Ask an MSP ExpertQ: We have a growing number of healthcare clients. Maintaining their security used to be not that much different from our other customers, but with the explosion of IoT, there are so many more threats that they are susceptible to. How can we keep our healthcare clients’ data safe?

For the answers to this increasingly complex issue, Smarter MSP reached out to LaToya Lee, Quality and Regulatory Lead at Clarkston Consulting. Clarkston works with pharmaceutical, medical device, and biotech companies to help them address the critical industry trends, from artificial intelligence and IoT to new regulations and patient expectations.

The question of how to keep healthcare client’s data safe is a complex one. IoT has introduced torrents of healthcare data into the ecosystem, data that used to be protected behind walled gardens or centralized somewhere. Still, Lee says, the most important aspect of data security isn’t a technical one.

“We need to focus first on education and not just on the patients. It’s doctors, caregivers, and basically anyone in the ecosystem that needs to fully and completely understand the how, where, when, and why of their data. From how it’s being accessed, where it’s being stored and shared, when it’s being accessed, collected, or recorded, and why it’s being used,” advises Lee, adding the focus needs to be on cultivating a reverence for the numbers.

“People underestimate how powerful a culture of respect for data can be – it can go a long way. It’s amazing the things we’re able to do with these technologies, but we have to focus on the basics now so that as innovations keep coming, we’ve got an infrastructure for securely supporting the data,” Lee explains.

MSPs as educators

This is where MSPs can play a large role. You can’t be in a client’s office every day, but you can hold workshops with employees and work with the company’s CISO to build a program that creates a culture of data respect. All the high-tech options in the world aren’t as effective if the respect for data isn’t built into the organization. After an enterprise-wide culture of respect is cultivated, it is time focus on the technical options of medical data security which include encryption, pseudonymization, and multiparty computing.

“Of course, blockchain shows some promise as a solution, but businesses should follow a crawl, walk, run philosophy. Start slow because, though it may be frustrating, it’s important to keep the IoT solutions completely separate from your enterprise systems,” suggests Lee. The cautious approach can help MSPs figure out what works and what doesn’t.

“That can be hard for anyone wanting to dive into all the amazing stuff IoT can provide, but it helps you better assess and understand the implications of the integration and mitigates security risks. You can begin slowly integrating more and more as you validate platforms and points of access,” Lee says.

What is the new normal?

This crawl, walk, run method extends to the ever-changing and growing network of healthcare wearables which needs to be integrated into the system. Lee acknowledges that we are still figuring out what the “new normal” is.

“I think many organizations are learning as they go, unfortunately. On top of that, it’s only going to get more complex. New devices and platforms are rolling out all the time, creating even more access points and opportunities for danger, but few products are carrying strong enough authentication protocols to stand on their own. This means we’re all drinking from the firehose now, which is why it’s important to take it slow,” explains Lee, adding that cost savings and better engagement won’t be worth the risk if there’s a costly breach. Lee stresses that all stakeholders need to be involved in securing data, not just MSPs.

“It’s incredibly easy to start pointing fingers when there’s a breach event, especially as modern technology ecosystems are getting more complex and bringing in more stakeholders, but that’s not going to help. When you think about it, it’s common sense – more eyes on the potential threats means a greater ability to detect and protect. I don’t think it can be the sole responsibility of an MSP or the business. It has to be a partnership with a mutual understanding of the threats and risks, and a commitment to collaboration and continuous risk assessment,” Lee says.

The future of IOT and healthcare

We know that IoT is transforming healthcare and upended years of carefully cultivated best practices of data retention. However, we are still in the nascent stages of this healthcare IoT revolution. The future promises much more change and MSPs need to be ready, and some of that may involve waiting for the public to come fully aboard.

“One of the biggest obstacles for patients is exactly what we’re discussing now – patients see the stories about hacked pacemakers or data leaks more than they see the stories about saved lives. The near future won’t just be about innovations, but also about demonstrative safety and efficacy for patients to speed up adoption,” Lee explains. The more MSPs can safeguard the networks, the more patients will feel comfortable, and the more healthcare clients will adopt the technology.

“The power that IoT and other innovations will give patients to have agency in their care is transformative.” Lee predicts.

MSPs are the hidden hand that can provide comfort to patients during this transformation by ensuring that both their data and health are secure.

Photo: Raw Pixel / Unsplash

Kevin Williams

Posted by Kevin Williams

Kevin Williams is a journalist based in Ohio. Williams has written for a variety of publications including the Washington Post, New York Times, USA Today, Wall Street Journal, National Geographic and others. He first wrote about the online world in its nascent stages for the now defunct “Online Access” Magazine in the mid-90s.

One Comment

  1. Not sure what I’m supposed to take away from this article. Nothing unique about healthcare contained in it, just some buzzwords. IoT, okay, but what about it?

    Reply

Leave a reply

Your email address will not be published. Required fields are marked *