Fintech Today
  • About
  • Banking
  • Insurance
  • Resources
    • COVID-19
Subscribe
No Result
View All Result
  • Digital Transformation
  • Customer Experience
  • Cybersecurity & Risk
  • Regulation & Compliance
  • Claims Management
Fintech Today
  • Digital Transformation
  • Customer Experience
  • Cybersecurity & Risk
  • Regulation & Compliance
  • Claims Management
No Result
View All Result
Fintech Today
No Result
View All Result
Home Cybersecurity & Risk

Helping Health Insurers Defend Against Cyberattacks

by Kelsey Winick
October 26, 2021
in Cybersecurity & Risk, Insurance
Reading Time: 9 mins read
A A
Helping Health Insurers
Share on FacebookShare on Twitter

With the ongoing impacts of the COVID-19 crisis, health insurance companies are under a lot of pressure, which is exactly the time when cyberattackers like to strike. But Matthew Krawse, Vice President of Business Solutions at Zelis Healthcare has some sound advice for helping health insurers to manage risk and withstand the efforts of cyberattackers, both today and in the future. In a conversation with Financial Technology Today,  Krawse shared how risks impact payer and provider organizations both internally and externally. In addition, he commented on the importance of finding the right partner that includes cybersecurity as a core competency. Continue reading to learn how health insurers can be better prepared to defend against cyberattacks.

Financial Technology Today (FTT): Health insurers are among the most popular target for cyberattacks. What motivates these bad actors?

Matthew Krawse (MK): Health insurers are at the intersection of personal and financial information and this intersection is actually what attracts bad actors. Because we are a healthcare company, an information technology company, and a fintech company, we’ve prioritized security and it’s one of the major pillars of our business. It’s critical to understand that there are different types of bad actors, motivation, level of sophistication, and attack routes. All the while, these situations are becoming more and more prevalent as we continue to be more remote and as bad actors get smarter and advanced in their tools.

Security is not just the deployment of one layer of protection based on one type of bad actor, it’s an ever-evolving process. When you start to approach it in these terms you realize that if security and compliance are not one of the core competencies, and with many health insurers it is not, it is critically important to find a partner that has it as one of theirs.

Our approach to security is one that we call a hub-and-spoke security model. It takes into consideration all of the different aspects that I just mentioned. It mitigates all the potential risks through a process that starts with technology, goes into a systematic check and balance process, and is guided by human capital. Each spoke of that process is independent of each other, but it’s also interconnected, which means that each situation can really stand on its own. But all of the situations combined are mutually exclusive and collectively exhaustive on the risks.

FTT: It’s not just external attacks that affect payers, though. How do fraud and abuse impact payers and also add risk to business operations?

MK: The internal, or what we will call opportunistic bad actors, are a real threat. These can be individuals that are within a payer or provider, or in close proximity to the physical locations. It is absolutely something that needs to be considered when you think of the security model. First and foremost, the biggest way that someone can try and mitigate this is internally through communication within their organization. It always comes back to the basics of not sharing logins, ensuring knowledge of what a suspicious email looks like, and why you should not click on a suspicious link.  These are things that we all know but need to be reminded of. As well as knowing these fundamentals it’s vital to ensure that you have a system in place that does track audit reports. With education, robust security solutions, and auditing in place you’ve got the basics in place to mitigate attacks and the downstream impacts to your business operations and, in the case of providers, patient care.

FTT: How does converting from paper-based to electronic payments and communications help protect payers?

MK: First, we are eliminating several of the human components from the risk equation. There’s no need for paper to be sent to the mail and then delivered either to a member or a provider. There’s no need for those respective parties to get that information, file that information, transact on that information. Converting from paper-based to electronic communications avoids something sitting in a mailroom, a mailbox, or on someone’s desk, and, in the process, you eliminate both malicious and benign types of risks.

Secondarily, we’re ensuring that there’s transparency on delivery. What that means is converting to an electronic or digital communication for payment ensures that there is an understanding of directly who the payment was to, who received it, when they received it, and when they transacted upon it.

The combination of those two is wildly impactful to ensuring that there’s a layer of protection above and beyond what you get from paper documentation.

FTT: What risks does embracing electronic payments and communications introduce?

MK: Risk is inherent, so even though moving to electronic payments and communications mitigates many sources of risk, risk still exist. Because payers and providers are focused on their own core competencies the issue of cyber risk management presents challenges. It isn’t that cyber risk isn’t top of mind, after all, the high-profile breaches have put cybersecurity at the top of every healthcare payer and provider’s agenda, but it’s more than finding the right solutions and trusted partner is a challenge.

 From my perspective, the biggest risk that payer and provider organizations face is if they take on digitizing these payments and communications themselves. That is because bad actors will continue to get more targeted and more advanced because attacks are their core competency, and they will increase in efficiency and frequency far more quickly than a payer or provider can respond. By working with a trusted partner payers and providers can focus on their jobs and leverage the partner’s insights, resources, and expertise in protecting digital assets.

FTT:  What more can payers do to ensure they can stay ahead of cyberattacks?

MK: For payers and providers the focus needs to be on internal employees and networks in particular, on communication and training. The basics of digital hygiene always start with the people that you work with. Then focus on external sources of risk and make sure you have partners for whom data protection and understanding risk is a core competency and who will work with you and protect you.

FTT: What should health insurers look for in terms of security and compliance when choosing a payments and communications partner?

MK: There are three important considerations. The first is identifying industry standard best practices. In healthcare, that means finding a partner that has audited certifications. These certifications provide a trusted framework for understanding what a partner will do, has done, and allows the third-party audits of these best practices.

Second, there is a focus to ensure that a payment and communication partner is focused on doing all these as core competencies and under their roof. You want one organization that knows the ins and outs and is able to support your organization and provide a comprehensive end-to-end solution. The real importance here, which most people overlook, is that there’s only one IT and one security team that knows the details. You want one house, one team, one solution.

The third and final consideration is understanding that certifications, best practices, and value propositions are table stakes. There is so much more that goes into protecting than just these frameworks. When an organization is looking to find a payments and communications partner, during your diligence, ask questions about education scenarios, ensure you feel comfortable with the responses you’re hearing, and make sure you’re getting the details that will ensure the organization is completely protected. Simply put, knowledge is the most important tool you can have when choosing a security of payments and communications partner.

FTT: Do you have any final thoughts to share with us?

MK: The focus of cybersecurity and compliance in healthcare has been on payers, but over the past 24 months, providers have also seen a dramatic increase in the number of potential attempts and successful attacks. We’re not turning back from an interconnected world, from remote work and care, or digital forms and this is giving bad actors so many more targets and opportunities for a successful attack. It’s imperative that payers and providers find partners that can secure both ends of the workflow and process and ensure members are completely covered.

Tags: cyberattackscybersecurityMatthew KrawseNational Cybersecurity Awareness MonthZelisZelis Healthcare

RELATED POSTS

Minimizing Phishing for Financial Services Institutions with Enhanced Email Security
Banking

Minimizing Phishing for Financial Services Institutions with Enhanced Email Security

November 8, 2022
With a Virtual CISO, Financial Services Institutions Can Upgrade Their Security Posture
Banking

With a Virtual CISO, Financial Services Institutions Can Upgrade Their Security Posture

October 27, 2022
cybersecurity action plan
Banking

An Action Plan for Financial Services Institutions to Address Ransomware

June 16, 2022

TRENDING NOW

  • Life Insurance

    Selling Life Insurance Policies Via Vending Machines is the Ultimate Form of Customer Convenience

    554 shares
    Share 222 Tweet 139

  • With a Virtual CISO, Financial Services Institutions Can Upgrade Their Security Posture

    496 shares
    Share 198 Tweet 124

  • Who’s Driving Digital Transformation for Banks and Financial Institutions?

    498 shares
    Share 199 Tweet 125

  • Arizona’s Motor Vehicles Department (MVD) Makes Payment Offerings More Accessible

    645 shares
    Share 258 Tweet 161

  • Email Phishing and Spam Protection Help Financial Services Institutions Build Trust and Credibility with Customers

    506 shares
    Share 202 Tweet 127

CONNECT WITH US

Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner

BECOME AN INSIDER

Get Financial Technology Today news and updates in your inbox.

Strategic Communications Group is a digital media company that helps business-to-business marketers drive customer demand through content marketing, content syndication, and lead identification.

Related Communities

Future Healthcare Today
Government Technology Insider
Modern Marketing Today
Retail Technology Insider
Today’s Modern Educator

Quick Links

  • Home
  • About
  • Contact Us

Become a Sponsor

Financial Technology Today offers content and advertising sponsorships to leading technology solution and service providers. Interested in becoming a sponsor? Contact us!

© 2023 Strategic Communications Group, Inc.
Privacy Policy      |      Terms of Service

No Result
View All Result
  • Home
  • About
  • Banking
  • Insurance
  • Categories
    • Digital Transformation
    • Customer Experience
    • Cybersecurity & Risk
    • Regulation & Compliance
    • Claims Management
  • Contact Us