Newly re-vamped report also provides education and context around the survey findings
CHICAGO (August 9, 2017) – Healthcare organizations are taking steps to enhance their cybersecurity programs to a greater degree than anticipated, according to the newly released 2017 HIMSS Cybersecurity Survey. The majority of organizations measured (71 percent) allocate specific budget toward cybersecurity. Additionally, 80 percent of IT leaders measured indicated their organization employs dedicated cybersecurity staff.
“As it was last year, attackers continue to target the healthcare sector,” said Rod Piechowski, senior director, health information systems, HIMSS. “Quality, stress-tested cybersecurity programs are imperative to protecting provider organizations and the patients they care for. This data is encouraging because it shows that many organizations are making security programs a priority; however, there is room for continued improvement. Our hope is that the new research will be an important resource for organizations navigating the complex security landscape.”
The 2017 HIMSS Cybersecurity Survey provides insight into what healthcare organizations are doing to protect their information and assets, in light of increasing cyber-attacks and compromises affecting the healthcare sector. The 2017 report focuses on the responses from 126 IT leaders who report having some responsibility for information security in a U.S.-based healthcare provider organization, such as a hospital or long-term care facility.
“For this year’s report, we decided to take a holistic look at what healthcare organizations across the sector are doing to enhance their security programs and assess why and how healthcare cybersecurity is unique,” said Lee Kim, director of privacy and security at HIMSS. “The report provides industry context and an in-depth analysis of the meaning and relevance of the survey results.”
Other key findings from the 2017 survey include:
- Over half (60 percent) of respondents indicated their organizations employ a senior information security leader, such as a Chief Information Security Officer (CISO).
- Organizations with a CISO or other senior security leader tend to adopt holistic cybersecurity practices and perspectives in critical areas, including procurement, education/training and adoption of the NIST Cybersecurity Framework.
- Of the 71 percent of respondents whose organizations allocate a specific part of their budget toward cybersecurity, 60 percent allocate 3 percent or more of the overall budget.
- Three-quarters of respondents (75 percent) indicate that they have some type of insider threat management program at their organization.
- The vast majority of respondents (85 percent) state that they conduct a risk assessment at least once a year.
- The vast majority of respondents (75 percent) regularly conduct penetration testing.
- Security professionals are focusing on medical device security, with patient safety, data breaches and malware as the top three concerns, respectively.
HIMSS is a global voice, advisor and thought leader of health transformation through health IT with a unique breadth and depth of expertise and capabilities to improve the quality, safety, and efficiency of health, healthcare and care outcomes. HIMSS designs and leverages key data assets, predictive models and tools to advise global leaders, stakeholders and influencers of best practices in health IT, so they have the right information at the point of decision.
HIMSS drives innovative, forward thinking around best uses of technology in support of better connected care, improved population health and low cost of care. HIMSS is a not-for-profit, headquartered in Chicago, Illinois, with additional offices in North America, Europe, United Kingdom and Asia.
Collin Roberts/Edelman for HIMSS