How Healthcare Organizations Can Pick the Right MSP for Their Security Needs

Why Healthcare Organizations Turn to MSSPs

Along with the potential to fill staffing shortages, MSSPs help address the “constant barrage of attacks on the industry,” according to Christopher Fielder, director of product marketing at Arctic Wolf. Healthcare is an attractive target, he adds, and the stakes have never been higher: “In the best case, an attacker gets lots of personally identifiable information. In the worst case, there’s lost revenue and the potential for patient harm.”

Healthcare’s vulnerability stems largely from a familiar culprit: legacy infrastructure. Organizations may have cutting-edge systems for interpreting radiological images or performing surgeries, but they often work alongside mission-critical monitoring devices running sunsetted versions of Windows, or cloud-based systems with insecure-by-default configurations. “There are so many gaps to fill,” Fielder says.

Tasks such as isolating unpatched devices can quickly overwhelm an IT team. Then, there’s the need to secure networks and endpoints, manage access, watch for threats and respond to them before attacks cripple the system.

“They’re struggling to keep up with the pace of change,” McFarlane says. That goes for policy as well. Many organizations know they’d benefit from scripted playbooks for incident response, but that requires documenting incident response workflows, an effort few have undertaken. “It takes a lot of elbow grease to get to the bottom of what’s wrong.”

That’s why the true value-add for an MSSP is the people the service provides, not just the technology, Fielder says.

“You get a team of experts for the cost of one person. That offers fractional value,” he says. “If you’re a medium-sized hospital, you need incident response, threat hunting, endpoint detection and response, and everything else. You need someone with experience who can be available nights and weekends.”

It’s hard to find security talent, especially when there are multiple hospitals in the same area trying to compete for the same people, Fielder notes.

START NOW: Elevate your cybersecurity with CDW managed services.

How Healthcare Organizations Benefit from MSSPs

Fielder describes the typical offerings of an MSSP in military terms.

Before an attack, or “left of boom,” organizations can benefit from a range of services:

• Vulnerability management involves getting an inventory of all hardware and software in an environment and noting which identities have access to which systems. This helps organizations prioritize their efforts to patch systems or know where to monitor for misuse, Fielder says.
• Identity management ensures users, applications and devices only have access to what they need — and nothing else. That way, if an attack happens, the blast radius is minimized because an attacker can’t get very far, McFarlane says.
• Centralized logging ingests incident logs from disparate threat monitoring tools to provide a single view of where incidents happen, as well as how they’re related. This cuts down on the volume of alerts while providing additional context about incidents.
• User behavior analysis looks at when users log in and what they try to access. This is especially important for healthcare, McFarlane says, as “abnormal access isn’t necessarily nefarious” (for example, a physician logging in after hours to complete notes or review imaging studies).

During an attack, or “the boom,” it’s all about managed detection and response. Here, organizations will want an MSSP that “feels like an extension of the cybersecurity team,” Fielder says. “The right provider will treat you like it’s their own organization, not just another alert on a console.”

After an attack, or “right of boom,” the focus turns to incident response. “You need someone on retainer,” Fielder says. “You need to be able to place one phone call and have a team working to resolve the problem and negotiate within an hour.”

McFarlane cautions that response isn’t the same as remediation: “Organizations will still need to take action.” He recommends ironing out in advance what remediation tasks are the responsibility of the MSSP and which should fall to the health system. Here, an organization’s institutional knowledge will help them identify the right person to manage the situation onsite.

Click the banner below to read the recent CDW Cybersecurity Research Report.

MSSPs Are Poised to Meet the Healthcare Industry’s Needs

Many hospitals and health systems enter discussions with an MSSP believing they have unique security needs related to the demographics of their workforce or patient population. This may be true, but it can be a distraction, McFarlane says: “A well-thought-out, well-deployed, well-architected and well-run security model can fit no matter what’s in place.”

Fielder agrees. Yes, every enterprise seems to have a piece of decades-old, stand-alone client-server architecture, but that’s not what attackers are after. They target the outdated versions of Microsoft Exchange or the devices running Windows XP.

“The processes may be different, but the core components of architecture that attackers will exploit are very similar. We need to drive home that, at the end of the day, it’s still computers, routers, switches and servers,” he says — no matter what EHR system is in place, where a hospital is located or what types of patients are treated.

That said, no MSSP offering should be one-size-fits-all, Fielder continues. For example, a good partner will support an organization’s existing equipment and vendor relationships, and will work with the organization to determine the right cadence for holding meetings, making changes to the built environment, or exploring advanced technology, McFarlane says.

Here, he adds, an MSSP will help an organization keep its eyes on the end goal: “Customizing engagements for a brand-new tool should only be at the tail end of the process. It shouldn’t drive foundational strategy, because that can limit security operations based on their level of maturity.”