HIMSS Security Survey Provides Framework For Solutions Providers

By Megan Williams, contributing writer

As cybersecurity in healthcare becomes more complex and the threats more pressing, your clients increasingly need and want to approach security in their organization in comprehensive and strategic ways. This puts vendors in the position of needing to approach clients with cybersecurity plans that reflect those priorities.

Modern Era Security Protection

The 2015 HIMSS Cybersecurity Survey polled 297 individuals about their organizations and approaches to the current environment of security threats. All respondents had some level of information security in their organizations and reported an average of 11 different technologies in their organizational efforts to create secure, HIT environments. Additionally, over half of the organizations hired a full-time information security officer (such as a CISO) to manage HIT security functions.

This was to be expected as most organizations are becoming more sophisticated in their orientations toward cybersecurity. As Lisa Gallagher, Vice President of Technology Solutions at HIMSS states, “The recent breaches in the healthcare industry have been a wake-up call that patient and other data are valuable targets and healthcare organizations need a laser focus on cybersecurity threats. Healthcare organizations need to rapidly adjust their strategies to defend against cyberattacks. This means implementing threat data, incorporating new tools, and sophisticated analysis into their security process.”

Key Factors For Your Clients

The survey emphasizes eight key factors in addressing cybersecurity issues in healthcare, all of which are points that vendors should be strategically addressing with their clients:

• External Threat Actors. A significant number (42 percent) of those surveyed expressed a “high degree of concern in regard to insider threats,” but two-thirds reported the same regarding external threat actors.
• Barriers. Organizations are facing multiple barriers in implementing truly effective security solutions and they know it — Survey respondents indicated a lack of staffing and financial resources as key challenges, but 42 percent also cited the sheer number of emerging and new threats as a problem.
• Sources Of Intelligence. The survey names vendors as the second most common source of information on cybersecurity threats, with 49 percent of respondents indicating so, coming in second behind 60 percent for peers.
• Investigating Incidents. Over half of the respondents said an external organization (like a vendor) was brought in to investigate existing incidents.
• Security Tools And Tech. The tech being used to protect is still centered on anti-virus software, firewalls, data encryption, etc. Much less use is being made of dynamic biometric tech, dark web research, and multi-factor digital identity.
• Assessment Of Defense And Capabilities. Most organizations are using risk assessments and vulnerability scans. Only 12 percent indicated the use of mock cyber-defense exercises.
• Motivators To Improve. Risk assessments and concerns about phishing and viruses were found to be the top motivators for improving information security environments.

Detecting Security Incidents: Your clients are, for the most part, finding their problems themselves. Only 17 percent cited a law enforcement agency or patients as the identifier of a security problem.