Cyberattacks in Healthcare Offer These Valuable Lessons — and Opportunities — for MSPs

Cyberattacks have become almost a daily occurrence, especially in highly regulated industries like healthcare.

Entities like Ascension Healthcare and Change Healthcare (part of UnitedHealth Group) have faced catastrophic cyberattacks recently. This is an area where MSPs can learn valuable lessons — and play a pivotal role in mitigating risk.

“This unfortunately has become a very common tale,” said Esteban Blanco, chief geek officer of Arlington, TX-based Blanco I.T., an MSP that works with doctors’ offices. “It’s just a never-ending story … These hackers want everything and anything they can get their hands on.”

Esteban Blanco

However, this rise in cyberattacks presents an chance for MSPs to step up. Services providers can position themselves as trusted partners capable of addressing the unique security challenges faced by healthcare organizations. By doing this, they can also unlock growth opportunities in this critical sector.

‘Turn a Blind Eye’

Healthcare records contain a patient’s most sensitive information, so it has made them a frequent target for attackers to steal someone’s identity, Blanco said. “If there’s one industry that should have higher standards with security, it’s healthcare.”

Unfortunately, that’s often not the case, Blanco said. In fact, some doctors and even the healthcare industry overall are wary of spending money on security, he explained. “They don’t want to have monitored computers, web protection —the extra security to protect files.”

In some cases, Blanco added, offices are still running Windows 7, which leaves them vulnerable. The general sentiment is that his healthcare clients don’t think they’re large enough to have a cyberattack happen to them. “They turn a blind eye,” he noted.

The Employee Firewall

MSPs should be educating their healthcare clients, providing security training and recommending multifactor authentication (MFA) and monitoring, urged Blanco.

“It comes down to training. Every employee is a firewall … You want the ability to [use] monitoring software that provides alerts.”

Mark Manglicmot

But it can be a tough sell with healthcare entities, especially small ones, Blanco added. “You can lead a horse to water, but you cannot force the horse to drink the water. You have to have these conversations with clients … and convince them that they’re a target.”

Tactical Response Best Practices

The industry cannot keep the blinders on. Cyberattacks in healthcare are wide-ranging and frequent, and business email compromise (BEC) is the top technique attackers use, noted Mark Manglicmot, senior vice president of security services for Arctic Wolf. “They’re really easy to execute and they have a high reward.”

To battle these attacks, organizations should consider having security operations for 24/7 monitoring capabilities across the entire network.

When responding to a cyberattack, both MSPs and their clients have responsibilities, shared Randy Boldyga, CEO of cloud-based medical software provider RXNT, a Change Healthcare partner:

• MSPs must advise clients to activate their incident response plan immediately upon discovery of the cyberattack. This includes isolating affected systems, assessing the extent of the breach, and securing backups.
• They must encourage transparent communication internally and externally to inform employees, customers, and stakeholders promptly about the incident, the potential impact, and what steps are being taken to mitigate it, he added.
• It’s up to the business to ensure they comply with data breach notification laws and regulations, Boldyga stressed. “Different jurisdictions may have specific requirements regarding when and how affected parties need to be notified.”

Randy Boldyga

Further, MSPs may recommend conducting a thorough forensic investigation to understand how the breach occurred, what data or systems were compromised, and whether the attackers still have access.

They should also suggest a review of cybersecurity measures, such as updating software, enhancing network security, and improving employee training on security protocols. MSPs can also help clients conduct a risk assessment to understand the potential impact of the breach on their operations, reputation, and financial status, he said. This includes developing a plan to manage and mitigate these risks.

Sustained Security Efforts

Along with these suggested steps, MSPs should emphasize the importance of ongoing monitoring. This will keep an eye out for any signs of further intrusion or malicious activity even after the initial incident is contained, Boldyga explained.

“These actions will need to be tailored to the specific circumstances of each cyberattack and the organization involved.”

9 Opportunities for MSPs

MSPs can consider several strategies to be more valuable to healthcare clients:

1. Enhanced Cybersecurity Offerings: MSPs can strengthen their cybersecurity services specifically for healthcare clients. This includes offering advanced threat detection and prevention solutions, encryption services, and robust data protection measures.
2. Compliance Expertise: Healthcare organizations must comply with strict regulations such as HIPAA (Health Insurance Portability and Accountability Act). MSPs can ensure that their clients’ IT environments meet these regulatory requirements, offering compliance audits and implementing necessary security controls. In addition, they can offer ongoing managed compliance services.
3. Incident Response and Recovery: MSPs can develop specialized incident response and recovery plans. This includes rapid response capabilities, data recovery services, and proactive measures to minimize downtime and data loss during and after a cyberattack.
4. Education and Training: Many cyberattacks exploit human error. MSPs can provide ongoing education and training programs for healthcare staff on cybersecurity best practices, phishing awareness, and data handling procedures.
5. Telemedicine and Remote Work Offerings: MSPs can play a role as telemedicine and remote work in healthcare grows. Services offered can include secure telecommunication solutions, virtual private networks (VPNs), and secure remote access services to ensure patient data confidentiality and operational continuity.
6. Risk Assessment and Management: MSPs can conduct thorough risk assessments for healthcare clients, identifying vulnerabilities in IT systems and recommending tailored risk management strategies to mitigate potential threats.
7. Partnerships and Collaboration: Working with cybersecurity experts, legal advisors specializing in healthcare, and insurance providers allows MSPs to offer comprehensive cybersecurity and risk management solutions to healthcare clients.
8. Investment in Technology: MSPs should continuously invest in cutting-edge cybersecurity technologies and tools to stay ahead of emerging threats and provide proactive protection to healthcare clients.
9. Thought Leadership and Thoughtful Marketing: Establish thought leadership in healthcare cybersecurity through webinars, white papers, and speaking engagements. Thoughtful marketing efforts can also highlight MSPs’ expertise in securing healthcare organizations and building trust among potential clients.

Source: Randy Boldyga of RXNT

Image: iStock