In October of 2019, MSSPAlert reported that 491 ransomware attacks happened to healthcare providers within a nine-month period. If that trend continued through the end of the year, it’d reach around 672 total. That’s an alarming amount of cybersecurity attacks that show no sign of slowing down anytime soon.
What’s scarier is that many entities within this industry still ignore this threat. Just 29% of healthcare companies have a full-scale cybersecurity program in place.
By combining both of these statistics, the outlook for practices, pharmacies, hospitals, and senior care facilities seems rather grim. How can the industry that deals with some of the most personal data on Earth withstand this onslaught of attacks in order to protect their patients? The answer to this cybersecurity conundrum? Managed Service Providers (MSPs). MSPs have a unique opportunity to help healthcare companies with their offerings.
Of course, being an MSP is a business. You’ll want to make revenue, that’s always a part of it. However, while you’re in the initial phases of speaking with a practice owner or administrator, you’ll have to gain their trust. To do that, prove to them that you’re an expert in your field. To start, discuss some of the largest cybersecurity attacks as reference. As a refresher, a few of the largest of all time included…
These all have one thing in common; each of them made national news so most people have heard about them already in some capacity. So talking about them will help establish common ground with who you’re talking to. When you want to change the scope of the conversation, switch towards hacks that targeted healthcare companies. Specifically mention ransomware since this attack is so common.
This is your bread and butter. But it doesn’t take an seasoned MSP to realize that healthcare companies deal with a lot of sensitive data. An experienced MSP truly helps healthcare companies protect their patient’s data because they know how to keep information secure while navigating the nuances of the Health Insurance Portability and Accountability Act (HIPAA). They also realize that, as a whole, 40% of healthcare employees display a lack of knowledge in cybersecurity best practices. So they teach their client’s entire staff about proper data and network security.
Effective MSPs utilize off-site backups across multiple locations. The obvious answer is to lieu of natural disasters. However, it’s also because they recognize that cybercriminals actively seek out the protected health information (PHI) that healthcare companies work with. If they crack just one healthcare database, they could make an enormous amount of money. Finally, these individuals are confident enough in their data protection services that they’re willing to take on the risks associated with working as vendor for a healthcare company. They realize that working within healthcare and understand every facet of a BAA agreement.
If I told you that some healthcare companies still keep track of their patient data through a paper filing system, would you believe me?
After reading that you’re probably starting to get a little anxious. But the reality is that 10% of office-based physicians still haven’t adopted some sort of electronic health records (EHR) system. That’s a lot of unencrypted protected health information (PHI) just waiting to get stolen, or lost due to a natural disaster. Not to mention the lack of mobility, organization, and wastefulness aspects.
As an MSP, you have the ability to make healthcare organization’s lives easier by helping them transfer all of their sensitive data to the cloud. Practices who still use paper records will be a hard sell, though. It’s been almost a decade since the majority of the healthcare industry scrambled to switch to EHR systems. So those who still haven’t switched over are set in their ways and don’t like change. They may even have a few end-of-life devices still in use around their office. When approaching these practices as an MSP, they’ll be apprehensive about the concept of having their data stored on encrypted servers. Instead, try focusing on the portability of the cloud and how their employees could access the information they need at any moment securely.
Your existence as an MSP is to ease the work of your clients so they can focus more on their most critical tasks. Healthcare workers have a lot on their plate. In fact, doctors wish they had 50% more time to spend with patients.
If you help healthcare companies by saving them time, a positive trickle down effect happens. First, doctors spend more time with patients so they’ll be able to increase their patient volume which leads to higher revenue. Second, they won’t feel as pressured to fit in as many patients throughout their day so they’ll be less likely to experience burnout symptoms. Finally, your services will shorten their already long work week so they’ll have more time to themselves. All of that happens if you can save physicians even an hour of work per day because of the IT services you provide. Sounds like an easy sell.
We all know the cybersecurity industry is growing rapidly. That’s no secret. But the majority of this growth is in response to the ever-looming threat hackers pose to organizations. Outside of the physical products or solutions you can provide as an MSP to help healthcare companies, the industry needs educated. A 2018 State of Privacy and Security Awareness Report survey found that only 18% of healthcare employees were able to identify phishing emails. This type of social engineering attack is one of the most basic and doesn’t require much effort from the hacker to conduct.
Every healthcare organization’s workforce will eventually receive a phishing email in their inbox, it’s inevitable. But if you properly trained their employees on how to identify these emails, you’ll save them from a huge headache.
Work with the leaders of the healthcare organizations and offer them education courses throughout the year. It doesn’t have to be a huge time commitment from either side. Ask for one day every quarter where you can come in, establish a relationship with their workforce, and train them on best practices. Everyone learns differently, so prepare multiple lessons and activities throughout the training sessions so that everyone grasps the concepts you discuss. Bring plenty of examples of phishing emails and other types of attacks.
Working with a healthcare organization is worth it for an MSP, regardless of the complexities involved with their industry. There’s no doubt that they’re in need of the IT services you have to offer because, as it stands, it feels like their devices will get hacked at any moment.
You have what healthcare companies need, and the best part is that you can start helping them the moment you begin the relationship. If you’re swamped working on large projects for other clients but need to fill up your pipeline with new prospects, look towards healthcare companies.
Customize these complimentary materials to market to healthcare providers on ways you can help them better secure their information, and have more time to focus on caring for their patients.
Matt Moneypenny is an outdoor enthusiast, dog owner, and vinyl record collector. He is the lead Marketing and Sales Analyst at Etactics, a revenue cycle technology company located in Northeast Ohio. Previously, he served as the Senior Content Strategist at streamernews.tv, an online news source for Amazon’s Twitch Interactive, for three years while attending The University of Akron in pursuit of a Bachelor’s of Business Administration in Marketing Management. His passion is to create effective content that drives conversions and creates lasting business relationships.