IT service management

What are the Risks and Benefits of IT Service Management for Network Security

November 6, 2017

The security of healthcare delivery networks has been in the news lately as part of a larger trend of hacks that include ransomware unleashed by healthcare workers simply opening the wrong email:

While these are just three examples Healthcare IT News reported on at least 40 separate incidents in 2017 alone within the healthcare space. As the threats multiply and the incidents make headlines, many healthcare c-suite executives and independent medical providers have moved to outsourcing IT service management to external security providers. This post explores why healthcare delivery networks should consider outsourcing IT security to trusted advisors.

Are you wondering how secure your network is? Contact TOSS C3 to get a free assessment of your network security and a review of how we can help your organization.

Pros and Cons of Outsourcing IT Service Management

From a strategy perspective, the overall decision of whether to outsource a service is a frequent discussion in the healthcare space. Whether the delivery mechanism is a large multi-state health system or a solo independent specialty practice, outsourcing any technology service often allows for cost savings, while freeing up the time of internal IT teams. A recent Symquest blog suggested there are five key determinants to outsourcing any IT function in any type of healthcare delivery network. Consider these points:

  1. Is the IT function central to profit generation?
  2. Is the IT function so specialized it becomes cost prohibitive to offer it in-house?
  3. Does the IT function offer cost savings to the healthcare provider?
  4. Does the IT service distract from core business and delivery functions?
  5. Would outsourcing positively impact regulatory compliance?

Outsourcing any part of IT service management must be weighed in the scope of all of these considerations. However, the increasing virulence of the cyber attacks being launched at healthcare providers requires specialized and sophisticated monitoring and an increasingly complicated set of applications to proactively monitor and defend against attacks. IT service management now requires:

  • DDoS (denial of service) protection
  • Intrusion prevention
  • Web application firewalls
  • Deep packet inspection
  • Data loss prevention measures
  • Security information and management
  • Network analyzers
  • Lawful intercepts

There is a two-fold argument for outsourcing any IT management service, but especially security. First, hospital IT teams are not specialized in security and certainly do not have the time to devote fully to the ever-changing nature of the threats. Second, the smaller medical provider cannot afford a full-time IT team, let alone a network security analyst.

IT service management eliminates both of these problems. Some of the other “pros” of IT service management include:

  • Cost savings: There is a shortage currently of IT security experts on the market today. That places the salaries of internal experts at well into the six-figure range, along with the costs of software and hardware to maintain an internal network. IT service management allows multiple businesses to carry the weight of these costs, allowing for a more manageable budgeted expense.
  • Constant network monitoring: Having the assurance that comes with constant network monitory and cybersecurity reporting is a necessity in today’s security environment. The timing of the next attack is impossible to predict, so one clear benefit of outsourced IT service management is the constant effort to maintain network security from a cyber breach.

While the benefits of IT service management are clear-cut, the possible disadvantages are also just as transparent. The biggest disadvantage voiced by hospital c-suite is the risk that comes with selecting an external vendor to handle the most sensitive patient data. Creating a service level agreement (SLA) that carefully defines client confidentiality along with mitigation in the event of a security breach are crucial to any outsourced arrangement.

For large healthcare organizations, outsourcing IT management may certainly be considered a detriment to the internal IT team. Giving up control to any external vendor could potentially cause political turmoil within a large entity. The answer is to select an external vendor partnership to supplement existing IT responsibilities so that internal IT teams can focus more strongly on core business functions.

Clearly, there are pros and cons for healthcare delivery networks to outsourcing IT service management to an external resource. However, the current state of cybersecurity and the increasing volume of attacks, require that healthcare providers increase their vigilance and response in these areas. Outsourcing IT service management to an external vendor is just one way to mitigate the risk.

Request a quote on IT service management. Find out how TOSS can help your organization mitigate risk and remain secure.

Let's Start a Conversation.

Connect with us and experience the TOSS difference.

Send this to a friend