Your healthcare clients don’t have to be the target of a hack to be impacted, as further evident by the Blackbaud breach, a cloud service provider that was hacked compromising 100s of organizations and the protected health information of more than 11 million patients.
This is why it is essential to make sure you are including all of the client’s vendors and cloud tools in their risk assessments. It is your obligation as their trusted advisor to ensure that you are adequately protecting their data, that’s why they hired you!
Healthcare Cybersecurity Law 7898
Healthcare cybersecurity has become so dire as of late that a new cybersecurity bill was signed into law. The new law, known as HR 7898, requires the Department of Health and Human Services (HHS) to incentivize healthcare cybersecurity. In essence, under the new law, a healthcare organization subject to a HIPAA audit would be exonerated from culpability if they could demonstrate that they had implemented a recognized cybersecurity framework, such as NIST CSF.
Healthcare organizations that can prove, with documentation, that they had implemented a cybersecurity framework would then receive technical assistance from the HHS, rather than being fined for noncompliance.
This again provides a huge opportunity for MSPs and MSSPs working in the healthcare space. The HHS expects healthcare organizations to have a third-party implement their cybersecurity framework, and as your clients’ trusted advisor, they will look to you to do so.