Historically, physician practices, hospitals, and health systems in Australia relied on IT vendors to manage their equipment, update business and clinical software, and support their clinicians and staff with tech problems. Those services were typically all that was expected and needed, so IT was considered just another vendor line item on the organisation’s operating expenses.
While healthcare’s goals of delivering high-quality care have stayed largely the same over the years, the industry’s technology needs are immensely different and more critical to clinical and financial outcomes. Here are just a few ways:
- Healthcare data breaches of 500 patient records or more (mostly due to cyberattacks) increased from 199 in 2010 to 707 in 2022, according to data posted in The HIPAA Journal from the Department of Health and Human Services’ Office for Civil Rights.
- The annual number of ransomware attacks on healthcare organisations more than doubled from 2016 to 2021, according to a 2022 study in JAMA Health Forum.
- Telemedicine, administrative functions, and certain support services have seen a notable shift toward remote work. Reimbursable services with a telehealth component grew from 0.15% of all claims in January 2019 to 5.9% in January 2023 – a 3370% increase, according to FAIR Health’s monthly telehealth tracker.
- Smartphone ownership in Australia grew from 35% in 2010 to 91% in 2023, according to The Infinite Dial running survey by Edison Research.
- The cloud is projected to add $100 billion to $170 billion in 2030 for healthcare companies.
- For health systems currently using AI, almost 85% expect a moderate to large increase in investments in the next one to three years.
As such, IT services have evolved with the times, with companies offering a wider scope of services and greater expertise far beyond “tech support.” Leading IT partners like Insight IT now deliver prevention-focused cybersecurity consulting and training, long-term IT road-mapping, and even devote staff to serve as virtual chief information (vCIO) or virtual chief information security (vCISO) officers for customers.
With this broader, more strategic-focused service offering, healthcare organisations gain genuine partners in operations and administration, rather than just another vendor.
Cybersecurity takes centre stage
Protecting healthcare organisations from cyberattacks and responding to unauthorised network access and data breach incidents have always been part of an IT partner’s services. Since 2020, however, attacks have grown at unprecedented levels, requiring greater vigilance from providers and administrative staff, but even more so from the IT partners that support them.
Last year, for example, as many as 95% of health systems, hospitals, and other provider organisations in Australia experienced a cybersecurity incident, with only 5% of respondents stating that none occurred, according to survey results from Claroty.
Worse yet, 78% of respondents reported that the impact of the incident was at least “moderate,” affecting the efficiency of care delivery, including 16% reporting a “severe” impact where patient health and/or safety was affected. For two-thirds (67%) of the organisations, associated costs with these incidents ranged from $100,000 to as much as $10 million.
The growth seems to stem from threat actors sensing a security vulnerability opportunity during the early waves of the Covid-19 pandemic. The volume of ransomware attacks – where cybercrime groups infiltrate and hold IT systems hostage until a ransom is paid – grew so rapidly that in late 2020 the FBI issued a rare advisory, specifically to healthcare organisations on how to protect themselves.
Threat activity, however, has not waned since then as healthcare received an average of 1,410 weekly cyberattacks per organisation, an 86% increase over 2021 and the second most of any industry, noted Check Point Research.
Evolving with the times
These threats and vulnerabilities, as well as the emergence of new technologies like Generative AI, are why IT partners serving healthcare have evolved beyond delivering only stop-gap measures to developing enterprise-wide cybersecurity strategies.
Such a comprehensive approach likely includes elements such as an assessment of all security vulnerabilities, blocking potential entry points, continuous monitoring for threats, rapid response protocols, and backup systems and servers so the organisation can protect data and maintain operations.
Operational continuity is particularly important in communities with provider and hospital shortages. Shutting down a facility or system in these areas for three to four weeks – according to an estimate by an American Hospital Association cybersecurity advisor – due to an incident could mean risking patients’ health and safety.
Unfortunately, in some of these underserved communities, identifying qualified partners that offer comprehensive cybersecurity and strategic IT support can be more difficult. A few key attributes of an ideal IT services partner like Insight IT include:
- Healthcare expertise – Healthcare organisations in Australia may use some of the same IT equipment and applications as other industries, but a qualified IT partner needs to have an in-depth understanding of the complex regulatory environment in healthcare and the unique workflows of clinical and administrative staff. In other words, no other business operates quite like a healthcare organisation. Moreover, the needs of a high-volume orthopedic or dermatology group practice are vastly different than a multi-hospital health system serving an entire state. A true partner needs to understand those differences and have a plan for every type of entity.
- Best-of-breed technology – along with industry knowledge, the IT partner needs to offer and manage best-of-breed technology tailored to the organisation’s needs, whether for clinical or business use, or enterprise-wide. The partner should also offer alternatives if the organisation has already implemented best-of-breed technology that is failing to help it reach its clinical and/or financial goals.
- End-to-end proactive security – Cybersecurity needs to be a major priority for all healthcare organisations, perhaps the most important, considering the potential enormous financial and operational impact associated with an incident. An IT partner must have deep expertise in every aspect of healthcare-exclusive cybersecurity, especially the new tactics used by threat actors.
The safe and secure way forward
Looking back 20 years, when fewer than 18% of physician practices used electronic health records, few experts would have anticipated how information technology has changed healthcare. Thanks to IT, the volume and types of data generated and the speed at which they can be analysed are vastly different than decades ago. Unfortunately, IT also is used as a weapon today to hold provider organisations hostage. Now is the time to devote the attention and resources that IT requires.
The risk is that attention may turn into a costly distraction that begins to detract from the quality of care and experience providers deliver to patients. Instead of waiting for such a crisis, providers who determine a need to improve their IT cybersecurity stance could turn to experienced and qualified healthcare technology experts like Insight IT who can protect their organisations from such internal and external technology-related risks.
Of course, relying on partners for IT services and trusting them with patients’ PHI raises its concerns and risks, including sharing control of systems, loss of some visibility, and potential difficulty communicating. As described earlier, optimal partner selection is essential in mitigating these risks. In addition, when forging service agreements, healthcare organisations should establish their data and systems control and visibility requirements, as well as expectations about communication, scalability, regulatory compliance, accountability, and any other concerns.
Explicitly documenting the healthcare organisation’s requirements and expectations within the agreement can help avoid surprises down the road. It also can increase the likelihood of a successful partnership resulting in secure and protected data and systems, time and cost savings, and proactive support for providers so they can deliver the best outcomes for their patients.