Health IT

Is healthcare finally boosting cybersecurity efforts?

It's a well-known fact that the healthcare sector is a prime target for hackers. A new survey from HIMSS dives deeper into just how prepared most healthcare organizations are.

These days, it’s nearly impossible to avoid hearing about cybersecurity. And unfortunately, most of that news is negative and highlights how vulnerable hospitals are.

The latest report from HIMSS sheds light on the topic by diving deeper into the preparedness efforts of healthcare organizations.

The “2017 HIMSS Cybersecurity Survey” analyzes feedback from 126 health IT security professionals in the United States. Responses were gathered between April and May 2017.

The findings illustrate that many organizations are looking to certain staff members as a means to address security.

Eighty percent of respondents said their organization has employees specifically dedicated to cybersecurity. And 60 percent indicated they have a senior information security leader like a CISO (chief information security officer).

Where does this leave the remaining 20 percent and 40 percent of survey participants?

In a recent phone interview, Lee Kim, director of privacy and security at HIMSS, said a lack of financial resources can prevent some small practices from hiring IT professionals. That leaves such organizations at a disadvantage, as they don’t know what to prioritize.

“A security leader points the organization in the right direction in terms of their philosophy toward revamping and and improving their healthcare cybersecurity program,” Kim said.

The survey also found 71 percent of respondents’ organizations assign a certain part of their budget to cybersecurity efforts. Of that group, 60 percent said they allocate 3 percent or more of their overall budget to such initiatives.

Although this amount may seem insignificant, Kim said that based on HIMSS’ data, organizations seem to be spending more on cybersecurity than they were in the past. The funds go to everything from hiring more consultants and staff members to upgrading security solutions.

Additional findings include 75 percent of organizations having an insider threat management program and 85 percent conducting an annual risk assessment.

But what surprised Kim most is the overall trend she’s seeing.

“These respondents were indicating their healthcare organizations are doing more and better things to enhance their cybersecurity program,” she said. “They are testing for failure. That’s a positive, proactive sign. People realize technology is foolproof.”

The healthcare industry is a top target for hackers, Kim stressed. And the 24/7 nature of the field makes it challenging for hospitals to upgrade systems and test technologies for bugs.

Yet Kim believes the tide is finally shifting.

“We aren’t just simply scared about what’s going on. We’re actually doing things to turn the tables,” she concluded. “We’re trying to be more difficult targets.”

Photo: ValeryBrozhinsky, Getty Images

Shares0
Shares0