As 2023 ended, it was dismaying to see the final tally of reported data breaches across the healthcare industry, primarily due to cyberattacks against hospitals and health systems. As of mid-January 2024, although not all such breaches had been disclosed, healthcare entities and business associates experienced 725 data breaches of 500 or more patient records for the full year, the HIPAA Journal reported. It was the highest recorded annual volume of breaches since the Department of Health and Human Services’ Office for Civil Rights began tracking the incidents, and more than twice the number of incidents reported in 2017.
Looking into 2024, the growth of cyberattacks and data breaches appear to be catalyzing the industry, accelerating a change that began several years ago as the demands surrounding digital transformation and virtual care began to weigh on financial and staffing resources. The exponential growth of cybersecurity incidents may be the last straw for healthcare providers to finally decide that information technology is no longer something they can manage on their own.
While this operational shift may be difficult for some organizations, it will likely emerge in the coming years as one of the most beneficial clinical and financial decisions they make for their organizations and their patients.
Beyond Cybersecurity and Tech Support
Engaging an IT-managed services partner is by no means a novel concept across healthcare. For decades, physician practices, hospitals and health systems have hired IT services vendors to manage their equipment, update business and clinical software, and support their clinicians and staff with tech problems.
Technology, however, evolved in recent years at a pace much faster than healthcare organizations were able to match due to their own tectonic shift. Hospitals and health systems had undergone a massive disruption switching from paper files to electronic health record (EHR) systems, many enduring the implementation process more than once. As evidence, in 2012, the two largest EHR vendors claimed 28% of hospital beds; by 2021, they held 72% of those beds.
Also in recent years, the growth of smartphones, telehealth, the Cloud and AI has changed and continues to alter the IT landscape, both inside and outside of healthcare organizations.
IT managed services leaders, on the other hand, have remained nimble and helped clients not just react to technological change, but also take early advantage of beneficial new solutions and cybersecurity strategies. Companies today offer a comprehensive scope of services and greater expertise far beyond “tech support.”
Leading IT partners now deliver prevention-focused cybersecurity consulting and training, long-term IT road-mapping, and even devote staff to serve as virtual chief information (vCIO) or virtual chief information security (vCISO) officers for customers. With this broader, more strategic-focused service offering, healthcare organizations gain genuine partners in operations and administration, rather than just another vendor.
Finding the Right Partner
For hospitals and health systems that have not investigated engagements with IT-managed services companies, identifying qualified and experienced experts who offer enterprise-wide cybersecurity and strategic IT support can be difficult. So, when reviewing potential partners, a few questions to ask should include:
- What is their healthcare expertise and experience? Recognizing a business opportunity, some IT-managed services companies have only recently diversified into healthcare, assuming that their experience in other industries will be adequate preparation for this new client base. Certainly, there are commonalities, but no other business operates quite like a healthcare organization. Qualified IT partners will specialize in healthcare. The size of their client base, leadership background, and proven outcomes for clients should reflect that focus. Moreover, the ability to provide expert-led IT assessments and roadmaps at the outset to align with business and strategic objectives is imperative.
- Do they offer and manage best-of-breed technology? The highly concentrated EHR system vendor market demonstrates how healthcare organizations tend to gravitate toward best-of-breed technology. Optimal IT services partners should ensure that if such a platform is chosen, it is tailored to the organization’s needs, whether for clinical or business use, or enterprise-wide. The partner should also offer alternatives if the organization has already implemented best-of-breed technology that is failing to help it reach its clinical and/or financial goals.
- How will they protect the organization from cyberattacks and other data breaches? Cybersecurity needs to be a major IT and data governance priority for all healthcare organizations, perhaps the most important, considering the potential enormous financial and operational impact associated with an incident. An IT partner must have established experience and expertise in every aspect of healthcare-exclusive cybersecurity, be highly knowledgeable of the new tactics used by threat actors, and fluent in the complex security and privacy requirements of HIPAA.
Focusing On What Matters Most
The heightened cybersecurity crisis in healthcare last year led to the U.S. Department of Health and Human Services in December issuing a concept paper for how the federal government aims to support healthcare organizations going forward.
Yet despite these assurances and the multiple public and private entities increasing their attention and resources toward the crisis, the cybersecurity burden ultimately falls to the provider organizations. The risk, however, is that this expanded commitment may turn into a costly distraction that begins to detract from the quality of care and experience providers deliver to patients.
Taking such a risk and shouldering even more IT burden is not inevitable, nor, as many healthcare organizations have discovered, a preferable option. Rather, assigning cybersecurity and IT operational duties to experienced and qualified healthcare technology experts can relieve organizations from these time-consuming duties, reduce associated costs, and enable them to devote more resources to what they do best: taking care of patients.
Frank Forte
Frank Forte is CEO of Anatomy IT, one of the largest and fastest-growing healthcare IT companies, partnering with more than 1,750 clients nationwide, serving 38,000 healthcare staff at organizations including ASCs, physician groups, and hospitals.