Security awareness and culture, or the lack thereof, is overall the greatest concern of nearly 8 in 10 U.S. healthcare industry executives and healthcare IT professionals when it comes to healthcare organizations’ exposure to IT security threats, according to a new healthcare IT security survey conducted by HIMSS Analytics for Level 3 Communications. Nearly half ranked it at the top of their list of concerns.
More than half the respondents said their network providers are “highly involved” in their healthcare organizations’ network and IT security strategy and investments. More than three-quarters indicated network providers should be.
“While the research uncovered only a ‘modest’ concern around the prospect of a security breach within hospital organizations over the next 12 months, providers are looking for closer partnerships with their network providers,” highlighted Bryan Fiekers, HIMSS senior director, Research Services.
“My interpretation of the findings is that healthcare organizations must remain vigilant against cyber security threats and leverage all of their resources effectively to ensure every individual knows their role. Security cannot become an out-of-sight, out-of-mind problem.”
When it comes to factors that serve as barriers to carrying out comprehensive security programs, slightly more of the 125 U.S. healthcare industry professionals who participated in the survey identified other competing organizational priorities as a greater barrier overall than budgets.
Healthcare IT Security Survey
Highlighting the extent and degree to which U.S. healthcare organizations are taking steps to protect patient and organizational data, nearly 9 in 10 organizations represented (87%) reportedly make use of remote access/secure access control.
Nearly as many (84%) have internal security awareness programs. More than half reportedly have instituted practices to mitigate threats such as DDoS (Distributed Denial of Service) (56%) and threat intelligence (55%).
Looking ahead, respondents identified next-generation firewall techniques as the most likely to be employed within the next year. Looking out two years, they identified cyber threat intelligence (CTI) as the most likely to be employed.
Turning to U.S. healthcare organizations’ network and IT environments, 95 percent of respondents said electronic health record (EHR) systems have the greatest importance in terms of network uptime. Hospital interface systems (51%), remote monitoring of patients (39%), communications systems (37%) and PACS storage (36%) followed.
Summing up: “The security threats the healthcare industry is facing are real and they’re only increasing in volume and sophistication as bad actors continue to seek out coveted protected health information,” stated Chris Ricther, Level 3 Global SVP for Security Services.
“Aside from fostering and maintaining a culture of security, which includes regular employee security training, healthcare organizations should implement a security governance framework and appropriate technology controls. These include threat intelligence, DDoS mitigation and next generation firewalling and sandboxing – all critical next steps for healthcare providers to secure their networks.”