HIMSS: 7 points showing healthcare cybersecurity is improving

Facing an increasing amount of cyberattacks, healthcare organizations are building up their cybersecurity programs, according to the 2017 HIMSS Cybersecurity Survey. After speaking with 126 health information technology leaders, researchers outlined current security measures to show points of improvement and explore how the industry can prevent future attacks.

“As it was last year, attackers continue to target the healthcare sector,” said Rod Piechowski, senior director of health information systems for HIMSS. “Quality, stress-tested cybersecurity programs are imperative to protecting provider organizations and the patients they care for. This data is encouraging because it shows that many organizations are making security programs a priority; however, there is room for continued improvement. Our hope is that the new research will be an important resource for organizations navigating the complex security landscape.”

Survey findings included:

  • 71 percent of organizations have allocated a budget toward cybersecurity; 60 percent of those allocated 3 percent or more of the overall budget.
  • 80 percent of IT leaders reported their organizations employed staff specifically for cybersecurity.
  • 60 percent of respondents reported their organizations employed a senior information security leader, such as a Chief Information Security Officer (CISO).
  • Organizations with a CISO tended to adopt more cybersecurity practices in critical areas like education and training.
  • 75 percent of respondents reported they have some type of insider threat management program in their organizations.
  • 85 percent reported they conduct a risk assessment at least once a year.
  • 75 percent conduct penetration testing regularly.

“For this year’s report, we decided to take a holistic look at what healthcare organizations across the sector are doing to enhance their security programs and assess why and how healthcare cybersecurity is unique,” said Lee Kim, director of privacy and security at HIMSS. “The report provides industry context and an in-depth analysis of the meaning and relevance of the survey results.”