Health IT, Hospitals

Majority of healthcare organizations have recently seen ‘significant’ data security incident

87 percent of health information security officers and other health IT professionals said that cybersecurity has become a higher business priority within their organizations in the last year, according to a new HIMSS survey.

Think healthcare data security is a bigger problem now than it was a year ago? Insiders would agree.

In a newly released survey from the Healthcare Information and Management Systems Society, 87 percent of health information security officers and other health IT professionals said that cybersecurity has become a higher business priority within their organizations in the last year. Two-thirds of the 297 respondents reported having experienced a “significant security incident in the recent past,” according to the survey, released Tuesday at the HIMSS Privacy & Security Forum in Chicago.

“I don’t think that I was necessarily surprised by this,” Jennifer Horowitz, senior director of research for HIMSS North America, told MedCity News.

Horowitz said that the question was worded vaguely on purpose. “We left that to the discretion of the respondents.” HIMSS used the word “incident” instead of “breach” or “hack” for the same reason, she said.

On average, the survey-takers’ organizations use 11 different technologies to try to secure their networks and data, in part because hackers, phishers and other scammers are getting more sophisticated. According to the survey, 81 percent said that security-related technologies need to evolve and 69 percent said that the threat of phishing attacks have motivated them to step up cybersecurity.

Still, though, the top source of recent “security incidents” is negligence from inside the organization, named by 46 percent of respondents, and 64 percent said that an insider has been responsible for a significant incident at some point.

On the positive side, 57 percent indicated that their organization has at least one full-time staffer dedicated to this problem. While 42 percent said that there are too many new and emerging threats to track adequately, their security teams are able to identify more than half of all information security threats internally.

“I think they’re doing a lot of things right,” Horowitz said.

Photo: FreeDigitalPhoto user Pong