Blog

Another Healthcare Data Breach: What Can You Learn from IT?

By: Keith Barthold

All three companies in a recent, massive healthcare data breach—with a combined at-risk population of more than 20 million consumers—used American Medical Collection Agency (AMCA) as their third-party billing collections service provider, whose online payment pages are responsible for the massive data breach that exposed consumers’ financial, medical, and personal information.

Just when you hadn’t heard of a monster data/security compromise in months, you find out you’re just as vulnerable as ever and cyberthreats are even more sophisticated and aggressive.


The Good News

AMCA seems to have taken some responsible and significant steps to combat these breaches. They contacted the appropriate law enforcement agencies, suspended collection requests, and sent notices to several hundred thousand potentially affected consumers.

Furthermore, an AMCA spokesman confirmed  that, upon receiving information from a security compliance firm about the possible security compromise, “AMCA conducted an internal review and hired a third-party external forensics firm to investigate any potential security breach in our systems, migrated our web payments portal services to a third-party vendor, and retained additional experts to advise on, and implement, steps to increase our systems’ security.”

According to the disclosure statement sent to the SEC, the compromised information could include name, birth date, address, date of service, phone number, balance information, and payment information, but the system at risk does not store social security numbers or insurance identification data. It’s not as bad as it could have been.


The Not-So-Good News

AMCA should be commended for their post-breach remediation activity but there are some clear signposts of lack of security readiness by AMCA. In this instance, the criminals that breached AMCA were undetected for eight months until they identified the issue and started working on a solution. It seems that if they had used a comprehensive strategic security platform including breach detection 24/7/365 monitoring, the proper detection would have occurred much sooner.

These incidents are wake-up calls for collection companies who are using digital engagement mechanisms to interact with and collect payments from consumers. While some companies are looking to cut costs in these areas, it can lead to disasters. And those companies using third-party services for their billing and collections need to make sure that they are as safe, secure, and as highly monitored as possible.

In addition to all the reputational damage these companies are undergoing, multiple class action lawsuits have been field against Quest Diagnostics and LabCorp since they disclosed personal and medical customer information. On June 3, 11 class action suits were filed against Quest from multiple states. Since then, eight more were filed in federal courts.

 

The Best News

Whatever industry you’re in, you’ve got to know the risks. Healthcare, in particular, is especially susceptible to data breaches because of the amount and sensitivity of personal and financial data. It also tends to focus less on cybersecurity.

You have to develop the right game plan. Organizations need the technological infrastructure, the appropriate policies and procedures, and the commitment to the collective execution that it takes to be cyber secure in the world today. Companies that stay safe are the one that planned to stay safe and followed through with their plan.

You can win the cybersecurity battle. You just have to be alert, equipped, and consistent. Anything less and you’re facing a remediation and reputation nightmare like what’s facing AMCA, Quest, LabCorp, and many others.

 

Published with permission from DKBinnovative

FCC Votes to Allow Aggressive Robocall Blocking

The Federal Communications Commission voted 6-6-19 to allow phone carriers to start to take more aggressive steps to block suspected spam and scam calls and to make enrollment in their robocall-blocking services automatic, not something you have to opt in to.

Notably, the new FCC rule does not require the carriers to automatically enroll customers in robocall blocking—it merely allows them to do so, something they couldn’t before for legal liability reasons. A second part of the rule proposes protections from lawsuits for phone companies that mistakenly block a call that should have been allowed to go through.

Nor does the new rule specifically say that the services should be offered for free, although the FCC says it expects they will be.

These changes come at a moment when millions of Americans, feeling under seige from nonstop robocalls, have fundamentally changed the way they use their phones in the first place. A recent Consumer Reports survey found that 70 percent of respondents say they won’t answer a call if they don’t recognize the number that appears on their caller ID screen.

In fact, robocalls are the number one complaint to the Federal Trade Commission, one of the agencies that along with the FCC is in charge of regulating the telecom industry. In May there were 4.7 billion robocalls made—43 percent of them scam calls, according to YouMail, a robocall-blocking and tracking technology firm.

More Changes Ahead

The FCC rule also makes other consumer protections available and clarifies expectations regarding even tougher robocall-blocking technology.

For example, consumers will now be able to tell their carrier to block any calls that aren’t contained in their phone’s contact list. Known as whitelisting, this is considered a kind of nuclear option because it  could result in missing important calls, not just spam or scam ones.

From: https://www.consumerreports.org/robocalls/consumers-get-more-help-blocking-robocalls/

Medical Debt Rules Relaxed in Washington State

Last month, Washington Gov. Jay Inslee signed a law that reduces the maximum interest rate on medical debt prior to a court judgment from 12% to 9%. It also prohibits sending a medical debt to collections until 120 days after the patient is sent the initial bill and requires collection agencies to provide itemized statements to patients for medical and hospital debts and to notify them of their possible eligibility for charity care.

For the rest of the story, see:

Mired In Medical Debt? Federal Plan Would Update Overdue-Bill Collection Methods

Machine Learning Trumps AI

Oxford University’s researchers suggest 47% of today’s jobs are candidates for AI obsolescence. Jobs prime for automation are readily found in the financial industry. Loan officers, for example, are ranked at 98% in likelihood of automation by the  Oxford study. Despite the hype AI has not passed a basic Turing Test, where humans can’t determine if they are speaking with another human rather than a computer. The major developments in the AI field are taking place in machine learning which uses programming models to mimic your brain. Financial projections and what-if scenarios are progressing/y achieving greater accuracy.

To be ready for the fourth industrial revolution start working on data governance by demanding data quality. The importance of clean data determines the quality of the model used for making decisions or recommendations. Internal controls are necessary to document “who is likely to pay,” for example to be ready to put in a format for machine learning.

Objective analysis based on machine learning will drive business decisions by extracting value from big data that until now was based on a hunch. True AI may be over-promised, as the joke goes machine learning is written in programming language, while AI is written in PowerPoint; but machine learning is already replacing spreadsheet decision making and human intervention.

Copyright 2018 Eventr. All rights reserved