In response to a rise in security incidents that continue to put patient data at risk, HIMSS introduced an annual research program to assess these experiences in healthcare organizations across the United States.
The 2019 HIMSS Cybersecurity Survey provides insight into what healthcare organizations are doing to protect their information and assets, in light of increasing cyber-attacks and compromises impacting the healthcare and public health (“HPH”) sector.
Based on the feedback from 166 US-based health information security professionals, an analysis of the findings yielded a few notable themes, which are explored in greater detail in this report and are summarized below:
- A pattern of cybersecurity threats and experiences is discernable across US healthcare organizations. Significant security incidents are a near universal experience in US healthcare organizations with many of the incidents initiated by bad actors, leveraging e-mail as a means to compromise the integrity of their targets.
- Many positive advances are occurring in healthcare cybersecurity practices and healthcare organizations appear to be allocating more of their information technology (“IT”) budgets to cybersecurity.
- Complacency with cybersecurity practices can put cybersecurity programs at risk. There are certain responses that are not necessarily “bad” cybersecurity practices, but may be an “early warning signal” about potential complacency seeping into the organization’s information security practices.
- Notable cybersecurity gaps exist in key areas of the healthcare ecosystem. The lack of phishing tests in certain organizations and the pervasiveness of legacy systems raise grave concerns regarding the vulnerability of the healthcare ecosystem.