Maintaining cybersecurity while managing patient financial assistance

AssistPoint®, in conjunction with a password manager, can enhance your organization’s password hygiene

By Sarah Provan

The stakes of cybersecurity in health care

When a cyberattack on Change Healthcare, a subsidiary of UnitedHealth Group, was detected in February of this year, it sent shock waves across the spectrum of the healthcare industry. While far from a household name, Change Healthcare nonetheless plays a pivotal role in the country’s health system; according to the company’s website, a third of all U.S. patient records are touched by its technology.1

The American Hospital Association found that 94% of hospitals were financially impacted by the cyberattack.2 Patients have felt the impact as well. In addition to the risk of identity theft due to potential exposure of personal health data,3 patients have experienced difficulty accessing care due to delays in prior authorization processing, and disruptions to copay assistance that have forced them to either go without essential medications or pay for them out of pocket.4

Although the U.S. Department of Health and Human Services (HHS) has described the Change Healthcare cyberattack as “unprecedented” in its magnitude,5 the incident is part of an alarming trend.

According to HHS:

“The healthcare sector is particularly vulnerable to cybersecurity risks and the stakes for patient care and safety are particularly high. Healthcare facilities are attractive targets for cyber criminals in light of their size, technological dependence, sensitive data, and unique vulnerability to disruptions. And cyber incidents in healthcare are on the rise. For instance, HHS tracks large data breaches through its Office for Civil Rights, whose data shows a 93% increase in large breaches reported from 2018 to 2022.6

In health care, the stakes of cybersecurity can truly be life and death. For instance, research from the University of Minnesota showed a 20% increase in in-hospital mortality in patients hospitalized at ransomware-stricken hospitals during the time of the attack compared with those discharged in the five weeks prior.7

As bad actors ramp up the frequency and sophistication of their cyberattacks, it’s critical that healthcare organizations take every precaution to guard against them.

Password security: your first line of defense8

A strong password, coupled with awareness of these common hacking methods, can go a long way in protecting sensitive data from cyber threats:

  • Brute force attacks in which every possible combination of characters is attempted until the correct password is found
  • Dictionary attacks in which attackers go through a list of common passwords and phrases to guess the correct one
  • Phishing attempts wherein attackers use misleading emails or websites to trick individuals into disclosing their passwords
  • Rainbow table attacks which utilize precomputed tables to crack password hashes
  • Credential stuffing in which, after successfully learning the username and password for one account, attackers try that same combination on other accounts to see if it has been used in multiple places

Strong passwords are long, complex, and unpredictable. Each character added to a password enhances its security exponentially, while using a combination of uppercase letters, lowercase letters, numbers, and special characters makes the password much harder to guess. Avoiding common passwords like sequential numbers or letters, the word “password”, or any known personal details (names, birthdays, anniversaries, etc.) helps prevent hacking, as well.

The challenge of password hygiene in managing patient financial assistance

Creating a strong password is just one component of good password hygiene, which is critical to avoiding cyberattacks. Password hygiene also involves9:

  • Changing passwords regularly
  • Not writing down passwords
  • Not sharing passwords with others
  • Using a unique password for each account
  • Enabling multifactor authentication, which adds a layer of security by requiring a second credential such as answering a security question, scanning a fingerprint, or entering a code received by text or email10

Good password hygiene can greatly improve account security; in fact, according to Microsoft’s 2023 Digital Defense Report, the use of multifactor authentication reduces the risk of having an account compromised by 99%.11

Of course, the more accounts you have, the more difficult—and vital—it is to practice password hygiene.9

For anyone who manages patient financial assistance, this can be a significant challenge. Managing assistance typically involves signing into dozens of individual patient support program portals each day, leading to security risks in addition to inefficiencies. The prospect of creating, remembering, keying in, and regularly changing unique passwords for each program is daunting. Yet with sensitive health and financial data on the line, password security is paramount.

How AssistPoint can help your organization practice password hygiene while simplifying financial assistance management

Fortunately, there’s a way to minimize the passwords utilized to manage patient financial assistance without compromising cybersecurity: AssistPoint.

AssistPoint is Annexus Health’s comprehensive software platform that accelerates the management of financial assistance and access services for healthcare organizations, helping patients get the care they need by proactively identifying available resources, streamlining enrollment, and facilitating the management of assistance.

AssistPoint is digitally integrated with an ever-growing list of patient support programs offered by a host of leading life science companies and charitable foundations, creating a two-way, secure information exchange that streamlines the application, enrollment, and fulfillment processes. All integrated programs use a standardized digital enrollment form within AssistPoint, which is automatically prepopulated with demographic information from the practice management system, eliminating the need to fill out multiple repetitive forms and connecting patients to available assistance faster. With digital integration, program communication delays are reduced, award approval notifications are sped up, and accurate, up-to-date award balances are easily accessible.

Because all of this is accomplished directly within AssistPoint, there is no need to sign into each individual patient support program portal; your login credentials for AssistPoint are all you need.

Moreover, AssistPoint has achieved HITRUST Risk-based, 2-year Certification, validating Annexus Health’s commitment to strong cybersecurity and meeting key regulations to protect sensitive data.

Among other cybersecurity measures Annexus Health has taken, multifactor authentication has been enabled for all internal employees and is currently being rolled out to external customers as well.

The benefits of using a password manager along with AssistPoint

While many patient support programs are digitally integrated with AssistPoint, those that are not can be accessed via quick links in AssistPoint that direct users to the appropriate program portal to complete the traditional enrollment process. As this will require signing into the individual program portal, using a password manager can help keep the enrollment process both simple and secure.

A password manager is a digital tool that lets you consolidate and secure your login credentials for multiple websites and apps using a single master password. To set it up, create a strong master password that will serve as an encryption key; the password manager will then establish a secure password vault to store these credentials. When logging into a patient support program portal, you can allow the password manager to save and encrypt your login details so that it can automatically fill in your credentials on future visits to give you a seamless, secure login experience.12

For the best user experience, it’s important to store the URL of the site each password is associated with within your password manager. This often-overlooked step enhances the use of links within AssistPoint.


Cybersecurity is critical in every aspect of health care, as underscored by recent cyberattacks affecting major industry players. Strong password hygiene, including complex and unique passwords and multifactor authentication, is vital for protecting patient data. AssistPoint can enhance your organization’s cybersecurity while optimizing your process for managing patient financial assistance; pairing AssistPoint with a password manager simplifies login processes, reduces risks, and safeguards sensitive information while ensuring efficient access to patient support programs.

That’s why life science companies should do everything possible to ensure every eligible patient can access their intended treatment. Annexus Health can help them do it.

About the contributor

Sarah Provan

Sarah Provan is Vice President of Operations at Annexus Health, overseeing the Implementation, Support, Content, Training, and Technical Program Management teams. Her background encompasses over 15 years of healthcare IT experience, driving strategies to enhance growth, revenue, and efficiency across organizations.

References: 1. Change Healthcare. Change Healthcare. Accessed April 30, 2024. 2. American Hospital Association. AHA survey: Change Healthcare cyberattack significantly disrupts patient care, hospitals’ finances. March 2024. Accessed April 30, 2024. 3. Tahir D. Hacking at UnitedHealth unit cripples a swath of the US health system: what to know. Kaiser Health News. Updated March 1, 2024. Accessed April 30, 2024. 4. Bendix A, Silva D. Patients struggle to get lifesaving medication after cyberattack on a major healthcare company. NBC News. March 6, 2024. Accessed April 30, 2024. 5. Rainer MF. Re: Cyberattack on Change Healthcare. U.S. Department of Health & Human Services. March 13, 2024. Accessed April 30, 2024. 6. U.S. Department of Health and Human Services. Healthcare sector cybersecurity. December 2023. Accessed April 30, 2024. 7. McGlave CC, Neprash HT, Nikpay SS. Hacked to pieces? The effects of ransomware attacks on hospitals and patients. October 4, 2023. Accessed April 30, 2024. 8. Gunnell M. How to create a strong password: 5 expert tips for immediate use. Techopedia. January 16, 2024. Accessed April 30, 2024. 9. Davidson M. Password hygiene. GlobalSign. November 22, 2022. Accessed April 30, 2024.,common%2C%20or%20easy%20to%20hack. 10. Dashlane. 7 Password hygiene best practices to follow. Dashlane. February 24, 2023.  Accessed April 30, 2024. 11. Microsoft Threat Intelligence. Microsoft digital defense report 2023. October 2023. 12. Rouse M. Password manager. Techopedia. February 13, 2024. Accessed April 30, 2024.