Outsourcing Managed Security Services May Protect Health Care Data, Mitigate Cybersecurity Risks

Health care security leaders struggle to keep up with cybersecurity threats and staffing shortages, but outsourcing managed security services may help mitigate risks and protect patient data according to HealthTech concerning findings from the 2024 CDW Cybersecurity Report. 

“According to new research conducted by CDW, only 14 percent of health care IT leaders surveyed report that their organizations’ IT security teams are fully staffed,” the article shared. “Most organizations (57%) say that they only occasionally need more help or say that it would be nice to have more help. However, nearly 30% of IT leaders say that their organizations are understaffed or severely understaffed.” 

Security automation tools can assist health IT teams in managing routine maintenance tasks, a top stressor for health IT leaders. However, many organizations do not have enough budget to invest in security initiatives, with more than a quarter reporting insufficient resources for cybersecurity.

Having visibility into a health care organization's IT ecosystem is crucial for detecting and responding to cyberattacks, but only 47% of health IT leaders feel very confident in their level of visibility. Network monitoring, identity, and access management, security information and event management (SIEM), and endpoint security tools are considered the most effective ways to improve visibility.

Cybersecurity issues impact all areas of an organization, not just IT. Lack of budget is a common concern, with a quarter of respondents reporting insufficient resources. Health IT leaders can lessen stress by demonstrating the benefits of cybersecurity investments to executive leadership, often through improvements in operational efficiency and user convenience. Other recommended tactics included demonstrating the cost of a data breach and associated regulatory fines and explaining the value of brand trust. Another approach could be to connect a security budget “into a larger initiative such as a digital transformation project, customer experience or a modern workplace initiative.” 

The report highlights that providing proper resource coverage, equipping the team with a robust tool budget, and offering certification and education opportunities are key to retaining IT security staff. Health IT leaders are concerned about hours worked, a lack of tools, regulatory compliance, and a lack of awareness about cybersecurity. Security training is viewed as valuable by over three-quarters of leaders surveyed. Despite this, approximately 34% of health care leaders feel that their organizations lack sufficient or effective employee training for cybersecurity, putting patient data at risk.

Health IT leaders have identified gaps in their organizations' cybersecurity approaches, including insufficient threat detection, understanding of staffing needs, and planning for incident response. Concerns about the impact of AI on security also exist, with 31% of leaders lacking a complete understanding. IT staff shortages can hinder meeting technology and security goals, leading many health systems to turn to managed services. In fact, 80% of surveyed health care security leaders find managed security services like security operations centers and advisory services helpful for their organizations' security initiatives.

Only 32% of health care professionals surveyed stated that their organizations do not outsource any security initiatives. Security training, vulnerability assessments, and third-party risk management are the most outsourced areas of security programs for health systems. By supporting internal IT teams with managed security services, organizations can enhance their security posture and prevent staff burnout. It may be essential for health IT leaders to implement a comprehensive cybersecurity and incident response strategy to safeguard their bottom line, maintain patient trust, and ensure continuity of care in the face of potential data breaches.

Reference
Scott J. New CDW research report: shortages impact healthcare cybersecurity strategies. HealthTech. June 10, 2024. Accessed June 11, 2024. https://healthtechmagazine.net/article/2024/06/new-cdw-research-report-shortages-impact-healthcare-cybersecurity-strategies