Notification: Notification: Visit our COVID-19 resource center - Learn More >

Cybersecurity and Credit Strength

Risk management has always been important for hospitals. Throw in the combination of advancing technology and volatile federal health care policies, however, and its value continues to rise. In fact, according to a recent report from Moody’s Investors Service, Not-for-Profit and Public Healthcare — US: Risk Management Crucial to Success Amid Changing Healthcare Landscape, risk management is more critical than ever as a determinant of hospital credit strength. Here’s a closer look at hospital credit ratings, Moody’s findings, and why all hospitals should take note.

Hospital Credit Ratings 101

In simplest terms, a hospital’s credit rating determines its borrowing power. Which begs the question: What goes into determining where a particular health care organization lands on the scale?

While many things come into play, Martin Arrick, management director of U.S. public finance for Corporate & Government Ratings at Standard & Poor’s, sums it up as follows, “Generally, higher-rated hospitals have a strong financial profile with some combination of a strong balance sheet and income statement. Those hospitals also have a strong market share with trends demonstrating growing volumes and admissions. Often, the hospitals also have unique services that no one else has.”

One increasingly critical variable highlighted by Moody’s when it comes to hospital credit strength? Risk management.

Risk Management and the IT Imperative

Specifically, Moody’s has identified four areas of focus for nonprofits when it comes to risk management, including the following: Information technology (IT) and cybersecurity systems, clinical quality and brand protection, balance sheet health and reimbursement.

There’s a reason why IT claims the first spot on the list. Says Moody’s, “Accounting for roughly 25% – 35% of a hospital’s overall capital budget, IT systems provide benefits in customer service and patient outcomes as well as potential hazards with cost overruns. Risk can arise during installation, optimization and maintenance, while the launch might result in a temporary spike in expenses. Guarding against cyberattacks is another area of concern.”

Indeed, while the potential of technology to facilitate instant, electronic patient data sharing among doctors and hospitals, there are challenges to adoption and implementation. According to the National Center for Biotechnology Information (NCBI), “The security and confidentiality implications of web-connecting the nation’s clinical data are a major impediment to realizing this noble goal.”

Why Credit Ratings Matter

Obviously, a good credit rating can help your hospital borrow more money at more favorable rates. Additionally, it can also help you maintain investment-grade status, which not only influences how much you can borrow and at what rate, but also impacts the returns of current bond holders if they decide to sell.

Lastly, maintaining a good credit rating is crucial for reputation management. After all, would you rather put your trust and health in the hands of an organization deemed to be in a positive or perilous financial position?

Luckily, your hospital doesn’t have to remain at the mercy of your credit rating for long.  A number of tactics are available for hospitals looking to avoid credit downgrades moving forward, starting with monitoring your cash flow, keeping cash-to-debt ratios in check and maintaining a solid cushion ratio. Additionally, everything from expanding your market position to merging with a larger health system can boost your credit profile.

Given Moody’s recent insights, meanwhile, adding investing in risk management and resiliency to your credit strategies may do more than protect your organization and its constituents; it may also put your hospital in a stronger financial position by giving your credit rating a lift.