Vendor Fraud Prevention in Healthcare: How Nuvance Health Strengthened Vendor Integrity and Improved Payment Strategy
Enjoy the replay of our chat with Scott Skrzypczak, AVP Operations and P2P, Nuvance Health
Watch our Fireside Chat!
Healthcare organizations have never been more targeted by vendor fraud. And the reason isn’t complicated: healthcare payments move fast, vendor ecosystems are massive, and AP teams have to process thousands of changes—often with limited resources and constant urgency.
The result? It only takes one convincing email, one persuasive “bank change request,” or one compromised vendor account for an organization to lose funds, time, and trust.
In the video above, Nuvance Health shares exactly how this risk became real for them—and how they rebuilt their vendor management process into a structured vendor integrity program that proactively prevents fraud, improves compliance, and even creates new revenue opportunities through payment optimization.
This is the story of how one health system turned a painful fraud incident into a smarter, stronger, more scalable vendor onboarding and payment strategy.
This article breaks down why acquisition-driven vendor onboarding is a growing risk area, what happens when processes rely on “security theater,” and how teams can build a scalable vendor authentication approach—especially when resources are limited.
Table of Contents
The Vendor Fraud Reality: It’s Not “If,” It’s “When”
How the Fraud Happened (and Why It Was So Sophisticated)
Why Vendor Fraud Prevention in Healthcare Is Now a Buyer-and-Vendor Issue
The Bigger Shift: Fraudsters Are Targeting Smaller Vendors Now
Why Nuvance Health Took Action: Compliance, Vendor Screening, and Indemnification
Moving from Manual Vendor Vetting to Vendor Integrity
The Smart Vendor Adoption Strategy: Start with Highest Spend + ACH Vendors
The Surprise ROI: Vendor Integrity Enabled Payment Optimization Growth
The Secret to Vendor Adoption: Communicate Before the Invite
Healthcare Vendor Fraud Prevention: What Other Teams Should Take From This
Final Takeaway: Fraud Prevention Isn’t a Project — It’s a Capability
Want More Personalized Support With Vendor Fraud Prevention in Healthcare?
Want Regular Tips About Vendor Fraud Prevention in Healthcare?
The Vendor Fraud Reality: It’s Not “If,” It’s “When”
Healthcare vendor fraud isn’t usually flashy. It doesn’t look like a hacker typing furiously in a dark room. It looks like something your team sees every day:
- A vendor asking to update their bank account
- Invoices attached for payment
- A request that appears routine
- A letter on company letterhead
- An email address that looks legitimate
- A name you recognize in the vendor organization
And that’s exactly what made the fraud attempt at Nuvance Health so dangerous.
As Scott Scripps Hack, treasury and supply chain leader at Nuvance Health, explains in the video above: the fraud wasn’t obvious. It was convincing.
The bad actor had:
- Access to a real email account
- Invoices and account statements attached
- A realistic payment request
- A “bank update” slipped in naturally
- Documentation that looked legitimate
In other words: it wasn’t spam. It was professional.
And it worked.
How the Fraud Happened (and Why It Was So Sophisticated)
The fraud began with a seemingly normal vendor outreach:
“They had attached a couple invoices… and a full statement of our account… and then they slid in, ‘Hey, we’ve also updated our bank.’”
From the AP team’s perspective, it looked like any other vendor bank update:
- Verify documentation
- Update ACH information
- Process outstanding invoices
- Confirm payment
But the vendor never received the funds. The payments went elsewhere—because the vendor’s email account had been compromised.
The most unsettling part? The vendor didn’t know they’d been hacked.
The real vendor’s controller later told Scott:
“You guys alerted us that this fraud was going on… they got 80% of our accounts.”
It wasn’t just one fraud incident—it was a broad vendor-side compromise affecting most of that company’s customers.
And the attempt was so strong that Nuvance’s internal audit and fraud teams called it:
“Without a doubt, the most sophisticated one that they had seen.”
This is a critical reality for healthcare leaders: the best fraud is the fraud that looks like business as usual.
Why Vendor Fraud Prevention in Healthcare Is Now a Buyer-and-Vendor Issue
Vendor fraud is typically framed as a payer problem: “How does AP stop fraudulent bank changes?”
But as highlighted in the video above, it’s also a vendor problem — because vendors can be compromised without knowing it.
That creates a chain reaction:
- Buyer pays funds to a fraudulent account
- Vendor doesn’t receive payment
- Vendor escalates the issue and demands payment
- Buyer must investigate, work with banks, file claims
- Vendor may be placed on hold while the issue is resolved
- Resolution may take months
- Vendor relationship suffers and operational work increases
Even when the fraud isn’t the buyer’s “fault,” the buyer still becomes responsible for cleaning up the aftermath.
And if the vendor is a smaller organization, a delayed payment can be devastating.
As Brian Anderson notes in the video above, if a fraud event is caught too late, vendors may be unpaid for 6–9 months, which can severely impact their cash flow and ability to operate.
That’s why vendor fraud prevention has evolved into something bigger than AP controls: it’s an ecosystem issue.
The Bigger Shift: Fraudsters Are Targeting Smaller Vendors Now
One of the most important modern insights Scott shares is this:
Fraud used to come from “big vendor” spoofing attempts—household names, well-known brands, vendors everyone recognizes.
But that pattern is changing.
“What we’re seeing now is that these fraudsters… are attacking the mom and pop places.”
Why?
Because large enterprises have improved cybersecurity and controls. They’re harder targets. So fraudsters are shifting to smaller vendors that:
- Have weaker email security
- Don’t use MFA consistently
- Don’t have dedicated IT teams
- May not detect compromised inbox rules or folders
- Aren’t monitoring for unusual behavior
In the video above, Scott explains that the three fraud cases caught proactively through PaymentWorks were all local small vendors—the kinds of suppliers healthcare systems rely on for day-to-day maintenance and essential services.
These businesses often don’t realize someone has access to their email account until a customer calls and asks:
“Did you send this out?”
And the owner responds:
“What do you mean somebody has my email?”
This shift makes vendor fraud prevention in healthcare harder than ever — because it’s no longer enough to monitor your own environment. You also need controls that can protect you even when vendors are compromised.
Why Nuvance Health Took Action: Compliance, Vendor Screening, and Indemnification
After the fraud incident, Nuvance Health needed a stronger system to ensure vendor legitimacy and reduce payment risk.
Their priorities included:
1) Better Vendor Screening (Healthcare Compliance)
Healthcare is heavily regulated, and many health systems rely heavily on federal funding. That means strict requirements around who they can do business with.
Scott points to the Office of Inspector General (OIG) exclusion list as one key compliance driver.
The goal: ensure vendors are not flagged as prohibited parties before doing business.
2) Stronger ACH Verification
Their previous ACH verification was manual:
- Call a number on an invoice
- Call customer service
- Get routed repeatedly
- Eventually find someone who understands banking
- Verify details
This approach isn’t just slow. It’s fragile — and fraudsters can exploit it.
3) ACH Indemnification
A major differentiator for them was the ability to reduce loss exposure through ACH indemnification, which became especially meaningful after experiencing fraud firsthand.
In short, they needed a vendor management process that improved compliance, reduced risk, and freed up internal team capacity.
Moving from Manual Vendor Vetting to Vendor Integrity
Before implementing PaymentWorks, vendor verification at Nuvance was:
- A vendor creation form submitted internally
- Manual sanction screenings (multiple sites)
- Manual review
- Manual ACH verification through phone calls
- High time investment from AP staff
And like many organizations, their teams were running at “headroom.”
There was no extra capacity to:
- Clean up the vendor master
- Monitor mergers and vendor changes
- Build a proactive payment optimization strategy
- Report outcomes to leadership
So the new approach shifted the burden appropriately:
“It put the vendor verification back to the vendor.”
Meaning: vendors provide information through a structured, standardized process, and screening + verification is done consistently and auditable.
The Smart Vendor Adoption Strategy: Start with Highest Spend + ACH Vendors
One of the most practical takeaways from the video above is how Nuvance approached implementation:
They didn’t onboard all 6,000 vendors at once.
Instead, they focused on:
- Highest spend vendors
- Vendors paid weekly
- ACH vendors (to leverage verification + indemnification)
While they technically had 6,000 “active” vendors, Scott explains only about 2,000 were truly active in the sense of frequent payments.
In year one, they onboarded about 1,000 vendors — representing:
“85% of our total spend.”
This is an extremely effective strategy for any organization looking to prevent fraud without taking on a massive operational project.
The Surprise ROI: Vendor Integrity Enabled Payment Optimization Growth
The most interesting twist in this story is that fraud prevention created value beyond risk reduction.
By freeing up the vendor integrity team from manual verification work, Nuvance was able to reallocate capacity into payment optimization — including:
- Commercial card expansion
- Accelerated ACH adoption
- Vendor master cleanup and accuracy
- Executive-level reporting
Results shared in the video above:
- Commercial card program grew 75%
- Accelerated ACH program grew 100% (doubled)
That’s real financial impact—transforming what is usually considered a cost center into something closer to a revenue-producing function.
The Secret to Vendor Adoption: Communicate Before the Invite
Vendor adoption is often where good programs fail. Vendors ignore onboarding requests, assume it’s phishing, or don’t understand why a third party is involved.
Nuvance overcame this with a simple but powerful method:
“Reaching out ahead of time… was tremendously successful.”
They contacted vendors first and explained:
- Their vendor process has changed
- PaymentWorks is legitimate and searchable online
- Vendors must complete registration to get paid
- The organization is available to help if needed
That one proactive step dramatically reduced friction because vendors were expecting the invite—and felt reassured that it wasn’t a scam.
Healthcare Vendor Fraud Prevention: What Other Teams Should Take From This
If you’re building a business case for vendor integrity tools, Scott offers a strong perspective: ROI matters—especially for not-for-profit healthcare organizations.
His advice is to look beyond fraud prevention and measure:
- Time reclaimed by the vendor integrity / AP team
- Vendor master accuracy improvement
- New payment optimization revenue
- Reduced fraud exposure
- Compliance strength and audit readiness
The key insight: vendor integrity isn’t “just” risk mitigation.
It’s operational leverage.
Final Takeaway: Fraud Prevention Isn’t a Project — It’s a Capability
Vendor fraud isn’t slowing down. It’s getting smarter, more targeted, and more likely to exploit smaller vendors in your ecosystem.
Nuvance Health’s story shows what happens when a team treats vendor integrity as a capability rather than a one-time fix:
- They prevent fraud proactively
- They protect vendors as well as themselves
- They strengthen compliance and screening
- They free up internal capacity
- They optimize payment strategy for financial gain
And ultimately, they build a vendor ecosystem that’s safer, cleaner, and more resilient.
Because in healthcare, vendor relationships are mission-critical—and fraud prevention is now part of protecting patient care operations too.
Want More Personalized Support With Vendor Onboarding After Acquisition?
Schedule some time to speak with our team
Want Regular Tips About Vendor Onboarding After Acquisition?
Let us show you how we can help
We’d love to walk through your process with you and talk about security, compliance, efficiency and sleeping better at night.
empty space
© Copyright 2026 - PaymentWorks