Yet Another Cybersecurity Warning Sign: Big Whoop?

I’m going through that rite of passage parents of teenagers absolutely dread… teaching your kid how to drive a car. Yes, the experience has produced a few anxious moments, but it also challenged me to rethink how I drive. My wisest advice to him has been “do as I say, not as I do.”

Yet it was his interaction with the car’s warning instruments that in all honesty caught me off guard. All of the bells and whistles on my car designed to keep us safe were actually distracting him and threatening our safety as he attempted to stay focused on the road. I, on the other hand, had learned to tune these systems out and told him not worry about these warning signs but to just stay focused on the task at hand.

I’m telling my son these things at the same time I was authoring the 2016 HIMSS Cybersecurity Study, and it struck me how my research efforts were like the warning systems on my car’s dashboard.

Health information is under attack. We know this to be true from several warning systems.

View the inforgraphic on the 2016 HIMSS Cybersecurity Study.

  • We see this in the increased number of anecdotal stories surrounding patient data breaches and hospital data ransoms in the trade and popular press.
  • We also see this in the pervasiveness of these attacks reported by participants in our 2016 Cybersecurity study.

Roughly 80 percent of the respondents representing a provider organization (e.g. hospital, clinic, etc.) reported that their organization had experienced a recent “significant security incident.”

Note two things from this data point.

  1. First was the qualifier “recent.” You can only imagine that this percentage increases, if we remove were interested in knowing if they had EVER experienced a significant security experience.
  2. Second, this percentage reflects those willing to admit their organization had the target of an attack. To me, it’s not so much a question of “if” but “how often” healthcare organizations experience a cyberattack.

Fortunately, these warning signs appear to be getting the attention of healthcare leaders. In fact, over 85 percent of the respondents to our study claimed cybersecurity efforts within their organization were elevated as a business priority during the past year. With a similar percentage of respondents claiming the same thing in 2015 HIMSS Cybersecurity study, cybersecurity appears to be rising to the top of the list of things that keep healthcare leaders “awake at night.”

That leaders appear to be acting on cybersecurity concerns is welcome news to those of us who have been sounding the alarm about cybersecurity threats. Let’s just hope we don’t get too used to these alarms and listen to those telling us not to worry about these warning signs.

I’m learning my lesson.