Search
Close this search box.
Search

HIMSS dives deeper into focus areas for cyber security

The need for penetration testing, concerns about cloud security and the vulnerability of medical devices are high on the list when it comes to cyber security in healthcare. The growing concern but also the improved focus on cyber security show that healthcare organizations are on the right way when it comes to protecting their digital assets, HIMSS concludes.

The recently published 2017 HIMSS Cybersecurity Survey resulted in many positive findings about healthcare cybersecurity. According to the survey, healthcare organizations are taking steps to enhance their cybersecurity programs to a greater degree than anticipated.

A majority of organizations measured (71 percent) allocate specific budget toward cybersecurity. Additionally, 80 percent of IT leaders measured indicated their organization now employs dedicated cybersecurity staff. The conclusions in the cyber security report are encouraging, HIMSS writes, because it shows that many organizations are making security programs a priority.

Healthcare responding to challenging threat landscape

Healthcare organizations are facing a new reality of a very challenging cyber threat landscape. However, the respondents who responded to the 2017 HIMSS Cybersecurity Survey are indicating that they are taking proactive steps to stay ahead of the threats. With concerns such as significant data breaches and potential harm to patients, it is no doubt that healthcare cybersecurity will continue to be a hot topic for the foreseeable future.

Diving deeper into the survey, HIMSS focusses on some key areas where security has been improved: the need for penetration testing; top of mind concerns regarding cloud security and medical device security; frequent failure testing and due dilligence of technological assets.

Penetration testing essential

Penetration testing is often outsourced to third parties. Getting penetration testing done is not necessarily an inexpensive endeavor. Nonetheless, about 75% of our respondents are regularly conducting penetration testing. Penetration testing is a good way to test one’s cybersecurity defenses, incident response plans, awareness training, policies and procedures. Penetration test reports can hold significant value, as it will explain what gaps or deficiencies may exist and how to remedy them.

Cloud security concerns top of mind

Information security professionals at acute care providers are concerned about cloud security. Specifically, points of concern include ownership of data (53%), lack of cybersecurity (53%), insider threat (41%), lack of transparency (42%), and lack of geographical restrictions (44%).

These concerns include questions such as: Where will my data be? Will my data go outside of the borders of the United States? Will I be able to get my data back once the contract is over? Who has access to my data at the cloud provider? While more healthcare providers may be turning to cloud solutions, there are a number of concerns that must be addressed.

Medical device security top concern

Both acute care and non-acute care providers are concerned about medical device security. However, patient safety is at the top of the list as it pertains to acute providers, according to 32% of respondents at healthcare organizations with chief information security officers or other senior leaders. Many acute providers have life-sustaining or life-saving medical devices. Considering that many of these are Bluetooth-enabled connected devices, medical device security and patient safety are very much intertwined—so much so that a potential compromise on a medical device may lead to an adverse event.

Frequent testing for failure of technological resources

Business continuity and disaster recovery have traditionally been weak points in healthcare cybersecurity. On a positive note, 59% percent of organizations with chief information security officers or other senior IT security leaders and 40% of organizations without such senior leaders are testing for failure of technology resources for business continuity and disaster recovery purposes. As our weather patterns get more extreme and as ransomware and denial of service attacks are on the rise, providers of all types are realizing that we need to be prepared.

Frequent cybersecurity due diligence of technology products and services

Many healthcare organizations are aware that buying technology products or services off the shelf can be a dangerous proposition. Indeed, such products or services may be implanted with malware and/or they may have significant vulnerabilities off the shelf.

Thus, an overwhelming 88% of healthcare organizations with chief information security officers or other IT security leaders and 57% percent of healthcare organizations without such leaders are ensuring that cybersecurity due diligence is done during the pre-acquisition stage – that is, prior to the implementation of the technology product and/or service at the organization.

Whixx

ICT&health World Conference 2024

Experience the future of healthcare at the ICT&health World Conference from May 14th to 16th, 2024!
Secure your ticket now and immerse yourself in groundbreaking technologies and innovative solutions.
Engage with fellow experts and explore the power of global collaborations.

Share this article!

Read also
Balancing regulatory compliance with seamless adoption, healthcare navigates the integration of AI solutions.
A guide to implementing AI in healthcare amid the EU AI Act
AmyWebb-Stephen-Olker
Futurist Amy Webb claims that wearables will evolve into "connectables"
Digital health solutions empower patients to better manage their health and integrate care into their daily lives.
How to improve Digital Patient Engagement to streamline workflows
For people with diabetes, inaccurate blood glucose measurements can lead to errors in diabetes management, including taking the wrong dose of insulin, sulfonylureas, or other medications that can rapidly lower blood glucose.
Smartwatches measuring glucose level: Harmful but easy to buy fake innovations
How to introduce innovation and AI in healthcare organizations if there is no business model for prevention and quality – Our interview with Professor Ran Balicer, the Chief Innovation Officer at Clalit Health Services and founding Director of Clalit Research Institute.
I see no legitimate rationale for delaying the digital transformation in healthcare
Pioneering Cardiac Arrest Detection for Enhanced Survival.
CardioWatch Revolutionizes Cardiac Arrest Detection
Dr. Oscar Díaz-Cambronero, Head of Perioperative Medicine Department at La Fe Hospital, spearheads innovative telemonitoring initiatives revolutionizing patient care
Smartwatches Saving Lives Inside and Outside the Hospital
EIT 2024
EIT Awards 2024. Two European startups are revolutionizing the treatment of cardiovascular diseases
Bertrand Piccard, Swiss explorer and founder of the Solar Impulse Foundation
EIT Summit 2024. What are the trigger points that drive or inhibit innovation?
MMC pioneers wireless monitoring for premature infants with the innovative Bambi Belt, revolutionizing care with improved comfort and mobility.
Wireless Monitoring of Vital Signs in Premature Infants at Máxima MC
Follow us