Issue link: https://beckershealthcare.uberflip.com/i/1524413
11 CFO / FINANCE Hospital cybersecurity spend rockets as C-suites balance growth By Laura Dyrda H ospitals and health systems across the U.S. are increasing cybersecurity budgets, and C-suite executives anticipate spending even more this year. HIMSS surveyed 229 healthcare cybersecurity professionals, with nearly half from healthcare providers, and found 55.3% increased cybersecurity budgets from 2022 to 2023. Organizations historically spent 6% or less of the IT budget on cybersecurity, but that percentage is increasing to 7% to 10%-plus for many hospitals. More than half, 57.5%, of respondents expect cybersecurity budgets to grow again in 2024, according to the report. Bill Pack, CFO of Conway (Ark.) Regional Health System feels the pinch. "ere have been so many larger breaches and they can be so devastating financially and from a reputation standpoint, which further erodes trust with our patients and the industry in general," he said during an interview with the "Becker's Healthcare Podcast." A Change Healthcare cyberattack in February disrupted the revenue cycle and cash flow for hundreds of hospitals, some of which are still recovering. e attack sparked even further increases in many health system cybersecurity budgets, sometimes at the expense of other projects. "We've got to grow, but having the resources to invest where we want to is really being challenged by having to invest so much into IT and into cybersecurity," said Mr. Pack. He said the health system is investing in robust cybersecurity measures and compliance with future data protection and cybersecurity regulations. e Change Healthcare breach spooked large and small systems alike. Even if a hospital makes all the right decisions internally, they are still impacted when vendor partners with less stringent cybersecurity defenses experience a breach. "We're having to spend more money and invest more money in IT soware for cybersecurity and making sure our systems continue to run," said Chris Carmody, senior vice president of UPMC Information Technology Division and Chief Technology Officer of UPMC, during an interview with the "Becker's Healthcare Podcast." "We would rather be investing in new services and growing service lines, and doing all the things we want to do right now, but we're hampered by having to invest so much in IT right now." UPMC is also stepping up internal efforts for cyber hygiene as an important defense mechanism. "It takes everyone at UPMC to help protect our organization from cybersecurity threats because typically people are the weakest link where they clinic on a link or respond to an email and it creates an exposure that we have to deal with. We're focusing on that: keeping cybersecurity front of mind in the already busy minds of our nurses, doctors and techs taking care of patients." UPMC's cybersecurity team continues to upskill and support everyone working at the top of their abilities. Mr. Carmody said the system is exploring different ways to automate identifying threats and preparing for remediation and recovery. "is is all risk management," said Mr. Carmody. "It changes from day to day, hour to hour, based upon what's happening out there in the industry. We're always trying to pay attention to what zero day threats are occurring, not just in healthcare, but beyond, and looking at our own inventory of technologies that we have deployed and making sure we're staying up to date with the patches and fixes. e system is making sure individuals are in the right positions to align with UPMC's mission and protect the organization. "If you don't do [IT hygiene] well, you're really putting yourself in a bad position to combat against all the cybercriminals out there that are trying to be disruptive to the healthcare industry and beyond," said Mr. Carmody. n Chevron ruling may spark lower hospital reimbursement: Moody's By Laura Dyrda H ospitals may see more lawsuits related to reimbursement regulations after the U.S. Supreme Court struck down the Chevron doctrine on June 28, overturning the precedent of deferring to federal agency interpretations during disputes, according to Moody's Investor Services. The ratings agency released a report predicting litigation would "almost certainly" increase and the heavily regulated healthcare industry would likely see litigation related to reimbursement, insurance eligibility and more. Insurers, pharmaceutical companies and patient advocacy groups could "bring lawsuits that ultimately raise costs and reduce hospital reimbursement," according to the report. Hospitals won't likely see changes to their expenses and reimbursement right away since the federal government can still develop rules and regulations, and lawsuits take time to move through the court system and reach a conclusion. The ruling also doesn't mean new lawsuits challenging regulatory interpretation of laws will succeed, according to the report. Some health systems are using the ruling to their advantage, as well. Hackensack Meridian Health in Edison, N.J., sued HHS Secretary Xavier Becerra, challenging the administration's interpretation of Medicare statutes decreasing reimbursement. n