Healthcare sector increasingly under attack
Rod Piechowski, senior director, health information systems, HIMSS, stresses the increasing impact from malware attacks such as Wannacry and Petya/non-Petya. “As it was last year, attackers continue to target the healthcare sector. Quality, stress-tested cybersecurity programs are imperative to protecting provider organizations and the patients they care for.”In this respect the conclusions in the cyber security report are encouraging because it shows that many organizations are making security programs a priority; however, there is room for continued improvement. Our hope is that the new research will be an important resource for organizations navigating the complex security landscape.”
Some key findings from the 2017 report are:
- 60 percent of respondents indicated their organizations employ a senior information security leader, such as a Chief Information Security Officer (CISO).
- Organizations with a CISO or other senior security leader tend to adopt holistic cybersecurity practices and perspectives in critical areas, including procurement, education/training and adoption of the NIST Cybersecurity Framework.
- Of the 71 percent of respondents whose organizations allocate a specific part of their budget toward cybersecurity, 60 percent allocate 3 percent or more of the overall budget.
- 75 percent of respondents indicate that they have some type of insider threat management program at their organization.
- 85 percent state that they conduct a risk assessment at least once a year.
- 75 percent regularly conduct penetration testing.
- Security professionals are focusing on medical device security, with patient safety, data breaches and malware as the top three concerns, respectively.
More holistic view on cyber security
The 2017 HIMSS Cybersecurity Survey promises insight into what healthcare organizations are doing to protect their information and assets, in light of increasing cyber-attacks and compromises affecting the healthcare sector. The 2017 report focuses on the responses from 126 IT leaders who report having some responsibility for information security in a U.S.-based healthcare provider organization, such as a hospital or long-term care facility.“For this year’s report, we decided to take a holistic look at what healthcare organizations across the sector are doing to enhance their security programs and assess why and how healthcare cybersecurity is unique,” says Lee Kim, director of privacy and security at HIMSS. “The report provides industry context and an in-depth analysis of the meaning and relevance of the survey results.”