Regardless of political and philosophical differences over how to pay for healthcare, there’s general agreement that at least from an IT perspective the healthcare industry has never been more dynamic. In fact, a 2017 Leadership and Workforce Study published by the Healthcare Information and Management Systems Society (HIMSS) finds that electronic health care records coupled with new types of patient engagement systems remain high priorities across the sector.
At the HIMSS 2017 conference this week, the dichotomy between the need to exploit IT to achieve those goals and the challenges associated with managing and securing patient data will be on display in full force. As is often the case in any industry, though, the primary issue is that the desire to deliver a better customer experience using IT is once again running ahead of the healthcare’s industry ability to secure data.
Why healthcare systems are an attractive target
Cybercriminals tend to focus on healthcare systems because the records stored in these systems are among the most valuable. Healthcare records loaded with multiple types of personally identifiable information (PII) typically sell for well north of $50 each. The trouble is healthcare organizations are frequently not much better at IT security than any other organization. A recent report published by IBM finds that nearly half the cyberattacks launched against healthcare organizations involved some type of malicious data input using well known threat vectors such as operating system or SQL injection commands.
As healthcare organizations become digitally savvy, there’s a corresponding increase in opportunity for managed service providers. The challenge is getting those healthcare organizations to balance their technology investments. By and large, most healthcare organizations would prefer to devote as much of their resources as possible to life-saving technologies rather than spending money trying to manage and secure massive amounts of structured and unstructured data. What funds are allocated to traditional IT are typically focused on applications designed to improve the patient experience.
Waking up to IT security risks
Like every other industry there’s a natural inclination to pour significantly more money into developing applications than into making sure those applications can be securely accessed. Yet, it’s often a security breach involving, for example, ransomware that winds up making that healthcare organization the focus of regulatory and media attention for all the wrong reasons.
The good news is it’s usually not too long after a breach that a healthcare organization starts to appreciate the value of an MSP. The bad news is providing the level of security required all too often requires fundamental changes to an application. As just about everyone in IT knows, it’s several orders of magnitude more expensive to fix an application in production than it is during the development process.
Unfortunately, not every healthcare provider is equally well funded. The smaller the healthcare provider, the more challenged they tend to be when funding IT. Nevertheless, it’s not possible to operate a healthcare facility without first making sure IT is functioning smoothly, and therein lies the opportunity for MSPs. The challenge MSPs face is finding a way to deliver those IT services at a cost the average healthcare organization can afford. After all, for every Massachusetts General or UCLA Medical Center there are thousands of smaller hospitals and clinics in desperate need of a cure for the most basic of IT ills.