4 minutes read

Are you considering outsourcing your information technology (IT) needs? While cost optimization is typically the driving factor for any outsourcing decision, when it comes to IT, the added benefit is the expertise of having dedicated professionals. Engaging with a managed service provider (MSP) gives your company a more robust skillset, a broader scope of experience, agility, and, oftentimes, faster exposure and understanding of new technologies.

More than a Purchasing Decision

Deciding to hire a managed service provider (MSP) is a big decision, especially if you are looking to transition from an internally run information technology (IT) department to an outsourced model. Deciding which MSP to hire can be an even bigger decision – and you don’t want to get this wrong.

Finding the right MSP starts with being very clear on your expectations, business goals, and what areas of expertise and services you are looking for from a provider. For example, for healthcare organizations, the focus is often on areas like improving the overall business operation efficiency and increasing security and compliance so that providers can focus on patient care.

Vendor Relationship vs. Strategic Partnership

By choosing to outsource your IT needs, you are choosing to join a partnership. The difference between creating a strategic partnership with your MSP versus a vendor relationship starts in the selection process. Several considerations can help provide assurance while also creating a foundation of trust for a healthy, productive, and lasting relationship.

Screening

A prospective MSP that can offer more than basic IT services will present more strategic partnerships. Additional services to consider are data recovery and business continuity services, risk assessment, security, compliance services, and patient contact and engagement services. These other offerings allow your MSP to become a single centralized source of expertise and value generation for your organization.

Pre-Agreement Evaluation

Once you’ve screened several options and narrowed down your choices, you should work with the firm to initiate an evaluation of your current systems.

Any MSP you consider should be willing to evaluate your systems and provide a report before an agreement is signed. This evaluation may come at a cost; however, this should be a reasonable amount based on the time spent for the needed experts to evaluate your environment and identify key recommendations.

Here are the three primary factors we recommend you look for in an IT evaluation and proposal before you enter into an agreement with a managed service provider:

Integrity: Did the MSP perform an honest evaluation of your organization’s environment?

A critical step towards understanding your business needs will be for the MSP to schedule time to interview your IT and operations staff to gain a complete understanding of your current environment. The goal is to identify opportunities for improvement, where additional security and added value can be offered.

What you should expect: 

• A prospective MSP should ask questions about everything in your current environment from your applications and how those applications are hosted, to understanding your existing operational workflows and network topology.
• Have discussions about policy management, procedure enforcement, and HIPAA compliance. All findings should be documented, and the report you receive should be an accurate reflection of your environment’s current state.
• If there is very little room to improve in a particular category, this information should be reflected, thus exhibiting their integrity as a potential strategic partner.
• Once your evaluation is complete, you should have an honest and precise understanding of where you are in your technology maturity and a good idea of the services you may require from an MSP.

 

Trust: Is the MSP offering you only what you need?

As a decision-maker, it’s critical to know if the MSP is offering or recommending more services than are needed. You want to be sure the services you are purchasing are in alignment with your business needs.

What you should expect: 

• A prospective MSP should be transparent about what they can offer your organization versus what they will offer your organization. An MSP may have the capability to provide a full suite of services when your organization may only need a limited subset of the offerings.
• Similarly, they may be able to improve your environment through no-cost solutions instead of costly solutions from which they can take a margin.
• The right MSP will be transparent about this and tell you the truth about what your environment needs; doing so will establish trust between the two organizations, which will enhance your ability to become long-standing strategic partners.

 

Value: Does the MSP have a plan for immediately improving your environment?

When you decide to invest in a managed service provider, you should understand their value proposition. Their intentions should be more than just onboarding you as a client and taking over control of monitoring your systems.

What you should expect: 

• There should be defined action items that will provide you with the immediate benefits of their service offerings.
• The report they provide you with during the evaluation will not include detailed project plans. Still, it should give you a list of projects or areas of weakness that need further evaluation.
• The action plan and value proposition establish a foundation from which you can move forward together as you enter a strategic partnership with your MSP.

A Lasting Strategic Partnership

Since 2002, our team of IT experts has refined our approach to initiating strategic MSP partnerships, and these criteria are embedded in that process. As a result, we have a track record of successful long-term strategic partnerships with our clients. Our approach provides:

1. A site evaluation and overall health score;
2. An executive summary that includes our purpose for evaluation;
3. An explanation of scoring with associated detailed listing;
4. Recommendations for improvements;
5. Recommendation of services based on the needs of your organization.

Comprehensive Services, Customized Engagements

Path Forward IT offers a wide range of services, including IT, Patient Scheduling, Risk Management, and Audio Visual that can benefit any organization. We customize every engagement to meet your needs. Our team has always operated as a distributed workforce, so we easily adapt to our client’s changing environment.

The strongest testament to our work is the fact that so many of our clients have trusting relationships with our onsite teams and have integrated them into their daily operations.

For more information about our team and services, contact us!

3 minutes read

COVID has shifted the world in unexpected ways, particularly when it comes to data security. The rapid transition to work-from-home (WFH) made it challenging for most businesses to keep up with policy and technology updates that support a WFH model. It didn’t take long for hackers to figure that out.  

Cyber attacks are on the rise, particularly in the healthcare sector. One report from C5 Capital alliance indicates a 150% increase in attacks on healthcare systems in the first quarter of 2020. 

Healthcare Systems Under Pressure

Given the tremendous strain the pandemic is putting on healthcare systems and healthcare personnel, it’s understandable they might fall behind on regular IT maintenance. At Path Forward, our team of healthcare IT experts works hard every day to make sure our clients are protected.

Here are three common mistakes that create fundamental security vulnerabilities:

1. DELAYING UPDATES: The dreaded notification: “You have system updates. ”   

It may seem like a nuisance to run system or software updates. It takes time and typically requires a full re-start. But this is one of the easiest ways for attackers to compromise your systems. 

Vendors push out updates and patches for a reason. They know there is a vulnerability or bug in a product you are using, and they are providing the patch to address it as quickly as they can. However, publishing the update to customers also increases awareness of the vulnerability with potential attackers.  

It’s essential to run these updates as soon as possible. While time is of the essence, sometimes there can be concerns that the patch could interfere or break a workflow unique to your environment. The ideal first step is to test the patch in a test environment. If that’s not possible, be sure you are prepared and backed up before running the updates. With good backups, you can restore your data to the pre-update version if something goes wrong with the patch. 

*KEY TAKEAWAY:  Prioritize updates and patching. Respond to vendor updates within 24 hours, or as quickly as you can while keeping a reasonable risk to avoid breaking production systems and workflows. Test the patch in a test environment when possible. 

2. OUTDATED EQUIPMENT: It’s not about keeping up with the Jones’.

Equipment is expensive – no matter if you’re considering buying a new SAN, laptops for the organization, or even just a new smartphone.  

It’s natural to approach these expenses as long-term investments. The downside is the definition of the long-term might be shorter than you hoped.  

Don’t kid yourself into thinking you can humbly get by with older equipment that “still does the job.” New equipment is not about getting the latest and greatest functionality. It’s about staying current and safe. 

Using equipment and software past its end-of-life date is a much bigger security problem than most people realize. Manufacturers regularly age-out older versions of their products, meaning they no longer provide updates and critical security patches. Having these outdated components in your environment significantly jeopardizes your system security and voids the effectiveness of any other security measures that are in place.  

*KEY TAKEAWAY:  Plan for the manufacturer’s end-of-life timeline. It’s typically published at least a year in advance, and many vendors publish lifecycle information to help with planning upgrades and budgeting for those expenses. Consider leasing options if your budget doesn’t allow for purchasing.  

3. CHASING SECURITY SOLUTIONS: Monitoring system entry points can be like herding cats.

Since COVID, most companies rely on remote workforces. It’s more common than ever to have a single employee accessing your network from several different devices – smartphones, laptops, tablets, etc. Each of these devices represents an endpoint, essentially an entry point where an attacker could gain access to your systems. Endpoint management software helps centrally monitor and evaluate all devices to ensure security and software updates. 

A common misperception is that a combination of endpoint management and anti-virus software is enough to manage the risk of any intrusion. This is not the case, as proven nearly every day over the last six months as the healthcare industry is the favorite target for attackers. 

Another misperception is that the newer the software, the better the security. Many companies make it a priority to have the latest and greatest solutions and are continually changing their systems. They often overlook the internal talent, skillsets, training, and dedicated resources needed for maintaining these tools. Human monitoring and analysis of threats are critical. Internal security teams have so many competing priorities; it’s challenging and expensive to dedicate the resources needed and stay constantly aware of the latest threat data. 

Managed detection and response (MDR) is an outsourced service that combines the human expertise with automated threat detection to effectively monitor, collect, analyze, and respond to threats as they are discovered. 

*KEY TAKEAWAY:  Endpoint Managed Detection and Response (EMDR) is currently the best technology available for quickly detecting a breach before it creates a noticeable malicious impact. EMDR provides exceptional forensic information should a breach ever occur, which helps in reconstructing events to identify where extra security is needed.
 

A Security Effort is Never Finished

At the end of the day, managing the security of your data and environment is an ongoing effort. It requires careful and constant evaluation and oversight. It also requires a reliable backup and recovery plan.  

The above recommendations are part of our Minimum-Security Requirement Checklist. You can download the checklist here. If you’re interested in talking with one of our security experts for an evaluation or discuss your security needs, please reach out here.