As the President of a leading Managed Service Provider, TekHattan, I am exposed to many different cyber threats daily. Our managed clients rarely suffer from these cyber threats as we have proactive, monitored tools in place that help us ensure our clients are covered. Most of these cyber threats show up, unexpectedly, and can often cause a medical provider a lot of money; in some cases, it can even ruin their practices as critical patient data is lost.
Most businesses, healthcare industry included, do not believe they will ever fall victim to a cyber-attack. However, most people do not realize that according to the Ponemon Institute, 55% of businesses with less than 1,000 employees fall victim to a cyber-attack each year.
Contrary to popular belief, small medical practices are more susceptible to cyber threats than their larger counterparts, for the following reasons:
- Small medical practices are an easy target for criminals, who know these firms likely have no protection in place.
- With no protection in place, a serious threat could come in the form of something as simple as an innocent looking email; when the link is clicked the victims’ network is infected and possibly ruined.
- An attack could be committed against a small medical practice simply by a criminal learning the IP address of a network. Most small businesses use consumer grade networking products, which do nothing to protect their networks, and their patients.
- If patient data is “locked” with a crypto virus, a medical provider typically has no choice but to pay the ransom (often, paying the ransom does not actually unlock the files).
- Stolen medical information is highly sought-after on the dark web; small medical firms can have their patient’s data stolen and sold to the highest bidder on the dark web.
I am sure there are people drawing comparisons to their own office while reading this article. Many small businesses do not hold sensitive customer data; however, this is not the case for medical practices. Medical practices hold the most sensitive data on their patients including their social security numbers, medical history, and health insurance information. Imagine the damage a criminal could do with all this sensitive data.
So, what can you do to fix it (short of hiring a professional IT company)?:
- Get a firewall that offers advanced security protection (Cisco Meraki is what we recommend).
- Ensure all office computers are patched constantly, not only Windows, but all applications on the system (your technology is only as secure as your weakest link).
- Verify that there is adequate security protection on each device on the network (At TekHattan, we use an enterprise version of Webroot to protect our clients, which we monitor in real time).
- Be very cautious when opening emails, even if they appear legitimate.
- Never download a file on the computer unless you know exactly what it is (sometimes harder than one can imagine).
- Take backups of everything daily; both on-site and in the cloud.
Sure, this may be easy for a very small office of a few employees, but at some point, the task of maintaining your systems becomes unsustainable. After all, the medical practitioner has patients to see, and the office manager also may have other things to do. Additionally, many people simply know the basics of how to use their computer and are not trained in cyber security. Another concern is the obvious need to abide by HIPPA, which can have severe consequences if found to be in breach of.
Options for hiring an IT Professional in healthcare
There are a few options in handling your Healthcare Business IT Support needs. There are three options when considering the hire of an IT Professional to manage your technology infrastructure, including:
Hiring a Freelancer
- Usually inexpensive
- Gets to know you and your network
- Unreliable, often not able to be there when you need them most (think critical situations)
- Unorganized (Freelancers do not have a central system in place, and are limited to their own devices)
- Will often “nickel and dime” their clients, billing them for anything imaginable on the face of the earth.
Hiring a Full-Time IT Person
- Always there when you need them
- Can use the employee anyway you would like
- Fixed cost (minus overtime, of course)
- No oversight (Unless you are hiring a CTO level employee, oversight is huge to ensure the employee is implementing the right solution)
- Limited Resources (Does not have the right tools to manage the network efficiently without constant manual labor)
- Hard to find a good IT person (The industry is very competitive employment wise, and most good IT people will gravitate to larger firms)
- Cost effective (Know what you are paying each month)
- Organized structure, with plenty of oversight and best practices implemented
- Very efficient (updates for Windows and all applications are pushed through our centralized console)
- Dedicated SLA’s (Technician door to door within 2 hours, remote support within 15 minutes)
- All software costs and cloud fees included providing you with similar efficiency to a large organization.
- Not always on-site (although SLA’s are in place in case you need us)
Obviously, in the comparison above, I compared hiring a freelancer compared to a full-time IT person and TekHattan. I cannot compare a freelancer or full-time IT person to all IT Managed Services Providers, as they are different, I can only speak to our business practices.
At TekHattan we work nationwide from our office in Newark, NJ with our network of on-site technicians across the United States. For those not ready to hire an IT person yet, I hope you found the brief background and steps you can take now to protect yourself useful. If you find yourself ready to take the next step to protect your business, feel free to reach out for a consultation.