Healthcare organizations are increasingly prioritizing cybersecurity, according to a recent survey released by the Healthcare Information and Management Systems Society (HIMSS) at this week's Privacy and Security Forum in Chicago.
In the 2015 Cybersecurity Survey, which queried 297 healthcare leaders and information security officers, 87% of respondents said that cybersecurity has become a more important business priority over the past year. Two-thirds indicated that their organizations had recently experienced a significant security incident, according to HIMSS.
At least half of the respondents said they had made improvements to network security, end-point protection, data loss prevention, disaster recovery, and IT continuity. However, most respondents only had an average level of confidence in their organizations' ability to protect their IT infrastructure and data, according to the society.
Other results included the following:
- Respondents employ an average of 11 technologies to secure their environment.
- More than half of respondents hired full-time personnel to manage information security.
- 42% of respondents said there are too many emerging and new security threats to track.
- More than 50% of information security threats are identified by internal security teams.
- 59% of respondents believe there's a need for cross-sector cyberthreat information sharing.
- 62% of security incidents have resulted in limited disruption of IT systems with a limited effect on clinical care and IT operations; 21% led to a loss of patient, financial, and organizational data; 8% inflicted significant disruption of IT systems; and 8% damaged IT systems.
- 64% of respondents felt that a lack of appropriate cybersecurity personnel is a barrier to mitigating cybersecurity events.
- 69% of respondents said that phishing attacks are a motivator for improving the information security environment.
- 80% of those surveyed use network monitoring to detect and investigate information security incidents.