News Feature | August 25, 2016

HIMSS Cybersecurity Survey Reveals Shift In Priorities For Providers

By Megan Williams, contributing writer

Cybersecurity Survey

Q3 and Q4 just might be the perfect time to upsell security solutions

While most of your clients likely understand the importance of improved security, it’s possible they’re more concerned about the safety of their patients’ information than ever according to a HIMSS survey.

The survey found over 85 percent of respondents had been elevating cybersecurity as a business priority since the 2015 survey, likely a reaction to the plethora of news stories over the last year. Many of those stories, including the recent exposure of over half a million patient records by reimbursement specialist R-C Healthcare Management as reported by Healthcare IT News, have not been a result of malicious intent.

According to senior director, health information systems at HIMSS, Rod Piechowski, “Stories surrounding the breach of hospital and health systems data are unfortunately no longer infrequent occurrences. Cybersecurity attacks have the potential to yield disastrous results for healthcare providers and society as a whole. It is imperative that healthcare providers acknowledge the need to address cybersecurity concerns and act accordingly. Fortunately, the evidence from this study suggests providers are taking steps to address cybersecurity concerns. However, more progress needs to be made so that providers can truly stay ahead of the threats.”

Other key findings include:

  • Providers still face barriers to elevating cybersecurity including: a lack of appropriate personnel (58 percent, acute, 62 percent non-acute) and a shortage of financial resources (50 percent acute, 71 percent non-acute).
  • The majority of providers are making information security a priority (82 percent acute, 81 percent non-acute).
  • Email, mobile devices, and the IoT/IoMT still stand as vulnerabilities.
  • We’re seeing similar drivers as we have in the past: phishing attacks (80 percent acute, 65 percent non-acute; virus or malware (68 percent acute, 65% non-acute); and reaction to risk assessment (64 percent acute, 77 percent non-acute).
  • Identity theft is still a primary driver for attacks (77 percent acute, 74 percent non-acute).
  • The biggest concerns include ransomware (69 percent), advanced persistent threat attacks (61 percent) and phishing attacks (61 percent).

The survey, which was instituted as an annual research program last year, gauges U.S. healthcare organizations on their perceptions and experiences on a range of topics around cybersecurity. This year’s survey was sponsored by FairWarning and focused on responses from 150 information security leaders, all of whom are charged with varying degrees of responsibility at a healthcare provider organization based in the U.S.