Most IT Departments understand at least some of the risks on their hospital’s network. And many do the best they can to patch things up with the resources at hand. The problem is often underscored in the fact that users have a lot of demands and there are only so many hours in the day to address them.
That is, along with keeping your hospital secure from ransomware threats, data breaches and being secure enough for HIPAA standards [link to assessment] to maximize Medicare payments (think MACRA).
But this “patching approach”—where you are running after quick fixes to make sure things are working today—leaves your hospital even more vulnerable tomorrow. The problem that most rural and critical access hospitals face when it comes to IT support is not having adequate, competent teams at the ready to assist users and proactively protect your network from falling to ransomware because there simply isn’t a large pool of talented healthcare-focused IT Support in rural areas at the ready to assist day to day to make sure your hospital, your EHR system and ALL of your data are backed up and safe from ransomware.
Today I want to walk through some of the things your IT Support team might be thinking about, but might not be getting around to address to ensure your hospital is secure and some solutions you might consider to fix pressing security issues.
We’ll get to it tomorrow—as I alluded to above, many IT Support teams in healthcare are confronted with two choices. They can either keep your network secure OR help the person in medical billing or pharmacy with an issue that is impacting their job NOW. I’m sure most folks would opt for helping the person on your staff that needs a little IT attention rather than following through with making sure your security patches are updated or your data is actually getting backed up.
Because of the demands on health IT professionals, many hospital IT departments (and even outsourced IT support) end up resorting to pushing back much needed IT security patching and data backup activities to tomorrow. But the cold truth is there are going to be another string fires that will need fighting tomorrow and that much needed patching will end up as deferred maintenance (likely taking years to complete—that is, if it gets completed at all!).
We get that hospital IT Support teams get inundated with problems. That’s why we have a team of experts aimed at hospital IT security—folks monitoring your network for suspicious activities, patching any vulnerabilities on your network, and ensuring that your EHR system is secure and your patient data (and staff data) are encrypted. (An entire other team fields hospital user’s calls 24/7/365 and is able to fix over 80% of hospital IT issues on the first call—within 15 minutes!).
Experts have underscored that the majority of cyberattacks on hospitals—57% of attacks—were from vulnerabilities that someone on the IT team new about, but didn’t have time to get around to. Are you willing to play the odds with “I’ll get to it tomorrow”?
More people means better security—many hospital administrators head to IT Department demands for additional staff members. The argument we hear time and time again is that hiring more people will give our hospital better security. While I wish more people was the quick fix answer to cybersecurity issues, the reality is that hiring more people DOES NOT mean your hospital’s network will be any more safe.
The heart of the issue for most hospitals is in their actual processes. With broken or underperforming processes guiding workers through their days of supporting hospital users and spending countless hours trying to keep your network working, they overlook critical components to keeping it secure.
I again refer to the “patching paradox”, whereby many hospital IT Departments patch their problems by simply hiring more bodies to fill seats. With profit margins slimming in rural and critical access hospitals, administrators need to make hard decisions about where to allocate precious resources. How much can you afford to recruit and retain talented IT support? Some hospital administrators we’ve talked to have revealed that it’s almost as hard hiring qualified IT technicians in their county as it is hiring a qualified doctor. It’s hard to find folks willing to dedicate their lives to rural care (especially with growing demands in nearby urban centers).
Considering an alternative of outsourcing to a hospital IT support group that understands rural healthcare could help you augment growing demands for IT security and support, while maintain an internal IT department. We can even help you maximize your IT budgeting (just ask one of our solutions engineers cost your IT budget to maximize reimbursements.
Problems with process—as I mentioned above, process is often the real issue when IT Departments ask for more head count. What I mean by process is that your team is probably not implementing IT the way it should be in 2018. Have they automated repetitive tasks that if done manually may result in errors? Have they documented precisely how to patch your network? Have they automated the patching process at all? We use automation to not only cut costs from un-needed work, but also to make security and support more reliable. Have they documented how to resolve issues so that they can quickly fix an issue if it comes up again? If you were to follow your IT staff around for a week, you might notice that they are not following a process or aren’t thinking about ways to improve a broken process.
Just to put broken or unfollowed process in perspective, on average, a hospital IT support team spends just over 150 hours a week managing vulnerability response (that is with 4 full time staff). Most rural hospitals don’t even have 4 fulltime IT staff to get the work done! If they don’t have rock-solid processes and automation to help them get through network monitoring and maintenance quickly, they likely are keeping your network in the exactly the same state they found it whenever they joined your staff (If I had to guess, your network security likely hasn’t changed much since the time you implemented your first EHR platform).We’ve automated many of these processes to streamline hospital IT proactive security and network monitoring, which cut down on your costs and help keep your teams running.
Problems prioritizing issues—prioritization is probably the toughest part of hospital IT. Your IT team needs to figure out (1) who has priority for support (where are your critical departments in need of the quickest IT support), (2) how much of their time should be dedicated to fire-fighting vs proactive network monitoring and maintenance and (3) how to prioritize projects that will help your hospital operate more efficiently or securely. Prioritization is often hard for IT departments to understand, especially if they’re not focused on supporting a strategy.
Will your hospital be able to survive a ransomware attack? Consider a FREE 37-point ransomware vulnerability assessment.
