5 Ways an MSP Can Simplify IT Management for Your Ophthalmology Practice

Managing IT systems can be a complex task for ophthalmology practices, and it often requires a dedicated team of experts to handle all of the responsibilities. However, this can be costly and time-consuming for practices that need to focus on their core business functions. That’s why partnering with a managed service provider (MSP) can be a great solution. MSPs can help practices simplify their IT management, increase security, and reduce costs. So, what is an MSP and why should you partner with one?

What is a Managed Service Provider?

A Managed Service Provider (MSP) is a third-party provider that offers IT services to businesses. MSPs take on the responsibility of managing all or part of an organization’s IT infrastructure, such as hardware, software, and networks. MSPs provide a range of services, including monitoring, support, and maintenance. By outsourcing their IT needs to an MSP, businesses can save time, reduce costs, and improve their IT infrastructure.

5 Ways an MSP Simplifies IT Management

How often does technology cause disruptions at your practice? Are inefficient clinic workflows decreasing the number of patients your providers can see per day? Do providers complain about how technology issues prevent them from providing quality care? A good healthcare-focused managed service provider will be able to simplify IT management for your practice in a number of ways, including:

  1. Consolidate Vendor Management
    Partnering with an MSP allows ophthalmology practices to simplify their IT management. Instead of dealing with multiple vendors, an MSP provides a one-stop-shop for all IT needs. This allows practices to focus on their core business functions and leave IT management to the experts.
  2. Improve Security
    An MSP can help ophthalmology practices improve their security by providing 24/7 monitoring, implementing security protocols, and conducting regular vulnerability assessments. MSPs stay up-to-date on the latest security threats and trends, ensuring that practices are protected against the latest cyber threats and are adhering to industry best practices.
  3. Increase Efficiency
    An MSP can help ophthalmology practices increase efficiency by providing fast, reliable support, both remotely and on-site. MSPs have a team of certified and experienced technicians who can provide assistance 24/7, ensuring that practices can operate smoothly and efficiently without any disruptions.
  4. Reduce Costs
    Partnering with an MSP can help ophthalmology practices reduce costs by eliminating the need to hire an in-house IT team. MSPs provide cost-effective solutions that are tailored to the needs of the practice, ensuring that they only pay for the services they need.
  5. Stay Up-to-Date with Technology
    MSPs provide a three-year technology roadmap that helps ophthalmology practices plan and implement technology upgrades that will improve efficiency, reduce costs, and enhance patient care. With a detailed plan in place, practices can make informed decisions about technology investments and upgrades, ensuring that they are always ahead of the curve.

Not All MSPs are Created Equal

Keep in mind when choosing an MSP, it’s important to look for a provider that specializes in the healthcare industry. This ensures that the MSP understands the unique challenges and compliance requirements of ophthalmology practices and can tailor their services to your practice’s specific needs.

The Dedicated IT team is on a mission to make healthcare practices better by simplifying their IT infrastructure with our suite of healthcare-focused managed services, and we’re eager to share with you how we’ve helped similar practices overcome their IT challenges. If you’re sick of technology disrupting clinic workflows and preventing your providers from seeing patients, let’s talk. Contact us today to get started.

How Healthcare Organizations Can Fight Cyberattacks with an MSP

Cybersecurity continues to be a pain point in healthcare

Cybersecurity is a critical pain point for healthcare organizations of all sizes and specialties. The industry faces a unique threat landscape as a successful breach could threaten life-critical services, the delivery of life-saving drugs, and prevent healthcare professionals from delivering patient care.

As increasingly sophisticated attack vectors emerge, like phishing, ransomware, and distributed denial of service (DDoS) attacks, your healthcare IT risk goes beyond financial loss and loss of privacy. Increasingly, managed IT services are crucial to ensuring security posture, controls, and defenses are in place to protect your patients, staff, and data. And regardless of the size of your healthcare practice, it’s imperative to understand that your organization is a target for cybercriminals.

The size of healthcare’s cybersecurity risk

The threat to healthcare organizations is growing as hackers increasingly target their valuable personal healthcare information (PHI). Healthcare has faced the costliest breaches of any industry for over a decade. The average breach cost organizations a record high of $10.1 million in 2022, an increase of nearly $1 million on 2021, according to IBM’s Cost of a Data Breach report.

These sky-high returns have led to a surge in cybercriminals targeting the industry. Infoblox research found the U.S. healthcare sector suffered 521 major data breaches in 2021, a 25% increase on 2020, which impacted more than 43 million patient records. 

That threat is only increasing as new breaches target specialty healthcare firms, and new attack vectors are discovered daily.

Taking the fight back to cybercriminals

As new sophisticated threats emerge, you need to strengthen your security posture and defenses to protect patients and staff, secure your data, maintain a high quality of care, and deliver streamlined operations. Tactics and best practices you need to provide this include:

Improved visibility

You can only stop the security threats you can see, so it’s vital to ensure you have monitoring technology to discover and prevent vulnerabilities across your entire network.

Removing third-party risks

Vulnerabilities in third-party software are the third-most common and costly form of data breach, accounting for 13% of attacks and costing $4.55 million per breach, according to IBM research. So it’s vital to have the right tools in place to manage third-party risks effectively and onboard new vendors securely.

Employee awareness

Your employees are your first line of defense against security attacks. They need to be aware of the risks they face, the tactics cybercriminals use to target them, and be able to spot the signs of a potential malicious attack.

Robust security controls

Technologies that discover, block, and mitigate all security incidents help you to enhance data control. A minimum security measure is enforcing the use of multi-factor authentication by all staff. This ensures only authorized employees can access the data and systems they have the right to – which helps to prevent a data breach even if an attacker obtains an employee’s password. Other security controls include anti-virus, data loss prevention, firewalls, intrusion detection and prevention, mobile device management, network segmentation, threat intelligence, and vulnerability scans.

Why you need healthcare-focused managed IT services

Fighting your growing cybersecurity threats alone demands significant staffing, technology, and time investment. It requires a proactive approach to security that protects you against emerging threats, enhances your security posture, and ensures compliance with increasingly stringent industry and regulatory requirements. 

Managed IT services remove the manual effort of protecting your patients’ PHI data, networks, and systems around the clock without hiring an expensive internal security team. It provides a 24/7 understanding of your risk, including new and emerging threats, and enables you to block and mitigate threats as soon as they emerge.

Bolster your security posture with Dedicated IT

Our managed IT services provide you with all the expertise and tools required to make your business better tomorrow than you are today. We help you implement a robust cybersecurity program tailored to your specific requirements, proactively discover, block, and mitigate sophisticated threats, meet regulatory expectations, and satisfy cyber insurance requirements.

Discover how Dedicated IT helps you fight the latest cybersecurity threats facing the healthcare industry and implement all the controls you need to protect your patients, staff, and data. Contact us today to get started.

Dedicated IT Ranks #33 on CRN’s 2022 Fast Growth 150 List

Lake Park, FL – August 22, 2022 – Dedicated IT, a leading Florida-based managed services provider, today announced that CRN has named the company to their 2022 Fast Growth 150 List. This year, Dedicated IT ranks #33 on the list of 150 honorees, up from #98 in 2020.

The annual CRN list ranks managed solution providers with at least $1 million gross annual sales by their two-year growth rate. According to CRN, the 150 companies on this year’s Fast Growth 150 list recorded an average two-year growth rate of 96 percent between 2019 and 2021, and collectively generated revenue of $82.4 billion last year.

“Dedicated IT has been around for 20 years and has only recently realized national recognition for growth,” says CEO & Managing Partner, Aaron Underhill. “Unlike most companies on the CRN list, we aren’t PE-owned, and we’re growing strictly from organic means. We started hitting our stride when we doubled down on servicing the healthcare market and focused on being a trusted advisor, as opposed to servicing any client that wanted to do business with us. Over the next few years, we look forward to Dedicated IT becoming the most trusted name in healthcare IT.”

Since 2016, Dedicated IT has zeroed in on providing their managed IT services to a subset of the healthcare industry, including specialties like Orthopedics, Ophthalmology, Dermatology, and Ambulatory Surgery, as well as senior living facilities, and has put a large emphasis on building relationships with practice leaders through partnerships with associations like the American Alliance of Orthopaedic Executives (AAOE), Association of Dermatology Administrators and Managers (ADAM), American Health Care Association (AHCA), and Becker’s Healthcare, plus EMR providers like NextGen, Nextech, ModMed, and Athena. Their robust knowledge of the healthcare IT space and specialized service portfolio geared toward solving the unique IT challenges healthcare practices face played a critical role in their two-year growth rate and subsequent ranking on this year’s CRN list.

To learn more about Dedicated IT and their portfolio of healthcare-focused managed IT services, visit their website at www.dedicatedit.com.

ABOUT DEDICATED IT

Dedicated IT provides organizations with an IT service experience like no other. Everything we do is with the goal of making you better tomorrow than you are today. We want to see your business operate without IT disruptions and restrictions and innovate more than ever. Our tailored support and service model was built from the ground up with you in mind. We deeply invest in learning how your business uses technology, its security posture, and issues that will quickly turn into IT time bombs, then present a technology roadmap to help you avoid all headaches. Support from Dedicated IT only gets better with time, as we gather more data points from your technology that can be used for optimization.

Looking for your next great opportunity? Experience what it’s like working with one of the nation’s fastest growing healthcare focused MSPs. We have several open positions available for those looking to join us on our mission of making people and businesses better tomorrow than they are today. Apply now!

Dedicated IT Celebrates National Video Game Day by Hosting Employee Fundraiser for Red Apple Supplies – Education Foundation of Palm Beach County 

LAKE PARK, FL – July 15, 2022 – Last Friday Dedicated IT celebrated National Video Game Day (July 8th) with their team by hosting a company-wide gaming event where employees submitted a donation to play. Organized by Robin Stark, Executive Assistant to Managing Partners, and Kelsey Poole, HR Generalist, more than 23 employees participated or donated, allowing Dedicated IT to raise $650 for the Red Apple Supplies program. 

“Creating a fun work environment is essential to our business, especially because of our ever-evolving hybrid workforce,” says Kelsey. “Our team has worked hard to find unique ways to involve our employees, celebrate fun holidays together, and kick back at work, while at the same time doing something that allows us to give back to our community as a team,” adds Robin. 

“Dedicated IT is on a mission to make people and organizations better tomorrow than they are today,” says Aaron Underhill, CEO and Managing Partner of Dedicated IT. “Our company is proud to be able to match the donations our employees submitted, and we look forward to hosting more events like this to give back to our local Palm Beach County community and beyond.” 

About the Event 

Dedicated IT employees donated a minimum of $5 to play the online game Krunker.io. Once donations were submitted, they were able to select a time slot to play. On the day of the event, their team joined each other live via Microsoft Teams to participate in or watch the matches and ended the fun with a celebratory virtual happy hour afterwards.  

About Dedicated IT 

Dedicated IT provides organizations with an IT service experience like no other. Everything we do is with the goal of making you better tomorrow than you are today. We want to see your business operate without IT disruptions and restrictions and innovate more than ever. Our tailored support and service model was built from the ground up with you in mind. We deeply invest in learning how your business uses technology, its security posture, and issues that will quickly turn into IT time bombs, then present a technology roadmap to help you avoid all headaches. Support from Dedicated IT only gets better with time, as we gather more data points from your technology that can be used for optimization. 

About Red Apple Supplies – Education Foundation of Palm Beach County 

Red Apple Supplies, one of Education Foundation of Palm Beach County’s signature programs, is a free teacher resource store to equip teachers with essential school supplies for their classrooms.  Since opening in 2016, Red Apple Supplies has distributed over $1 million in school supplies to Title I schools. During the 2021-22 school year, Red Apple Supplies distributed over $1.4 million in free school supplies to over 52,131 students in Palm Beach Country; served 76 Title I Schools with 83% or higher Free and Reduced Lunch Rate; and expanded inventory through STEM, Health, Financial Literacy and Digital Inclusion sections.  

The mission of Red Apple Supplies is to serve the educational and creative needs of children in Palm Beach County public schools by providing a means to transfer donated school supplies from businesses, organizations, and individuals free to teachers for use in classrooms throughout the school year. 

Upcoming Events with Education Foundation of Palm Beach County 

Dedicated IT is a proud sponsor of the Education Foundation of Palm Beach Country’s upcoming Heroes for Education Run Walk, happening on Saturday, October 29 at John Prince Park in Lake Worth, FL. To learn more about this event, please visit here

5 Ways to Prepare for Your Next Cyber Insurance Renewal

Achieving Success in Your Cyber Insurance Renewal

Something new is happening in the world of cyber insurance – have you heard about the way that policies are being written now? Can you anticipate how your application may change? Hopefully you have, but if your renewal period hasn’t rolled around yet, you might be out of the loop.

Underwriters are no longer assessing the way they used to, and insurance companies are no longer writing policies the way they used to. Your organization must understand its risk profile, implement enhanced controls, and be able to demonstrate how you prevent ransomware attacks. If not, you will struggle to complete the in-depth assessments waiting for you in your renewal period. Here are five ways to prepare for your next cyber insurance application.

1Develop an Application Renewal Plan

The first step in any formalize cybersecurity program is a plan, and it’s no different for cyber insurance applications. You must identify your renewal date and build a timeline around that. Find last year’s application and reference it so that you understand what you submitted previously. Now that carriers are raising rates, lowering coverage, and requiring new controls, you need all the information available to you.

As part of your renewal plan, request early application review. Get a copy of the new application and start asking questions about what has changed with your cyber insurance provider. What is required? What can you expect from similar clients? Is the risk profile based off last year’s approval?

2 – Assess Your Security Maturity

Through self-assessments, you can score your security maturity. This will give your team an idea of where to start when it comes to cybersecurity gaps and what underwriters expect. Assess yourself against the latest cyber insurance application criteria like internal and external controls, email security, disaster recovery processes, and more. Survey your vendors to learn if they meet your security requirements.

You can start preparing for your renewal with our self-led security risk assessment.

3Map Controls to People, Vendors, and Resources

It’s critical that you have a specific person or team responsible for all application criteria. A critical ways to prepare for cyber insurance renewal is to identify who is responsible for:

  • Internal controls
  • External controls
  • Microsoft 365 controls
  • Preventative controls
  • Security governance review
  • HIPAA review
  • Asset review
  • Patching baseline
  • Zero trust baseline
  • Disaster recovery processes

4 – Address Problem Areas in a Technology Roadmap

A technology roadmap a strategic document outlining the technological direction of your business. It gets everyone on the same page. It changes your IT department from being in reactive, fire-fighting mode to predictable, proactive action. Meetings will transition from deciding what to do to knocking out tasks and roadblocks. It guides your IT department by providing the master list of IT projects that need to be completed. A technology roadmap will be part of your evidence that underwriters can review to determine your commitment to cybersecurity.

5 – Remediate Priority Needs Before Renewal

Once you’ve prioritized your technology issues into low, medium, high, and critical items, it’s time for remediation. Details and transparency matter and can make or break the outcome of your renewal. Be sure to clearly articulate the investments and improvements you are making in cyber risk mitigation.

Even if you cannot remediate prior to renewal, you can at least show underwriters that you have taken some type of action, or, at the minimum, have outlined a plan to address and remediate these vulnerabilities. Even if your remediation plan needs to be rolled out in phases over several months, underwriters will want to know it is underway.

With the right guidance and planning, you can renew an existing policy with minimal changes in coverage or fees – but it’s critical that you understand the changes in the cyber insurance industry and how to fill out a detailed application. For support during your next cyber insurance renewal, let Dedicated IT help.

5 Ways an IT Provider Makes Your Job Easier

Leverage a Managed Service Provider to Improve Your IT Function

If you’re in charge of making IT-related decisions or overseeing IT staff, there’s a lot on your plate.  You’re responsible for everything from procurement to support tickets to budget planning to vendor management. How can a managed service provider ease the burden of IT?

No time to focus on IT? We know.

Effective IT can run efficiently and effortlessly. By partnering with a reliable IT provider, you won’t have to waste time think about routine IT issues or improvements. Instead, you can focus on the big things.

Too busy to oversee vendors? We manage that.

An experienced IT provider understands your technology, your vendors, and the concept shared responsibility. By offloading vendor management to a manage service provider, you can hold vendors accountable to your security standards.

Inundated with staff questions? We’ve got you.

Questions and IT issues coming from your staff can become an overwhelming task, but it doesn’t have to be. A good managed service provider will have a streamlined way to troubleshoot issues for your staff – usually a help desk that provides much-needed, on-demand support.

Surprise IT costs? We don’t do that.

You don’t want surprise costs or fees, and neither does a trusted IT provider. Their mission is to develop an improved, cost-effective, stable IT budget that aligns with your organization’s goals. 

No path to growth? We scale.

Your technology should promote growth. Outsourcing IT to a managed service provider can give you the ability to scale because you have access to new resources, new talent, and additional support. Technology should never hold your organization back from growth.

When you’re ready for a scalable, stable IT strategy, Dedicated IT will be ready to help. You can leverage our comprehensive approach to IT and our team of in-house IT professionals that are ready to improve your IT function through account management, remote support, and even field service.

7 Questions to Ask When Choosing a Managed Service Provider

Every healthcare practice has its own goals, needs, and challenges when it comes to technology. The right managed service provider can determine the failure or success of those IT goals. How do you find a MSP that understands your specialty and has a strong pulse on your needs? Let’s look at seven questions you should ask before partnering with a new IT provider.

1 – Does the MSP have a healthcare focus?

Working with a MSP that has a proven specialization in healthcare can dramatically reduce the steps to issue resolution and move through the ticket queue. By having a single vendor support your practice’s IT, you can consolidate issues to one call.

2 – Is the MSP active in the healthcare industry?

To really understand your business, the MSP must demonstrate involvement in the healthcare industry. What healthcare or specialty-specific events or conferences does the MSP attend? Are they active in the associations or communities you are a part of?

3 – What does the onboarding process entail?

Onboarding sets the foundation for the partnership with a MSP – for better or for worse. Make sure you get a clear answer on what happens during onboarding, who is involved, and what steps come afterwards.

4 – How are ticket escalations handled?

Escalation can be a hidden cost when working with an IT provider. Be sure to get information on how out-of-scope or complex IT requests are handled and if they incur additional costs. Even more important, you need to have the IT provider define what they consider to be an escalation. Is a nurse or physician calling outside of business hours considered an escalation? This could impact your ability to provide care and your IT bill.

5 – Does the MSP understand HIPAA compliance?

Challenge your potential IT partners on how they address HIPAA compliance – and possibly even other healthcare frameworks. They must have knowledge of the Security Rule as well as Privacy Rule to understand their responsibilities.

6 – Does the MSP have a strong security posture?

If a MSP has access to your data and systems, you need to understand their security posture. Perform your due diligence to ensure that they have proper controls implemented and stay up to date on security trends.

7 – Will the MSP be committed to your success?

How deeply does the MSP understand your business? You must have a discussion about your business objectives and growth plan so that you can determine if the MSP aligns with those goals.

At Dedicated IT, we welcome you to ask these questions and more when considering us as your IT provider. We consider our relationship with clients to be a valuable partnership that requires this type of transparency.

What is a Technology Roadmap?

Building Your Long-Term Technology Roadmap

What is a technology roadmap and why does your business need one? This is a strategic, living document outlining the technological direction of your business. A good technology roadmap helps communicate the “what” and the “why” of IT to decision makers, and also guides your IT department by providing the master list of IT projects that need to be completed. We recommend developing a technology roadmap with longevity in mind. A three-year plan is a great place to start.

Why Does Your Business Need a Technology Roadmap?

Your decision makers, or even your IT staff, might wonder why you need to go through the process of developing a technology roadmap. Every department at your organizations needs some direction, and a technology roadmap can provide that to IT. It gets everyone on the same page. It changes your IT department from being in reactive, fire-fighting mode to predictable, proactive action. Meetings will transition from deciding what to do to knocking out tasks and roadblocks.

A technology roadmap can be an attractive project to your executives because it budgets technology expenditures and sheds light on what sometimes is boring and unimportant areas of the practice.

How Do You Build a Technology Roadmap?

Dedicated IT builds a three-year technology roadmap for every client during the onboarding process and has honed the development process into seven steps.

  1. Conduct a technology assessment. To learn the landscape of your technology, document your assets, inventory, software, licensing, and who uses what types of technology.
  2. Complete a Security Risk Assessment. This process will result in a remediation plan, which provides you with categories of risk prioritization.  
  3. Assess vendor management. Meet with your vendors to learn exactly what they do for you and what their security and IT best practices are.
  4. Talk to your staff. You need to learn from the people who actually use the technology and experience issues daily.
  5. Make the technology roadmap document. Consolidate this information you’ve collected thus far and start organizing the items by priority and impact.
  6. Prioritize the technology issues you’ve discovered into low, medium, high, and critical items.
  7. Finalize your roadmap. Organize it by quarter, knocking out the critical items first. Write a narrative for each item on the roadmap. Determine which projects can be run internally vs. requiring a vendor. Provide an estimate of hours, and the suggested resource for projects that can be handled internally. Present the finalized roadmap to your decision makers.

Pitfalls for Building a Technology Roadmap

Building a technology roadmap is a valuable project that involves several parties. To get the most out of this process, it’s important to follow best practices and avoid pitfalls, including:

  1. The foundation of the technology roadmap is based on an IT assessment conducted by a company trying to unseat existing IT vendor or internal IT department.
  2. The technology roadmap is too technical or doesn’t align IT projects with business objectives.
  3. There is no calibration, alignment, or accountability to the team responsible for the technology roadmap
  4. Budget is not accounted for in the technology roadmap.
  5. Too many outside or second opinions are taken, rather than making data-driven decisions.
  6. There is a lack of long-term vision for how IT can support company goals.
  7. The IT leaders are not invited to business discussions.
  8. Your IT leader or partner lacks healthcare knowledge.

When you’re ready for a technology roadmap to inform IT strategy, Dedicated IT will be ready to help. As a Dedicated IT client, the first thing we will do is develop a thorough technology roadmap and conduct benchmarking. You will leverage our comprehensive approach to IT and our team of in-house IT professionals that are ready to improve your IT function.

8 Signs that You Need to Outsource IT

It’s Time to Invest Better Resources into Your IT

As a business leader, it can be hard to identify when your IT isn’t growing alongside your business. Oftentimes, it’s a case of simply not knowing what you don’t know or don’t see because IT is the forgotten or unseen heavy lifter behind your operations. High-growth companies must understand that any IT problem needs to be corrected so that staff and customers do not feel the impact of a lacking IT strategy.

8 Ways to Identify When Your IT Needs Extra Resources

How do you determine when it’s time to shift your IT strategy and take an outsourced approach? Typically, there are several signs, including:  

  1. There is no guarantee of a response from IT when employees need help​. If there is a response, it’s often very slow.
  2. IT does not understand the urgency of employee support requests or how to prioritize tickets.
  3. As a leader, you are uncertain if IT proactively addresses needs and risks – which makes you question your company’s security posture.
  4. IT seems to be unable to get to the root of issues that cause company-wide outages, which means they keep happening.
  5. Executives must constantly remind IT to communicate updates​, needs, and even best practices. IT begins to feel siloed and unintegrated with the rest of the company.
  6. Leadership has not been able to implement accountability for your IT department.
  7. Setting a budget for it is a mystery.
  8. Your IT department doesn’t know how to scale the technology to match business growth.

Have you seen these signs or felt this frustration with your in-house IT department? So many organizations struggle with this, even when there’s a solution: outsourcing IT to a managed service provider. To overcome operational hurdles, to support your growth, and to protect the data you are responsible for, utilizing an IT provider could be in the best interest of your company.

Are you ready to level-up your IT staff and strategy? Let’s discuss how Dedicated IT can augment your IT with our team of in-house technology specialists.

Lessons Learned: Ophthalmology EHR Data Breach

Ophthalmology EHR Compromised

On December 4, 2021, EHR vendor Eye Care Leaders suffered a data breach, specifically of its cloud-based myCare Integrity platform. Eye Care Leaders provides 9,000+ physicians with EHR and PM solutions that are specific to ophthalmology. The security incident allowed for unauthorized access to the myCare Integrity’s EMR databases (hosted on AWS), followed by deletion of databases and security configuration files.

EHR, EMR, and PM platforms are the foundation of how covered entities operate – so what happens when there’s a security incident that impacts the availability of the EHR that your organization uses? What are the consequences if your EMR vendor exposes your PHI in a data breach?

What Happens if Your EHR is Compromised?

Eye Care Leaders was able to swiftly identify the data breach and restore some the databases and files from backups. In the forensic investigation, Eye Care Leaders found that, fortunately, the data breach did not allow unauthorized access to its clients’ systems, but patient information may have been exposed – information like patient names, dates of birth, medical record numbers, insurance, medications, and the type of care provided.

Although the breach occurred in December, Eye Care Leaders began notifying clients in March. As of May 2022, the following covered entities have reported their breaches to the HHS OCR, and have confirmed that Eye Care Leaders was the source of compromise:

Managing Third-Party Risk

When you entrust a third-party EHR vendor with access to your organization’s sensitive data and environment, you must make sure that vendor is doing their security due diligence. What controls do they have in place to protect your data? Do they have as stringent of a security program as you do?

Your internal IT team or managed service provider must be prepared to effectively manage third-party risk. Even if a vendor meets compliance standards (HIPAA, HITRUST, ONC Health IT Certification), that doesn’t guarantee that controls won’t fail or cyber attacks won’t be successful.

Cyber Risks within Ophthalmology

The ophthalmology sector, like all other healthcare specialties, are not excluded from cyber attacks. Every healthcare provider of any size can be a target because of the valuable information that they can access. Actually, specialty providers are especially attractive to attackers because of their typically small size and limited IT resources. Michael Hamilton, former CISO of the city of Seattle, told ISMG that the trends in 2021 indicated “threat actors are intentionally moving down-market to … clinics and specialty care organizations.”

  • January 11, 2021: 20/20 Eye Care and Hearing Care Network notified 3.3 million individuals that their PHI had been exposed due to a leaky S3 bucket.
  • January 13, 2021: Cochise Eye and Laser suffered a successful ransomware attack that encrypted its patient scheduling and billing software.
  • September 3, 2021: U.S. Vision identified and reported suspicious activity on their network that compromised data.
  • September 14, 2021: Simon Eye Management, a chain of eye care clinics, was compromised through unauthorized email access, which was an attempt to engage in wire transfer and invoice manipulation attacks.

These are just a handful of the security incidents reported by ophthalmology sector last year – but even these examples represent millions of compromised records. What a data breach cost your organization? Could your ophthalmology practice afford to recover from a successful cyber attack?

If you feel that you need a more effective strategy for managing vendor risk, Dedicated IT is here to help. As a managed service provider that specializes in healthcare, we know how to partner with EHR, EMR, and PM providers and support your security initiatives. Contact us today to get started.