Health Information Management

HIMSS survey shows progress on cybersecurity, but healthcare orgs still unprepared for cyber hacks

HIM-HIPAA Insider, July 6, 2015

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

by John Castelluccio, Editor

The healthcare industry is increasingly making cybersecurity a top priority and devoting more resources to protect IT infrastructure and data, but even so, healthcare organizations still don’t express much confidence in their ability to fend off damaging cyber-attacks, according to a recent survey of healthcare leaders and information security officers.

Approximately 300 people across the industry participated in the 2015 Healthcare Information and Management Systems Society (HIMSS) Cybersecurity Survey, which was released on June 30 at the HIMSS Privacy and Security Forum in Chicago.

Most (87%) of the respondents said cybersecurity was an increased business priority over the past year, and about 50% said their organizations improved network security, endpoint protection, data loss prevention, disaster recovery, and IT continuity.

More than half (57%) said they have a full-time employee now to address information security, but still most respondents expressed only an average level of confidence in their organization’s ability to defend against cyber-attacks and data breaches.

Eighty-one percent of those surveyed agreed more innovative and advanced security tools must be developed to protect against future threats and vulnerabilities—42% said there are too many emerging and new threats to track. Two-thirds (68%) reported experiencing a recent security incident, and 64% of those said it was an external attack.

“The recent breaches in the healthcare industry have been a wake-up call that patient and other data are valuable targets and healthcare organizations need a laser focus on cybersecurity threats,” said Lisa Gallagher, vice president of technology solutions at HIMSS, in a press release.

“Healthcare organizations need to rapidly adjust their strategies to defend against cyber-attacks,” she said. “This means incorporating threat data, and implementing new tools and sophisticated analysis into their security process.”

In terms of current tools to secure data, more than 80% of respondents reported using anti-virus and malware software, firewalls, and data encryption for both data at rest and in transit. Sixty-four percent said they use audit logs of access to data and 61% reported using patch and vulnerability management.

Those surveyed were also asked whether they were prepared for four types of attacks: brute force, denial of service, phishing, and software exploits. Only 30–35% of respondents answered in the affirmative for each one.

The overall survey results mirror other recent industry reviews, such as the Ponemon Institute’s 2015 study on healthcare privacy and security.

More details on the 2015 cybersecurity survey are available at the HIMSS website.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular