Lock it down: 11 findings from cybersecurity survey of healthcare execs

The recently published 2017 KPMG/Forbes Insights CyberSecurity Survey outlines the current landscape of cybersecurity and technology. KPMG asked healthcare executives about strategies to ensure patient data remains safe while also highlighting shortcoming in the industry.

The survey of 100 senior executives for insight on protecting data. Top findings include:

  • Data sharing is the number one vulnerability to cybersecurity of 63 percent of respondents, followed by internet-enabled devices not controlled by IT (59 percent) and lack of budget and resources (52 percent).
  • External attackers are twice as threatening to data security as internal ones (72 percent), followed by phishing malware (55 percent) and third-party undetected vulnerability (43 percent).
  • More than half (52 percent) of respondents are relying on cyber insurance to protect their organizations from a cyberattack; 43 percent have not increased the budget for cybersecurity, and 42 percent do not plan on increasing the cybersecurity budget in the nest year.
  • Only 14 percent of healthcare organizations continuously asses their vendors for cybersecurity vulnerabilities, while 28 percent asses monthly and 39 percent quarterly.
  • Two-thirds (66 percent) of payers and 56 percent of providers collaborate a “great deal or fair amount” with medical device manufacturers to improve device security.
  • 71 percent of organizations partake in setting security hardening standard to test the security of their systems, followed by vulnerability scanning (67 percent) and network segmentation (65 percent).
  • 87 percent of organizations can identify a cyber-event, and 59 percent proactively manage risk.
  • 82 percent of respondents are investing in stronger policies and controls for cybersecurity, followed by advanced technology (79 percent) and governance (49 percent).
  • Malware is the most common form of cyber-attack for respondents (72 percent), followed by integral theft (47 percent) and ransomware (32 percent).
  • 60 percent of payers and 34 percent of providers offer cybersecurity training on an annual basis.
  • 55 percent of respondents have seen an employee fall for a phishing scam, and 34 percent have seen theft from a secured database by an internal bad actor.

“Many organizations believe they can address cybersecurity through a focus on technology alone,” said Liam Walsh, with KPMG Advisory. “However, if they are going to pursue an aggressive innovation agenda, it’s equally important to create a pervasive culture of cybersecurity, and that starts with people. Just as the most successful healthcare leaders are weaving innovation into the fabric of their organizations, a cybersecurity mindset must be equally entrenched. Pursuing disruptive innovation without cybersecurity is like tightrope walking without a net.”