MSP Blog Logo

BDR

Business Growth

Cybersecurity

Help Desk

MDM

RMM

Sales & Marketing

Subscribe

Empowering Your MSP Business to Grow and Prosper—One Post at a Time

5 Ways to Improve Your MSP Service Level Agreement (SLA)

Featured Post

5 Ways to Improve Your MSP Service Level Agreements (SLAs)

SLAs are the foundation of your MSP business. They are essential to building strong client relationships and must be clear, reasonable and well-constructed.

Read Now

Healthcare is in Dire Need of HIPAA Compliant MSPs

Posted November 23, 2015by J. David Sims

Healthcare is in Dire Need of HIPAA Compliant MSPs


In a recent KPMG survey of 223 healthcare executives, a full 80 percent stated that their information technology had been compromised by cyber attacks.

Let’s think about this for two seconds… 80 percent!!! Possibly, a portion of the remaining 20 percent had not yet known that they were a part of the 80 percent. After all, how many clients have you taken on only to find that their network was being compromised or had been compromised?

In healthcare especially, the question is not if providers will experience a breach or cyber attack, but rather when. How will they respond, and what will the fallout be?

There are few markets that are in as dire need of qualified, compliant MSPs than healthcare.


Why are So Many of These Cyber Attacks Successful?

The healthcare community has been dragged, nearly kicking and screaming into the digital age. Well, not so much dragged as incentivised, but there's been plenty of kicking and screaming. Now more healthcare information is digital and with that, comes the need for digital security and safeguards.

Many providers are using outdated or insufficient EMR (electronic medical records) software. Many software vendors have products that are not adequate for today’s networked and connected environments. So proper security of these systems is left to each provider. In most cases, security is either very basic or non-existent.

Another issue is how easy it is to distribute ePHI (electronic protected health information). With old paper records, it would be nearly impossible for someone to steal a large amount of records from a provider’s office. However, in the digital world, you can pack an entire office of medical records on nearly any modern USB drive, laptop, smartphone, tablet, etc. In addition, the ability to compromise networks and steal data is very real and not that difficult in smaller, independent provider offices.

The Internet of Things is quickly becoming an even greater problem. More and more “things” are connected than ever before. Copiers, medical devices, watches and more are all connected, and many times within the same environment with no access limitations between devices. This means that someone could hack a respirator pump, and then gain access to a server.

The evolving threat landscape is driven by big payoffs for health records. Threats today are much more sophisticated and rapidly changing. Even a small office breach could bring in tens of thousands of dollars on the black market or the Dark Web. These small, independent providers are low hanging fruit for hackers. In some cases, they are fruit on the ground just waiting for anyone to grab.

 

Top Cybersecurity Threats

Among those surveyed, 65 percent indicated that external hackers were their greatest vulnerability, followed by sharing data with third parties at 48 percent.

When asked what their top information security concerns were, 67 percent said it was malware infecting their systems, and 57 percent cited HIPAA violations.

What this shows MSPs is where their clients’ potential concerns are. It also provides proof that the healthcare market needs quality, HIPAA compliant MSPs. As IT solutions providers, MSPs are qualified to address nearly all of the vulnerabilities and concerns addressed in the study.

Let’s take a brief look at the concern they have about violating HIPAA. Did you know that if a medical provider hires an MSP that is not HIPAA compliant themselves, they are violating HIPAA?

That’s right, MSPs that fully support these healthcare clients MUST also be HIPAA compliant. Don’t let someone tell you that all you have to do is use encryption, follow security best practices and sign a BAA (business associate agreement). There is a lot more to HIPAA compliance than that.

Why would you even want to support a client when you don’t understand, care about or abide by their requirements? That’s bad business! If you are giving HIPAA lip service and not taking it very seriously, it could come back to bite you…hard!

 

Healthcare Attacks and Breaches on the Rise

There is plenty of proof that hackers are able to make much more money by stealing healthcare records (versus other data) and selling them. This makes healthcare clients very vulnerable to attacks and breaches.

The financial sector is still the most attacked, but it has spent 20 years focusing on cybersecurity and protection. Healthcare has relatively ignored these threats until recently. This lack of attention paid to cybersecurity and protection has put a strain on the healthcare industry, especially for small providers.

Many providers don’t have the necessary security in place to even know when they are being attacked. One KPMG client reported a 1000 percent increase in security incidents to their enterprise once they implemented an effective Security Operations Center (SOC) to intercept, interpret and report on threats.

I’ve seen this with our clients as well. In many cases, we put in a Unified Threat Management device accompanied with our remote monitoring and management (RMM) agent, and find out the amount of attacks to a client is in the hundreds or even thousands per day. Healthcare organizations are not well prepared to handle the threats they face.

 

Conclusion

For HIPAA compliant MSPs, the opportunities in healthcare are massive. However, entering the healthcare vertical is no small undertaking. To take on HIPAA, you have to become and remain compliant, learn and stay highly educated and implement continual staff training, to name a few responsibilities. Still, the ROI is certainly worth the investment when done right.

For healthcare organizations, they must incorporate cybersecurity in their environments and develop a strategic plan to defend their networks and ultimately their patient’s data.

MSPs can help these healthcare organizations further by helping them coordinate a cybersecurity action plan and staying actively involved in its enforcement. Providing ongoing awareness and training through multiple formats, like webinars, is also a great service to provide.

MSPs should take a big picture approach when managing cybersecurity for healthcare clients. Their unique needs will yield unique, lucrative opportunities. 


Get much more insight by checking out the full survey and report.


Learn more about the healthcare IT market!

Managed IT Services in Healthcare [eBook]

As the Founder of HIPAAforMSPs.com, David works with members to help them successfully learn, implement and stay updated on HIPAA as it applies to MSPs and create Compliance-as-a-Service offerings for their clients. Featured in MSPmentor, MSP Advisors, Bigger Brains, and our own MSPradio podcast, HIPAAforMSPs.com helps MSPs better understand healthcare IT compliance by offering unlimited useful resources like video content, checklists, mastermind groups, webinars and more! David also owns and operates an MSP business in the Charlotte, NC area.

RMM 101: Must-haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus