The IoT Angle
The healthcare industry has a problem, and MSP security is the solution. On one hand, IoT devices are making medical breakthroughs possible through data accumulation and use. On the other hand, the Internet of Things is leaving bare multiple vulnerabilities, which previously were not so dire an issue. The solution is proper network security, which is designed around IoT devices. That is going to be easier said than done, however.
While installing a security system internally may very well lead to sustainable operations free from cybercrime for a while, unless a healthcare facility specializes in technological solutions, it will again fall behind, forcing increased cost playing security catch-up. Since MSPs do have core needs surrounding security provision, they are more likely to remain cognizant of innovative requirements. In fact, if your MSP does not remain ahead of the curve as regards security, you will most likely lose your competitive edge.
Compounding the issue is compliance. A healthcare facility has strict compliance regulations to which it must adhere. An MSP working with a given facility has shared liability with them. This means if MSP security is not effective, and patient information is compromised against compliance code, then the MSP may also share some of the fines.
What Your MSP Is Up Against
A Metropolitan healthcare institution is likely to have more than a thousand devices, which can be classified as IoT. There will also be legacy equipment, which was not built with today’s security structures in mind. How could they anticipate the kind of threats that today’s healthcare institutions will face? Additionally, an IoT device usually has a lifespan that differs from other computational equipment. It is not beyond the realm of expectation to see devices lasting ten years or more. Often that which is required of them does not substantively change over time, meaning there is no necessity for upgrades soon. When there is legacy equipment, you can expect legacy software with all its vulnerabilities. Do not be surprised to find many healthcare institutions are still running information systems with Windows XP at the helm.
Thankfully, some patch solutions can be brought into play. Additionally, you will find that many security vulnerabilities are of the same category as poor passwords. That is to say, some simple education about best practices in modern security will set them straight.
Increasing Cybercrime Threats
Cybercrime is expected to surpass $2 trillion in cost by 2019. From there, a further increase is projected. Healthcare industries are the most targeted for a number of reasons, not least of which being their ample vulnerabilities and compulsion to pay. A ransomware bug that locks down a computer system could result in the death of a patient. Therefore, a cybercriminal who successfully extorts a healthcare facility is more likely to be paid very quickly should there be no other alternative.
In May 2017, WannaCry, a ransomware bug that entered Windows systems through SMB ports affected around 150 countries. In March 2017, when it was leaked that the NSA had built in the exploitable backdoor which paved way for the virus, a patch was soon released that covered businesses who were compromised. Those who received the patch weathered the storm of the attack. Those who did not have a mess on their hands across the globe. Your MSP can help secure healthcare facilities against this, and ample data demonstrates the need for varying healthcare facilities to adopt such services.
When approaching healthcare clients, it is important to remember that:
- Cybercrime is increasing
- Poor security practices often result in vulnerabilities
- Legacy systems characterize many IoT functions in healthcare
- IoT devices have a longer life cycle
Your MSP security solutions need to account for these factors. Patching, anti-malware, anti-spyware, and anti-virus protocols are all important components of securing health care facilities. Proactive maintenance and security are probably going to be some of the best things your MSP can provide. Education is additionally very important especially considering the prevalence of poor password practices. There are security solutions for the Internet of Things, and clients providing healthcare services need to aware of that.