Jan 09 2020

Where Healthcare IT Security Falls Short

Organizations have boosted strategies and spending, but weaknesses remain.

Bad actors are an increasing burden on healthcare providers. Seventy-eight percent of organizations have experienced a significant security incident in the past 12 months, according to the latest HIMSS Cybersecurity Survey.

The good news: Many IT leaders are taking action. The report, released last year, found that 38 percent of respondents plan to spend more to protect their devices, systems and infrastructure. Although all but 4 percent conduct some form of security risk assessment, 37 percent said they perform a comprehensive, end-to-end risk assessment — an 11 percent increase over 2018.

SUBSCRIBE: Become an Insider for access to exclusive HealthTech videos, white papers and articles.

“From increasing the amounts allocated in IT budgets for cybersecurity activities to uniformity in security risk assessments, a growing wealth of cybersecurity resources are available for healthcare leadership to stay ahead of privacy and security threats,” Rod Piechowski, senior director of health information systems at HIMSS, said in a statement.

Still, vulnerabilities remain. Survey responses from 166 U.S. healthcare IT professionals found that just more than one-third don’t conduct phishing tests — despite nearly twice that number (59 percent) citing email as the most common point of compromise. And 20 percent consider “negligent insiders” a primary threat actor, underscoring the need for robust staff training.

Almost all attacks are going to involve a user at some point. It’s going to involve a user’s lack of understanding, lack of applying security rules … It’s unfortunate, but we’re all human,” Gabriel Whalen, CDW Principal Field Solution Architect, said in August at the CDW Protect SummIT in Philadelphia. “It’s up to us to be proactive and watch for those threats.”

Likewise, nearly 7 in 10 respondents say their organization is still using legacy systems in some form. Their vulnerabilities can greatly increase the risk of a breach: “This is particularly significant in light of recent international cyberattacks such as WannaCry and NotPetya,” Piechowski said.

Is your organization at risk? >>> Read this white paper that explains the value of a CDW Comprehensive Security Assessment.

PeopleImages/Getty Images

Sponsors