Despite increased cyberthreat awareness and evolving security tools, keeping pace with incidents remains an uphill fight for the healthcare industry. More than 40 percent of organizations participating in the Cisco 2017 Midyear Cybersecurity Report say that while they encounter thousands of security alerts daily, they only inquire into about half. One reason? Not enough manpower. Half of all responding healthcare professionals employ fewer than 30 staffers dedicated to security, according to the report.
“Unfortunately, as is true in many industries, there are more threats than there are time and staff to investigate,” the Cisco report’s authors say.“Responding to day-to-day threats while managing a complex web of solutions is more challenging for healthcare organizations because of a lack of trained personnel.”
Security spending is not the problem, according to the 2017 HIMSS Cybersecurity Survey. Among respondents familiar with budget allocations, 60 percent say 3 percent or more of the overall budget goes toward cybersecurity. Ten respondents say their organization dedicates more than 10 percent of the overall budget to guarding against such threats.
While healthcare “may not have had decades to establish and improve its cybersecurity posture, like the chemical, manufacturing and other sectors, significant strides have been made in the ‘growth’ of information security programs within the healthcare sector,” the authors of the HIMSS report say.
That growth has been fueled in large part by the “significant” attacks plaguing the industry, as well as the “heightened situational awareness, know-how and acumen” for cybersecurity, the report’s authors add.