Frank Forte
Preventing cyberattacks: Finding the right strategic partner
May 28, 2024
By Frank Forte
Despite years of efforts to stop it, the problem of cyberattacks in healthcare just seems to grow worse each year, with the latest ones grabbing world headlines in 2024.
Today, healthcare security breaches occur twice as often as they did in 2018, with two large healthcare data breaches reported each day on average in 2023, according to the HIPAA Journal.
In 2023, there were 725 data breaches of more than 500 patient records reported to the Department of Health and Human Services Office for Civil Rights, a record-setting number. The growing prevalence of cyberattacks is evidence that many healthcare organizations are failing at basic security measures and are not consistently adhering to cybersecurity best practices due to a variety of factors that may include budgetary pressures, difficulty recruiting skilled IT security professionals, and confusion about the best measures to improve resilience to cyber threats, according to HIPAA Journal.
However, there is a positive effect of this explosion of cybercrime. The growing problem seems to have catalyzed the healthcare industry, furthering changes that began several years ago as providers balance increasing patient demand for digital tools and digital transformation with the effect of that demand on financial and staffing resources. As the importance and burdens of preventing cyberattacks grow, many providers are deciding that information technology (IT) needs are too much to manage by themselves.
Although this change may represent a shift in mentality for some providers, it may end up being among the most beneficial clinical and financial steps they take to secure privacy for their patients and financial security for themselves.
Rapid changes, growing needs
IT-managed-service partners have assisted physician practices and hospitals for decades, helping them manage equipment, update business and clinical software, and support clinicians and staff with tech problems.
More recently, however, the rapid pace of technological evolution in healthcare has created challenges for providers to keep up. For example, health systems and hospitals have endured massive disruptions as they evolved from paper files to electronic health records (EHRs), with some providers undergoing multiple installations. For example, in 2012, the two largest EHR vendors claimed 28% of hospital beds, but by 2021, they held 72% of those beds.
Additionally, the increasing use of smartphones, cloud computing, virtual care, and artificial intelligence has altered the IT landscape for patients and healthcare organizations.
Throughout these shifts in the market, IT-managed-service providers have endeavored to remain nimble to help clients realize the advantages of new solutions and cybersecurity-enhancement measures. These companies offer a suite of services and expertise that reach far beyond mere “tech support.”
Indeed, leading IT-managed-service providers deliver a broad, strategic-focused service offering that may include providing prevention-focused cybersecurity consulting and training, long-term IT road-mapping, and staff to serve as virtual chief information or virtual chief information security officers.
Asking the right questions of potential partners
It may be daunting for health systems that have not previously investigated engagements with IT-managed services companies to know where to begin. Following are a few questions to ask to help identify the right enterprise-wide cybersecurity and strategic IT support partner:
Do they have expertise in healthcare? In some cases, IT-managed-services providers jump into healthcare sensing a business opportunity, assuming that experience in other industries is sufficient background and preparation. That’s an unwise assumption. While there are commonalities across industries, healthcare is its own entity. Qualified IT partners should specialize in healthcare, and the size of their client base, leadership background, and proven outcomes for clients should reflect that focus.
Do they offer best-of-breed technology? In general, healthcare organizations gravitate toward best-of-breed technology, as the evolution and consolidation of the EHR market shows. Managed-service providers should not only have experience with market-leading technology, but they should be capable of tailoring these platforms to fit the healthcare provider’s clinical and business use cases. Alternatively, for organizations that have already implemented best-of-breed technology that has not lived up to expectations, IT partners should suggest additional options to help providers reach their clinical and financial goals.
How will we be protected from data breaches? Given the financial and reputational implications of data breaches for healthcare providers, cybersecurity must be providers’ highest IT priority. Accordingly, the right IT partner should have established experience and expertise in every aspect of healthcare-exclusive cybersecurity, be highly knowledgeable of the new tactics used by threat actors, and fluent in the complex security and privacy requirements of HIPAA.
Cybersecurity and protection from data breaches have become a critical focus for healthcare providers, but they can’t risk enabling this priority to shift attention from their core mission of delivering high-quality patient care. With IT-managed-service partners, providers can rely on experienced experts to alleviate the likelihood of security breaches.
About the author: Frank Forte is CEO of Anatomy IT, one of the largest and fastest-growing healthcare IT companies, partnering with more than 1,950 clients nationwide, serving 39,000 healthcare staff at organizations including ASCs, physician groups, and hospitals.