2025 Innovation Conference: What Every Revenue Cycle Leader Needs to Know About Cybersecurity Part 1 & 2 - HBMA Store

As presented at HBMA's Innovation Conference March 12th-13th, 2025.

What Every Revenue Cycle Leader Needs to Know About Cybersecurity Part 1 Presented by Mike Green

In February 2024, the healthcare sector was shaken by one of the most devastating cyberattacks in its history. For weeks, millions of patients were unable to fill prescriptions or schedule critical care, while hundreds of thousands of providers struggled to submit claims or receive reimbursements. This catastrophic event underscored a stark reality: even the most comprehensive risk mitigation strategies are insufficient without an equally robust incident response plan.

For revenue cycle leaders and billing professionals, the implications of such an attack are profound. The disruption of claims processing and reimbursement flows can lead to significant financial instability, erode trust with providers and patients, and jeopardize the overall operation of healthcare systems.

This presentation will explore the cyberattack’s key lessons and explore actionable
strategies for safeguarding your organization against similar threats. While no solution is foolproof, the industry must prioritize not only prevention but also rapid recovery, ensuring that clearinghouses and billing systems can maintain continuity even in the face of severe cyber threats.

Key topics include:

1. The Current Cybersecurity Landscape in Healthcare:

• An overview of the most prevalent cyber threats targeting healthcare organizations today, with a specific focus on their impact on revenue cycle operations.
• Insights into how recent high-profile breaches have affected patient data security and disrupted healthcare financial processes.

2. Regulatory Compliance and Standards:

• Understanding the critical regulations that govern healthcare data security, including HIPAA and HITECH, and their specific relevance to revenue cycle management.
• Best practices for maintaining compliance, developing redundancy, and implementing resiliency initiatives to ensure uninterrupted claims processing and reimbursement.

3. Developing Robust Security Frameworks:

• Strategies for integrating comprehensive security policies into the revenue cycle management workflow.
• The importance of continuous monitoring, leveraging threat intelligence, and implementing effective incident response planning to protect financial operations and patient data.

By advocating for a holistic approach to cybersecurity that involves all stakeholders and leverages cutting-edge technologies, this presentation will provide a comprehensive roadmap for revenue cycle leaders. The goal is to transform cybersecurity practices within their organizations, ensuring a more secure, efficient, and trustworthy healthcare system. In doing so, they can protect sensitive patient information, maintain regulatory compliance, and secure the financial health of their organizations—ultimately benefiting the entire healthcare ecosystem.

Course Participants will be able to:

• Equip healthcare leaders with actionable strategies to enhance their cybersecurity posture.
• Highlight the significance of regulatory compliance and adherence to industry standards.
• Demonstrate the value of building resilient health data systems to ensure continuity and reliability.

What Every Revenue Cycle Leader Needs to Know About Cybersecurity Part 2 Presented by Mike Green

In February 2024, the healthcare sector was shaken by one of the most devastating cyberattacks in its history. For weeks, millions of patients were unable to fill prescriptions or schedule critical care, while hundreds of thousands of providers struggled to submit claims or receive reimbursements. This catastrophic event underscored a stark reality: even the most comprehensive risk mitigation strategies are insufficient without an equally robust incident response plan.

For revenue cycle leaders and billing professionals, the implications of such an attack are profound. The disruption of claims processing and reimbursement flows can lead to significant financial instability, erode trust with providers and patients, and jeopardize the overall operation of healthcare systems.

This presentation will explore the cyberattack’s key lessons and explore actionable
strategies for safeguarding your organization against similar threats. While no solution is foolproof, the industry must prioritize not only prevention but also rapid recovery, ensuring that clearinghouses and billing systems can maintain continuity even in the face of severe cyber threats.

Key topics include:

4. Potential Cybersecurity Regulations for Healthcare Clearinghouses:

• A look into the latest regulatory developments aimed at enhancing the cybersecurity posture of healthcare clearinghouses and billing companies.
• How these regulations, if implemented, will affect revenue cycle management and what steps organizations should take to comply.

5. Building Resilience in Health Data Exchange:

• Techniques for ensuring the resilience of health data systems against cyber threats, with a focus on maintaining the integrity of financial transactions.
• The role of accreditation and certification in strengthening data exchange infrastructure, with an emphasis on organizations like DirectTrust.

6. Fostering Trust Among Stakeholders:

• The importance of transparency and proactive communication in building trust with patients, providers, and payors.
• How revenue cycle leaders can engage stakeholders in cybersecurity efforts, leveraging technology to enhance trust and secure financial data exchanges.

By advocating for a holistic approach to cybersecurity that involves all stakeholders and leverages cutting-edge technologies, this presentation will provide a comprehensive roadmap for revenue cycle leaders. The goal is to transform cybersecurity practices within their organizations, ensuring a more secure, efficient, and trustworthy healthcare system. In doing so, they can protect sensitive patient information, maintain regulatory compliance, and secure the financial health of their organizations—ultimately benefiting the entire healthcare ecosystem.

Course Participants will be able to:

• Equip healthcare leaders with actionable strategies to enhance their cybersecurity posture.
• Highlight the significance of regulatory compliance and adherence to industry standards.
• Demonstrate the value of building resilient health data systems to ensure continuity and reliability.

Speaker Bio:
Mike Green is an engaging and innovative information technology, security, and risk professional with over 20 years of experience in diverse global roles. He served as the Global Leader for Threat Intelligence and Security Operations at Deloitte for a decade, where he developed Deloitte’s Global OSINT and threat research organizations, providing essential service solutions to firms and clients. Mike has also contributed as an AI Leadership Council Member at Ai4 and is a full-time Commissioner at EHNAC, which sets standards and accredits organizations that exchange healthcare data.

Currently, as the Chief Information Security Officer at Availity, Mike leads the creation and implementation of robust security strategies and policies that align with Availity’s mission to facilitate secure and efficient healthcare data exchange. He ensures compliance with industry regulations such as HIPAA, HITECH, and other relevant standards, conducting regular audits and assessments. Additionally, Mike oversees the execution of incident response plans, ensuring swift and effective management of security breaches.

Recently, Mike played a pivotal role in developing proposed regulations presented to Congress, aimed at enhancing the cybersecurity posture of clearinghouses and strengthening the resilience of our healthcare infrastructure against cyberthreats. His efforts are instrumental in advancing national security measures and safeguarding sensitive healthcare data from emerging threats.