News Feature | November 9, 2015

Cavernous Gap Between Healthcare Security Threat And Preparedness

By Megan Williams, contributing writer

Cavernous Gap Between Healthcare Security Threat And Preparedness

Trustwave released its 2015 Security Health Check Report this October, and along with it, results that illuminate a disturbing gap between the perception of security in healthcare and actual readiness for an incident. It also highlights opportunities for vendors dealing in vulnerability testing, security training, and general security solutions.

The Report

The report surveyed almost 400 full-time healthcare professionals around shortcomings in the industry. Of those surveyed, 91 percent believed that criminals have begun targeting healthcare organizations at higher rates, while a meager 10 percent or less of their budget is allotted toward cybersecurity and protecting patient information. Trustwave makes a point of the issue this presents just as the EHR market is growing at a clip of 5.5 percent since 2012 with an expectation of it reaching $22.3 billion by the end of this year, according to an Accenture study.

Steve Kelley, Trustwave SVP of product and corporate emphasized the vulnerabilities specific to the healthcare space. “Today’s health care industry is under attack. From hospitals to physicians to urgent care clinics, healthcare organizations are swimming in private data and must make security a priority in order to protect it. Security challenges are nothing new for any business but the level of distress exponentially increases when someone’s life may actually depend on the protection of sensitive data.”

Key Findings

  • Patients come first. Both technical (79 percent) and non-technical respondents (77 percent) indicated their concern for losing patient data over other types.
  • Compromised data is a problem. On the technical side, 74 percent of respondents indicated concern over their organization being breached with 51 percent saying the same in the non-technical area.
  • Security is understaffed. A good number (35 percent) of technical respondents believe their company does not have enough staff and security expertise currently dedicated to their security needs.
  • Another perception issue looms. Less than a quarter of technical respondents believed their organization had experienced a breach, a number that conflicts with most studies.
  • Testing isn’t happening enough. Over a third of respondents indicated that vulnerability testing was happening just once a year in their organization.

You can download and read the full report at Trustwave.