In addition , the health care industry has increasingly become the target of ransomware attacks . In 2021 , IC3 reported that of the 649 ransomware complaints they received , 148 originated from companies in the health care industry . 13 For context , that figure is 66 % greater than the second-highest industry ( financial services ) 14 and double the third-highest industry ( information technology ), 15 based on figures documented in the same report . Given the deep pool of payments and information available , criminals have hardly scratched the surface of what could be available if we are not vigilant to stop them .
Adding to the issue , many health care providers operate with antiquated software and hardware . And , despite the adoption of faster payment methods , there is still a prevalent use of outdated payment methods susceptible to fraud , waste and abuse , as illustrated by the $ 500 billion issued in paper checks each year . 16 Health care providers ’ cyberinfrastructure and cybersecurity are generally ill-equipped to handle sophisticated attacks . Furthermore , cybercriminals are masters of manipulation and social engineering , and all it takes is one point of compromise to get in . If that were not enough , vendor management is another chink in an already perforated suit of armor . Due to the protected health information ( PHI ) passed between payer , provider and vendors , any point of access is enough for a cybercriminal to cause significant damage .
Automation is the path forward
The path from care to making a payment is unfortunately filled with challenges , which all too often result in enormous waste , abuse and , of course , fraud . According to the Center for Medicare and Medicaid Services , waste is the result of “ inefficiencies ” in billing and payments , while abuse is more like “ bending the rules .” 17 See Graphic 2 to understand how they see these types of improper payments . 18
Graphic 2 : Types of improper payments *
lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll MISTAKES RESULT IN ERRORS :
Incorrect coding that is not widespread
INEFFICIENCIES
BENDING THE RULES
INTENTIONAL DECEPTIONS lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll RESULT IN WASTE :
Ordering excessive diagnostic tests
lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll RESULTS IN ABUSE :
Improper billing practices ( like upcoding )
lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
RESULT IN FRAUD :
Billing for services or supplies that were not provided
* The types of improper payments in Graphic 2 are strictly examples for educational purposes , and the precise characterization of any type of improper payment depends on a full analysis of specific facts and circumstances . Providers who engage in incorrect coding , ordering excessive diagnostic tests , upcoding or billing for services or supplies not provided may be subject to administrative , civil or criminal liability .
Source and visualization by Centers for Medicare & Medicaid Services 19
ACAMS Today September – November 2023 43