Well we can begin with the obvious, the same reason a managed service provider (MSP) should not attempt to self-diagnose a medical issue or an office manager should not try to change their own car transmission. Expertise, plain and simple; just like I would not trust my doctor’s cousin, because he says he is pretty handy with a knife, medical practices should not attempt to utilize a friend’s son for the technology work because they are good with computers.
Managed Service Providers are the expert when it comes to managing technology related challenges within any business realm, especially healthcare. Each bringing a team of experts to bear that are accustomed to and excited about attacking the day to day challenges being presented.
One of the main reasons that medical providers try to find other ways to manage their technology is expense. A recent survey completed by Deloitte showed that the average small business/medical practice spends a range of 3.28% and 7.16% of gross revenue per year, and growing. Obviously that is not a small number, so the decision should not be taken lightly.
Here is some other statistics to ponder: (this information was from a recent article from Connect Wise, a managed service providers support company)
Healthcare workers showed significantly less knowledge about cyber security best practices than the general population represented in a larger scale. – This ranges from general practices such as password and document management, to practical understanding of what those threats are and how to fight them.
24% of physicians and other types of direct healthcare providers showed a lack of awareness toward phishing emails, compared to 8% of their non-medical field counterparts. – This again really revolves around education and testing.
50% of physicians scored in the “risk” category, which means their actions make the organizations susceptible to a serious incident. I doubt that friend’s cousin knows anything about “risk” management.
30% of healthcare respondents took unnecessary risk in scenarios related to allowing others access to their office buildings. This puts the physical safety of patent files at risk. – Remind me to tell you about the cleaning crew for a local building here in Jacksonville. They were taking social security and other information from client files to use in the creation of fake passports.
Only 18% of healthcare employees were able to identify phishing emails. They were presented with an email from a suspicious sender with an attachment in the email. 88% of healthcare respondents opened the attachment. Doctors were three times worse at identifying phishing emails than their non-physician counterparts. – Not picking on doctor’s here, just saying some people are better at some things than others.
23% of respondents failed to identify common signs of a malware infected computer. For example, they were unable to realize that their internet browser was repeatedly sending them to the same site, regardless of the URL they entered – a very strong sign of malware. This really boils down to proper training and testing of everyone within the practice.
18% of respondents chose risky actions when presented with scenarios involving storing or sharing patient data. Many respondents thought it was acceptable to share patient data over personal emails or through cloud based platforms. – Lord, don’t get me started here, through Covid and work at home this is at an all-time high.
So what does all this tell us? Well bottom line it alludes to a fact that healthcare workers are behind when it comes to fully understanding one of the largest daily threats to their practice. These statistics show us that over half of the healthcare providers in the world would fall into a category of “at risk”. That risk represents a very large exposure for the healthcare industry as a whole, be it patient trust, significant financial risk and pure reputation damage.
Everyone within every type of practice or medical service and be trained, tested and protected through the use of the right tools, programs and partners. This is something you and your technology provider should be talking about constantly.
Venture Pointe can provide these services, in some cases for as a little as a couple of dollars per employee. We offer end to end solutions for training, new employee onboarding, testing/scoring and technology based services to constantly protect your network, email and cell phones usage to significantly reduce your exposure and risk. We offer free reviews and action plans to anyone.
We wanted to take a moment to wish everyone a safe and joyous holiday season. We sincerely hope that each of you takes something from our monthly write-up, and welcome any questions or suggestions for us to talk through.
Let’s all hope for a more normal 2021 and remember, not all phishing trips are fun.