For The Record Magazine

Home | Subscribe | Resources | Reprints | Writers' Guidelines

HIMSS Survey: Health Care Organizations Stepping Up Cybersecurity Defenses

Health care organizations are taking steps to enhance their cybersecurity programs to a greater degree than anticipated, according to the newly released 2017 HIMSS Cybersecurity Survey. The majority of organizations measured (71%) allocate specific budget toward cybersecurity. Additionally, 80% of IT leaders measured indicated their organization employs dedicated cybersecurity staff.

"As it was last year, attackers continue to target the health care sector," says Rod Piechowski, senior director of health information systems at HIMSS. "Quality, stress-tested cybersecurity programs are imperative to protecting provider organizations and the patients they care for. This data is encouraging because it shows that many organizations are making security programs a priority; however, there is room for continued improvement. Our hope is that the new research will be an important resource for organizations navigating the complex security landscape."

The 2017 HIMSS Cybersecurity Survey provides insight into what health care organizations are doing to protect their information and assets, in light of increasing cyber-attacks and compromises affecting the health care sector. The 2017 report focuses on the responses from 126 IT leaders who report having some responsibility for information security in a US-based health care provider organization, such as a hospital or long term care facility.

"For this year's report, we decided to take a holistic look at what health care organizations across the sector are doing to enhance their security programs and assess why and how healthcare cybersecurity is unique," says Lee Kim, director of privacy and security at HIMSS. "The report provides industry context and an in-depth analysis of the meaning and relevance of the survey results."

Other key findings from the 2017 survey include the following:

Over half (60%) of respondents indicated their organizations employ a senior information security leader, such as a Chief Information Security Officer (CISO).
- Organizations with a CISO or other senior security leader tend to adopt holistic cybersecurity practices and perspectives in critical areas, including procurement, education/training, and adoption of the NIST Cybersecurity Framework.
Of the 71% of respondents whose organizations allocate a specific part of their budget toward cybersecurity, 60% allocate 3% or more of the overall budget.
Three-quarters of respondents (75%) indicate that they have some type of insider threat management program at their organization.
The vast majority of respondents (85%) state that they conduct a risk assessment at least once a year.
The vast majority of respondents (75%) regularly conduct penetration testing.
Security professionals are focusing on medical device security, with patient safety, data breaches, and malware as the top three concerns, respectively.

View the 2017 HIMSS Cybersecurity Survey results, or join the conversation on Twitter with #HITsecurity.

Source: HIMSS