Donna and David continue with their interview with Gary Salman, CEO of Black Talon Security, in Cybersecurity Tales with Gary Salman Part 2 – Ep 271 of their Help Me With HIPAA podcast. There should be no surprise to anyone by now that Managed Service Providers (MSPs) are being targeted by cyber criminals.  So, how can you make sure your MSP is protecting your business?  You have to do your due diligence and vet your them.  Don’t just take their word for it when they say “I got you covered.”  Yes, trust them, but verify.  How do you do that?  Audit them, do proper vetting of your MSP, or have a third party audit them.  If you start asking your IT provider questions and they tell you we have this covered because we are HIPAA certified, you better run.  All jokes aside, you have to learn how to ask the right questions in order for you to know that you are being protected.  After all, you are entrusting them with your entire network and your patients’ data.

During the second half of this interview, Gary really goes into how it takes a layered approach to security to properly secure your systems… like 2FA, vulnerability management, penetration testing, employee training, etc. Then you may stand a chance that cybercriminals move on to the next guy because you have too many walls to get through.  Truly, there needs to be a grass root education effort from the business side to ensure the right questions are being asked and to make sure your IT provider or MSP is doing everything they can to help protect your patients’ data.  Ultimately, it will be your business reputation that is at risk if your network is compromised and your patient data is breached.