HIMSS 2016 Cybersecurity Survey Finds Providers Are Enhancing Cybersecurity Programs but Improvements Needed

Survey of health IT industry lists lack of appropriate cybersecurity personnel and financial resources as barriers to elevating cybersecurity efforts

CHICAGO (August 17, 2016) – Health information is under attack, and U.S. healthcare providers are responding to these concerns, or so suggests data from the newly released 2016 HIMSS Cybersecurity Survey. With over 85 percent of respondents reporting that cybersecurity efforts within their organization were elevated as a business priority during the past year, healthcare providers are clearly concerned about the growing threats surrounding health information. These concerns are well placed given the increase in news stories involving patient data breaches during the past year.

“Stories surrounding the breach of hospital and health systems data are unfortunately no longer infrequent occurrences,” said Rod Piechowski, senior director, health information systems, HIMSS. “Cybersecurity attacks have the potential to yield disastrous results for healthcare providers and society as a whole. It is imperative that healthcare providers acknowledge the need to address cybersecurity concerns and act accordingly. Fortunately, the evidence from this study suggests providers are taking steps to address cybersecurity concerns. However, more progress needs to be made so that providers can truly stay ahead of the threats.”

On Oct. 25, a new, in-person resource – the HIMSS Cybersecurity Hub – will open at the HIMSS Innovation Center, where stakeholders can come together to address the vital needs for a cybersecure health system architecture. The interactive, Cleveland-based experience will focus on important requirements individuals need to understand as they prepare for and fight cyber threats to avoid data breaches.

Instituted as an annual research program in 2015, the HIMSS cybersecurity study gauges the perceptions and experiences of U.S. healthcare organizations on a number of cybersecurity topics. The 2016 HIMSS Cybersecurity Survey – sponsored by FairWarning – reflects the first year follow-up from the baseline report established in 2015. This year’s report focuses exclusively on the responses from 150 information security leaders who report having some degree of responsibility for information security in a U.S.-based healthcare provider organization, such as a hospital or long-term care facility.

Key findings from the 2016 survey include notable differences between acute and non-acute providers:

  • 87% of acute providers and 81% of non-acute providers made information security a higher priority.
  • Barriers to elevating cybersecurity were the lack of appropriate cybersecurity personnel 58% (acute) 62% (non-acute), and lack of financial resources 50% (acute) 71% (non-acute).
  • Motivations for increased cybersecurity are phishing attacks 80% (acute), 65% (non-acute); virus/malware 68% (acute), 65% (non-acute); and results of risk assessment 64% (acute), 77% (non-acute).
  • Vulnerabilities include email, mobile devices and internet of things.
  • Common reason for attacks is medical identify theft 77% (acute), 74% (non-acute).
  • The perceived ability to detect and protect are brute force attacks 75%, exploitation of known software vulnerabilities 74%, and negligent insider attacks 73%.
  • Most feared future threats include ransomware 69%, advanced persistent threat attacks 61%, and phishing attacks 61%.

Access the complete 2016 HIMSS Cybersecurity Survey results or follow #HITsecurity.


About HIMSS North America:HIMSS North America, a business unit within HIMSS, positively transforms health and healthcare through the best use of information technology in the United States and Canada.

HIMSS is a global voice, advisor, convener, and thought leader of health transformation through the best use of IT with a unique breadth and depth of expertise and capabilities to improve the quality, safety, and cost‐effectiveness of health and healthcare. Through its network of over 1 million professionals, including 64,000‐plus members, HIMSS advises leaders, stakeholders and influencers globally on IT best practices to ensure decision‐makers have the right information at the right time to make the right decisions. HIMSS North America, HIMSS Analytics, Personal Connected Health Alliance, HIMSS Media and HIMSS International (HIMSS Europe, HIMSS Asia and HIMSS Middle East) are the five business units of HIMSS. A not‐for‐profit headquartered in Chicago, Illinois, HIMSS has additional offices in North America, Europe, United Kingdom, and Asia.

About FairWarning
FairWarning® is a leading provider of solutions that deliver information security intelligence and insights for mission critical applications, such as Salesforce, Office 365, Electronic Health Records (EHRs) and cloud-based applications. Auditing over 350 business applications, FairWarning inspects immense volumes of application security information and provides visibility related to application risk, security, and governance through deep insights into user access behaviors. FairWarning provides a comprehensive platform and managed services for real-time and continuous monitoring, advanced threat detection and filtering, performing forensic investigations and incident containment, enforcing access policies, conducting legal investigations, and improving compliance effectiveness with complex federal and state privacy laws such as HIPAA, PCI, SOX, FISMA and EU Data Protection Act. FairWarning delivers insights 24x7x365. FairWarning catches people stealing your data

Media Contact: 
Joyce Lofstrom
(312) 915-9237