Close up of a blue aloe vera flower

5 strategies to reduce future cybersecurity threats in the healthcare revenue cycle

5 strategies to reduce future cybersecurity threats in the healthcare revenue cycle

If you’re a leader in healthcare revenue cycle management, cybersecurity threats are a top concern — and they have to be when more than 132 million Americans (roughly 40% of the U.S. population) were affected by health-record data breaches in 2023 alone.

This was called into sharp focus recently, when a cyberattack breached the network of a health IT giant, disrupting operations for healthcare organizations across the U.S.

While that situation is complex and ongoing, there are proven strategies proactive organizations can implement now to reduce future cybersecurity threats.


Assess your vendor’s ability to serve + support you

When the unthinkable happens, you need to know you’re working with a trustworthy partner who has the same values you do. You also need to be confident in their ability to support an organization of your size, scope, and with your specific data-protection needs.

Ideally, you’ll explore all of this before a crisis happens. But if you find yourself shopping for a new vendor after — or even during — a crisis, ask potential vendors:

  • What is your average implementation satisfaction score?
  • How often do you meet or exceed implementation timelines?
  • What is your average client support satisfaction score?
  • How long does it take to reach a live support representative?
  • What is your average turnaround time on support case resolution?

If your vendor can’t or won’t offer those metrics, find an RCM partner who provides a better experience.

725 large healthcare security breaches occurred in 2023 up from a record 720 in 2022 according to HIPAA Journal


Check vendor certifications + assessments 

Vendors who value security will leverage leading security performance-evaluation firms to maintain up-to-date, secure practices.

Ask about these common certifications and standards:

1. SOC 2 Type II

SOC 2 is a security framework that specifies how organizations will protect client data from security incidents and unauthorized access. It ensures a SaaS provider is managing the environment to the ‘trust service principle’ — prioritizing security, privacy, availability, confidentiality, and processing integrity.

Make sure your vendor:

  • Adheres to SOC 2 Type II because that provides evidence of long-term, ongoing processes that protect customer data
  • Keeps this certification current since some vendors will achieve it and then allow it to lapse


The HITRUST Common Security Framework (CSF) helps healthcare organizations prove they are operating securely and compliantly while keeping personal health information (PHI) secure. Make sure your vendors adhere to the HITRUST r2 Validated Assessment as that is the gold standard for information protection assurances.


The Payment Card Industry Data Security Standard (PCI DSS) validates that any organization processing credit card payments is authorized to do so.

HIPAA compliance

The Health Insurance Portability and Accountability Act (HIPAA) sets the security and privacy regulations required to protect sensitive patient health information. It’s enforced by the Office of Civil Rights and is legally required for any healthcare or IT service provider that accesses PHI.

4. Security information and event Management (SIEM) system

SIEM systems collect and analyze data from sources across the organization’s network — firewalls, intrusion-detection systems, endpoint security solutions — to help identify unusual activity that may indicate a threat.

PayFacs vs. ISOs: The Complete Guide to Payment Facilitators
Do you need a PayFac or an ISO? Click the image to get the guide.


Ask partners + vendors key security questions 

When you partner with a vendor who can impact your cash flow, you must be confident they can keep your data secure and act swiftly when threats occur. 

Ask partners + vendors:
The answer should include:
How do you monitor systems for suspicious activity? 


  • 24/7 monitoring 
  • Advanced technology 
  • SIEM systems 
What’s your process for assessing vulnerabilities in your systems and network? 


  • Regular vulnerability scans + penetration testing 
  • Threat intelligence (collecting and analyzing information about the latest cyber threats) 
  • Actively searching for weaknesses attackers could exploit in the future 
What is your recovery strategy if you’re targeted or hacked? 


  • Procedures for identifying, containing, and recovering from an attack 
  • Communication plan for clients that prioritizes speed, transparency, and ongoing communication  


Setting expectations — on both sides, in advance — will help everyone maintain order so you can act fast to keep data as secure as possible in the event of a cybersecurity attack.



Strengthen existing security + access controls 

Security and access control are essential measures that determine who can access your data, resources, and apps. Make sure your organization is leveraging all available options to safeguard data and prevent unauthorized access.

Ask your IT department to:

1. Require frequent password rotations.

Schedule regular password changes across your organization and systems. Consider increasing the minimum password length and special-character requirements.

2. Implement two-factor authentication.

Consider asking for two separate, distinct forms of identification to access your systems, phones, and even buildings.

3. Review IP whitelisting settings.

IP whitelisting lets organizations grant access to trustworthy IP addresses, but it’s not something you should “set and forget.” Review IP whitelisting periodically so you can restrict unauthorized access to systems and networks and ensure every IP address with access should, in fact, have it.

4. Monitor user activity.

Monitor user activity on the network to detect suspicious behavior, such as unauthorized access attempts or data exfiltration.

what is ransomware in the healthcare revenue cycle? Ransomware is a type of malware — a software designed to cause disruption — that permanently blocks access to the organization’s data unless a ransom is paid. In healthcare revenue cycle data breaches, executives may need to decide not only if they’ll pay the ransom but when in cases where patient data is being deleted or exposed based on the organization’s response time.



Train employees regularly on data security + compliance

While most RCM employees understand the magnitude of cybersecurity threats in healthcare, regular training is still critical. Not only will it show staff the risks and threats your organization faces, but it will also give them the knowledge to identify potential threats and the tools to report them.

Make sure every employee completes regular training on the most common methods of cyberattack, including:

1. Email

According to the HIPAA Journal, phishing is a leading cause of healthcare data breaches — and attacks are increasing. Malicious links, attachments, and downloads are common ways attackers gain access to systems. Give your team tips for spotting malicious content to prevent network infiltration.

2. QR codes

Today’s attackers have also expanded their phishing efforts to include QR phishing. An attacker will send the target a code and convince them to scan it for a seemingly valid reason. That can lead to compromised credentials, data breaches, or ransomware infections.

3. Mobile

Employees often unknowingly use personal or work mobile devices in ways that make them susceptible to mobile-based attacks.

  • If you allow employees to access work information via personal devices, make sure you activate the necessary controls (company portal applications for remote management, password-strength requirements, etc.).
  • Teach employees about smishing (fake SMS/text messages) and vishing (fraudulent phone calls), which can easily trick victims into providing sensitive information via text or phone call.

4. Working remotely

With remote work now a permanent part of revenue cycle management, employees must (1) know the risks of working outside a secure office environment, and (2) follow best practices when doing so. Consider who needs to be using a virtual private network (VPN), who should come into the office to perform specific tasks, etc.

Remember to include compliance and regulatory training in your schedule as well. Accidental HIPAA violations are much easier to avoid when training outlines what each staff member needs to do to stay compliant while performing their specific duties.

Are you facing revenue cycle disruption?

For a limited time, Waystar is offering accelerated implementation* for those experiencing disruptions due to data security.

To see if your organization qualifies, get in touch with a representative today.

Get the experience you deserve

*Accelerated implementation services based on a ‘first-come, first-served’ basis.  Availability may be subject to change. 

Extra Grunge Rusty Pattern Background, vignetted


Get the latest in RCM and healthcare technology delivered right to your inbox.

Sign up