to identify potential threats in email and instant messages.
- Verify Transactions: Always carefully and thoroughly verify transactions for authenticity and promptly reconcile accounts.
- Utilize Controls: Any partner software should feature controls that help limit exposure and require secondary review and approval of funds transfer activity.
- Multi-factor Authentication: Access to a payment portal from an unknown IP address prompts for a second verification to ensure proper user authentication.
- Password Protection: Remind users to maintain strict confidentiality of login/authentication credentials, e.g., IDs, passwords, PINs, and (if applicable) fobs.
- Patch Management Policy: Ensure your organization has an established Patch Management Policy and that it covers third-party client software such as Adobe, Flash and Java.
Most payment fraud thought leaders agree that a large portion of fraud is preventable. The challenge is helping employees recognize suspicious communications and inquiries and supporting them with technology that fills in the gaps.