Collection agencies working medical debt, be forewarned. You are a reason why healthcare executives are tossing and turning in their beds every night, unable to fall asleep. And that was before a data breach at a collection agency exposed the personal and financial information of 20 million individuals.
Third-party vendors are what concern healthcare executives the most related to the issues of cybersecurity and privacy, according to the results of a survey released earlier this week. The survey was taken before a data breach was announced at American Medical Collection Agency, but highlights the concerns that healthcare executives have about their vendors. Social engineering and phishing and insiders were the next greatest threats to healthcare companies, according to the survey.
Despite the concern that healthcare companies have for their third-party vendors, only 60% of those companies are conducting security reviews of their vendors both before and after contracts are signed, according to the survey, which was conducted by CynergisTek, Inc. In fact, 13% of companies are not doing any reviews at all. As well, only 28% of respondents are conducting incident response exercises more than once a year.
Executives also lamented the lack of resources and tools to adequately address cybersecurity threats. Not having enough resources was the overwhelming challenge cited to meeting companies’ privacy and security needs, nearly twice as much as the next-highest ranked challenge, accountability.
Collection agencies that work medical debts can likely expect additional inquiries and reviews from their clients, following the announcement of the breach. Agencies should also consider being proactive in reaching out to their clients with affirmations of their information security and data privacy protocols and invitations for clients to visit the agency’s offices and conduct their own reviews.