Home / Blog

Enhancing Patient Data Security: Managed IT Services for Seattle Healthcare Providers

Last updated: 23 Jan 2025
IT security and support for healthcare services in greater Puget Sound

Data breaches in Washington state have reached an all-time high. According to KIRO 7 News, in 2024, 11.6 million data breach notices went to Washingtonians — that’s 5 million more than the previous record high in 2021. This is particularly troubling to Seattle-area healthcare providers, who must protect sensitive patient data according to healthcare regulations while still making it accessible to patients and providers.

In response, many local healthcare providers are using managed IT services partners to help them keep up with proposed changes to the Health Insurance Portability and Accountability Act (HIPAA) while protecting against rising cybersecurity threats.

The Growing Importance of Cybersecurity for Healthcare in Seattle

Breaches of healthcare systems put lives at risk by “… degrading patient trust, disrupting patient care, diverting patients, and delaying medical procedures,” as stated by HHS Deputy Secretary Andrea Palm.

The stakes are high and the danger is growing. In 2023, there were 26 data breaches of more than 1 million records, and 4 breaches of more than 8 million records. The largest data breach of the year affected 11,270,000 individuals — the second-largest healthcare data breach of all time.

A high-profile local example is Seattle’s Fred Hutchinson Cancer Center security breach in 2022. Hackers accessed patient data, including sensitive medical information. This breach got widespread attention due to the center’s status as a world-renowned research institution specializing in cancer, immunology, and infectious diseases.

These attacks have serious consequences. After global health payment processor Change Healthcare was attacked in 2024, the aftermath left doctors’ offices and hospitals, including those in Washington state, with serious cashflow problems. The Washington State Medical Association has even provided resources to help affected providers.

The State of Cybersecurity for Healthcare Providers in Seattle

Seattle is home to many important medical centers besides Fred Hutchinson, which serves as the cancer program for the University of Washington Medical Center (UWMC). UWMC is an academic medical center known for its advanced research, complex care, and specialized services, including one of the best transplant programs in the U.S. Another provider, Swedish Medical Center, is one of the largest local healthcare providers, with notable expertise in cardiac care, oncology, and neurosciences.

The region is also known for Harborview Medical Center, its Level 1 trauma and burn center. Finally, Seattle Children’s Hospital is a nationally ranked pediatric hospital, renowned for its oncology, cardiology, and neurology care.

Data Security Challenges Faced by Seattle Healthcare Providers

The list of key healthcare providers in Seattle goes on, but they all rely on electronic health records (EHR) and digital tools. Because these systems hold patient data, the ability to access them is vital. The impact of a breach to system access is tremendous.

For example, when there is a breach — or even a suspected breach — of tools that access or store healthcare records, the entire system must be locked down until IT staff find and fix any issues. This greatly slows or even stops operations, including scheduling, billing, collections, and patient care. Because of this, healthcare providers need to do everything possible to prevent a breach, while implementing systems and procedures to help resume operations as quickly as possible after an incident.

Seattle-area health providers may encounter even more than loss of patient trust and industry reputation. For example, local provider Sea Mar Community Health Centers is facing a class-action lawsuit for its handling of a data breach.

Healthcare ransomware attacks may grab the most headlines, but all breaches are damaging. Common attacks include:

  • Theft of patient data
  • Unauthorized access to systems
  • Denial of Service (DOS) attacks
  • Malicious code being installed on healthcare systems
  • Targeted and repeated scans against services on systems
  • Repeated attempts to gain unauthorized access to systems
  • System breaches due to phishing (malicious email or mobile messages)
  • Ransomware attacks against Critical Infrastructure

Any of these incidents can disrupt or stop operations and threaten patient data security.

With all this at stake, it’s easy to see why healthcare providers can benefit from using managed IT services to improve their cybersecurity.

What Managed IT Services Offer Seattle-Area Healthcare Providers

Managed IT services is the outsourcing of an organization’s maintenance and management of IT infrastructure and cybersecurity to a third-party service provider.

The provider, known as a Managed Service Provider (MSP), remotely manages and monitors a company’s IT systems, ensuring that everything works securely and efficiently. Many MSPs also provide strategic consulting and guidance to plan for IT needs.

MSPs provide essential cybersecurity services for small and midsize businesses (SMBs), such as:

  • The monitoring and management of firewalls, encryption, and antivirus protection to boost patient data security.
  • Continuous monitoring of healthcare providers’ network infrastructures (this can include endpoint detection and response solutions, discussed in more detail below).
  • Implementation of automated data backup and recovery solutions to ensure critical patient and operational data is saved regularly and can be recovered in the event of a disaster, such as a hardware failure, earthquake, or cyberattack.
  • Ensuring timely software updates and patch management for critical software, reducing vulnerabilities that could be used in cyberattacks.
  • Help Seattle healthcare providers meet or exceed HIPAA compliance with security measures like data encryption, access controls, and regular security audits. They make sure that IT systems, including EHR and communication tools, comply with HIPAA standards, helping healthcare organizations avoid fines and data breaches while maintaining patient trust and confidentiality.

Benefits of Managed IT Services for Healthcare Providers

Cost and resource efficiency lead the list of benefits of working with MSPs. Tight budgets and talent shortages are challenges. But while individual IT employees usually have deep expertise in only one or two areas, hiring an MSP adds up to a complete IT team with expertise and versatility. MSPs are already staffed with experts on every aspect of data security and setup, with access to tools and processes to prevent and address incidents.

Specialized expertise and continuous monitoring for rapid response to threats are also pluses. Good MSPs understand the regulatory requirements, operational challenges, and threats they must address to avoid HIPAA compliance violations. These partners will keep up on evolving threats and provide the necessary endpoint protection, network monitoring, threat detection, secure backup, and data encryption that healthcare providers need.

Custom solutions tailored to healthcare IT needs are another perk of working with MSPs. Seasoned providers will work with your experts to develop flexible, customized solutions to meet budget and operational requirements. They’re familiar with the requirements of storing, managing, and transmitting patient data, including EHRs, health information exchanges (HIEs), telehealth, and digital imaging.

Protecting Against Cybersecurity Threats: The Growing Danger of Healthcare Ransomware Attacks

The protection that MSPs can provide against cyberattacks is valuable in the face of cyberthreats, of which ransomware tops the list. Ransomware is a type of malware that encrypts victims’ data in return for a ransom. The Center for Internet Security reports that ransomware is usually introduced:

  • Through phishing emails containing a malicious attachment
  • Via a user clicking on a malicious link
  • By viewing an advertisement containing malware (malvertising)

Healthcare ransomware attacks slow or stop critical processes, including patient care. If manual, pen-and-paper intake processes aren’t fast enough, the delay can lead to patients being diverted to other care facilities. And since malicious actors have gained access to patients’ information, these attacks endanger the security of personal health information (PHI).

Best Practices for Preventing Damage from Healthcare Ransomware Attacks

MSPs offer many types of safeguards, including:

  • Endpoint detection and response (EDR) software. EDR solutions use a multi-layered, proactive approach to protecting networks, endpoints, and users against advanced malware, phishing, and targeted attacks. These solutions combine technologies like machine learning and real-time threat protection, so they’re more sophisticated than traditional antivirus and other standard security products.
  • Regular employee training on phishing and cybersecurity. The human element is often the weakest link in social engineering attacks like phishing. Teaching employees how to identify suspicious messages is a great way to protect against ransomware delivered by malicious links and attachments. Employees also develop awareness on how and why general cybersecurity measures like strong passwords, multi-factor authentication, software patching, etc., are important.
  • Frequent data backups and encrypted storage solutions. If your data is ever compromised, the best defense is having a backup. For example, even when Change Healthcare paid $22 million in ransom, the organization didn’t get its data back. Encrypting your backed-up data adds another layer of security.

What Healthcare Providers Should Look for in an MSP

Aside from choosing a reputable managed IT service provider well-versed in cybersecurity that offers 24/7 support and rapid response capabilities, look for an MSP knowledgeable in healthcare IT. Awareness of HIPAA compliance standards isn’t enough, especially considering the proposed changes.

Does the MSP have healthcare clients? Do they understand industry needs and challenges, including its specialized technology and top vulnerabilities?

Consider the provider’s local presence and history. Long-established MSPs offer the peace of mind of stability, especially if they understand the needs of Washington healthcare providers.

Questions to Ask Potential MSPs

Aside from having a list of concerns you’d like a managed IT services provider to address, ask about their industry knowledge. These questions might include:

  • What are the top vulnerabilities in the healthcare sector, and how do you address them?
  • How do you meet Cross-Sector Cybersecurity Performance Goals?
  • Do you follow the Health Industry Cybersecurity Practices from HHS and the Health Sector Coordinating Council (HSCC)?
  • Considering the varied nature of medical IT equipment form factors and communication protocols, how do you perform asset inventories and secure these assets?
  • Can you walk us through the higher standards we’ll have to meet if the proposed HHS changes are made to HIPAA and how you’ll help us with that?

With the proposed new HIPAA standards in mind:

  • What measures will you use for data encryption and backup?
  • How do you help us stay ahead of emerging cybersecurity threats?
  • How will you help us create and maintain a technology asset inventory and network map?
  • Will you do vulnerability scanning at least every 6 months and annual penetration testing?

Working through the risks and changes in the healthcare sector is easier with a strong MSP by your side. The better your MSP understands changings threats and compliance needs, the more your clinicians and operations teams can focus on providing quality care to your patients.

What BlackPoint IT Services Can Do to Help

At BlackPoint IT Services, we help Seattle small and midsize healthcare providers like you with expertise and resources to stay ahead of cyberthreats. Let our IT security experts guide you toward a future-proof IT infrastructure. Schedule a consultation today to embark on your security improvement journey.

Get in Touch