Cybersecurity was identified as an increased business priority over the past year according to 87 percent of respondents in the newly released 2015 Healthcare Information and Management Systems Society (HIMSS) Cybersecurity Survey.
Not surprising, considering that two-thirds of the 297 health care leaders and information security officers across the industry who were surveyed also indicated that their organizations had experienced a significant security incident recently.
While the majority of respondents noted that security incidents were detected within 24 hours, approximately 20 percent of these security incidents resulted in the loss of patient, financial or operational data.
Released at the recent Privacy and Security Forum, Chicago, the research reflects the continued cybersecurity concerns by health care providers regarding the protection of their organizations' data assets.
"The recent breaches in the health care industry have been a wake-up call that patient and other data are valuable targets and health care organizations need a laser focus on cybersecurity threats," says Lisa Gallagher, vice president of technology solutions, HIMSS.
"Health care organizations need to rapidly adjust their strategies to defend against cyberattacks. This means incorporating threat data, and implementing new tools and sophisticated analysis into their security process," Gallagher says.
The survey also found that at least half of respondents made improvements to network security, endpoint protection, data loss prevention, disaster recovery and information technology (IT) continuity.
Despite the protective technologies available, most respondents felt only an average level of confidence in their organizations’ ability to protect their IT infrastructure and data.
Key survey findings include:
• Respondents use an average of 11 different technologies to secure their environment and more than half of health care organizations surveyed hired full-time personnel to manage information security.
• 42 percent of respondents indicated that there are too many emerging and new threats to track.
• 62 percent of security incidents have resulted in limited disruption of IT systems with limited impact on clinical care and IT operations.
• 64 percent of respondents believe a lack of appropriate cybersecurity personnel is a barrier to mitigating cybersecurity events.
The following graphs show the top ways respondents identified security incidents and the impact they had on their organizations:
| 2015 Healthcare Information and Management Systems Society Cybersecurity Survey. |
Respondents reported being highly concerned about the prospect of a future attack against their organizations. They were most likely to be concerned about phishing attacks, negligent insiders and advanced persistent threat attacks.
Read more about the HIMSS survey.
The American Hospital Association offers a wide range of online resources on cybersecurity for hospitals and health care facilities on its website.