Thursday, March 29, 2018

HiMSS survey shows healthcare cybersecurity gains, but room for improvement remains

Photo courtesy HiMSS 
PARCA eNews – March 10, 2018 – The number and severity of data breaches has reduced year over year, indicating cybersecurity in healthcare is improving, but no one is breathing easier.

According to the Office of Civil Rights, healthcare organizations reported 4.5 million healthcare records compromised in 270 breaches in 2017. That is down substantially from the 16.5 million records breached in 2016 and the 113 million records reported breached in 2015.

At the HIMSS 2018 conference that just wrapped up in Las Vegas March 9, the organization released its annual cybersecurity survey of its 70,000 health IT professionals. A huge majority (75.7 percent) of the 239 respondents said they had experienced a recent significant security incident.

Overall the survey showed that healthcare organizations with cybersecurity programs are making progress in conducting regular risk assessments and taking proactive measures. Nevertheless the report concluded that most healthcare organizations’ cybersecurity programs have room for improvement, particularly in the areas of mitigating and remediating security incidents. In addition, more organizations need to develop and deploy formal insider threat management programs.

Of the top three threats named, 37.6 percent of respondents named online scam artists such as phishers, 20.8 percent named negligent insiders and 20.1 percent named hackers.

Email remains by far the most significant security problem as 61.9 percent of respondents identified email as the initial point of compromise. That was followed by a compromised website and malware that tied at a distant second point of initial entry at only 3.2 percent each.

The majority of respondents (40.7%) said that they learned about the most

significant security incident from their internal security team or internal personnel other than the internal security team (27.5%). However, among those who responded, nearly 20% either didn’t know how the organization learned of a breach or learned about it from other sources.

Going forward, 84.3 percent of respondents say more resources are now going to address cybersecurity with 60 percent of respondents saying their organizations have added a senior information security officer, and 45.5 percent said they were performing security risk assessments annually.

Sources: US Department of Health and Human Services Office for Civil Rights Breach Portal, and HIMSS survey report

No comments:

Post a Comment