Arraya Insights | August 25, 2015
Extended care facilities put a lot of faith in their IT vendors to supply the advanced, secure technologies they need to ensure residents receive a high level of care and service. However, the very same vendors those facilities are counting on could inadvertently be leaving sensitive data – including resident’s protected health information (PHI) – exposed.
Organizations within the healthcare field are becoming a favorite target for hackers. It doesn’t matter if they’re a nationwide insurance provider or a local extended care organization, they could still be targeted. The financial costs associated with such an event can be extremely damaging. In fact, come 2019, breaches are projected to cost organizations across all industries a truly dizzying $2.1 trillion. The other part of the fallout from breaches, namely the loss of trust from the users whose data was impacted – be it residents, internal staffers, etc. – can be almost as detrimental.
Vendors doing more harm than good
Considering the costs, facilities need to know their IT partners are doing everything possible to keep private data private. Here are four common IT vendor mistakes healthcare organizations need to be on the watch for:
1. Issues with patches and updates.
An unpatched or out-of-date system is essentially a welcome mat for cybercrooks and hackers. However, vendors who “patch and forget” can also run into difficulties. Patches and updates don’t always work exactly as their makers intended, as a result, regular monitoring by IT vendors is a must. Otherwise, a facility could be lured into a false sense of security.
Takeaway: Arraya’s Managed Services team can take the lead on anything from minor projects like upgrades and patches up to more labor intensive cases like product roll outs and deployments. It all depends on the needs of the customer. The Arraya team has a plethora of experience working with mission-critical technologies, which helps weed out upgrade conflicts before they happen. In terms of regular monitoring, as part of every Managed Services engagement, Arraya deploys its enterprise-grade Alert monitoring platform. This service comes at no additional charge and the info it provides is used to diagnose trouble spots and conflicts much more quickly. In the event that something does go wrong with a patch, Arraya’s team will know about it right away and can get to work removing it.
2. Missing out on suspicious activity.
The length of time from when a data breach first occurs to when it’s detected and remedied can be alarming. Remember the Anthem, Inc. breach? That one potentially involved the personal info of 80 million customers and is thought to have begun in April 2014. The public didn’t find out about it until February 2015. The Premera Blue Cross breach? That attack may have affected the personal, financial and medical information of 11 million customers and it began in early May 2014. It went undetected until Jan. 29 of this year.
Takeaway: The longer they’re in a system, the better chance hackers have at getting their hands on resident’s PHI or employee financial info. This puts additional pressure on IT vendors to keep them out in the first place. One way to do this is with an in-depth knowledge of the latest and greatest security solutions on the market. The other part is having eyes on and knowledge of the availability, health, and performance of customers’ devices and applications – 24/7, 365 days a year. Arraya’s Alert platform provides round-the-clock monitoring to keep facilities off of the defensive and out in front of issues.
3. Lack of specialized industry insight.
The knowledge of most IT vendors doesn’t always extend far beyond the realm of IT. This includes issues that are unique to their customers. Every customer’s situation is distinct and every industry has its own set of rules and regulations, especially the healthcare field. For example, just because a solution or an app worked in a hospital, it could be problematic within the confines of extended care.
Takeaway: IT vendors must invest the time into learning the ins and outs of their customers’ systems. Without that knowledge, it’s possible a solution won’t perform exactly as expected, again, inviting in those who are up to no good. Arraya’s Managed Services team prides itself on seamlessly functioning as an extension of customers’ existing IT teams. Arraya recognizes the importance of learning customers’ environments and creating customized solutions for each job. This way, when something is rolled out, facilities can be confident it’s what they need.
4. Poor change control tactics.
Changes usually equate to improvements so, by their nature, they’re supposed lessen the number of headaches for organizations. Of course, this isn’t always the case. Poorly timed or planned changes can wind up causing more problems than they solve.
Takeaway: Proper planning is essential to making changes. Hassle-free maintenance is the ideal Arraya’s Managed Services team strives to achieve with every engagement. Recurring maintenance activities are scheduled and executed during off-peak periods so as to not interfer with the needs of residents or staff. On top of that, any planned changes are communicated to customers well in advance. All of this promotes changes that are actual improvements and that don’t make customers start seeing red.
Ready to learn more about Arraya’s full line of Managed Services offerings? Visit us at www.ArrayaSolutions.com. There you’ll find data sheets and testimonials from customers who’ve experienced firsthand the value of a Managed Services partnership with Arraya. You’ll also be able to reach out to schedule an appointment with one of our Account Executives to gain access to even more info.
In the meantime, be sure to follow us on Twitter, @ArrayaSolutions, to stay updated on the latest company news and special offers.