The last year has seen its fair share of high profile breaches as a result of cyber-attacks across several healthcare organizations that have impacted literally millions of individuals, causing much alarm throughout the healthcare industry. These massive breaches, however, are not limited to just the healthcare industry (e.g. The SONY attack), in fact, cyber-attack is a problem that targets all types of industries.
HIMSS Cyber Security Survey (2015)
Recently, 297 individuals completed the 2015 HIMSS Cyber Security Survey to help gauge both awareness and readiness in relation to the ever growing incidents of security breach and cyber-attack that is regularly observed today. Each of the respondents had at least some level of responsibility for information security within their organizations and reported that:
In addition, respondents also indicated that they’ve improved security in the following areas:
However, despite the protective technologies implemented within healthcare organizations, respondents still reported that their confidence in their organization’s ability to protect data was about average. Where respondents held the most confidence was in their organization’s ability to defend against brute force attacks, however, confidence in their organization’s ability to protect against a zero-day attack ranked the lowest. Two thirds of respondents indicated that their healthcare organization had experienced at least one significant security incident in the past.
Healthcare organizations must operate from a perspective which presumes their perimeter has already been breached…
The majority of respondents reported that they felt that today’s security tools are not going to be able to sufficiently protect the industry against the wide range of security threats that their organizations are expecting to face in the future. In addition, they indicated that healthcare organizations should operate from a perspective which presumes their organizations perimeter has already been breached, in fact more that 50% agreed that cross-sector cyber threat information sharing is beneficial to their organization. They also revealed that they were most likely to be concerned about negligent insiders, phishing attacks, and advanced persistent attacks.
Additional key survey results indicated the following:
Respondents also said that their top motivators for improving information security environments stemmed from results of risk assessments, as well as concerns about phishing attacks, and malware/viruses.
Respondents reported a high degree of concern in regard to insider threat factors
More than half of respondents reported that external organizations were called in to investigate their security incidents, while the other half reported that security incidents were addressed solely through an internal investigation. Most of the respondents blamed lack of staffing and financial resources as key security barriers within their organization, while 42% indicated that there were just too many new and emerging threats to keep track of.
If you’re having trouble keeping on top of emerging threats and staying ahead of evolving regulation requirements, you need to work with an experienced team of IT professionals who know what they’re doing. Otherwise, you’re spending more time stressing about protecting confidential data than you’re spending focused on the health of your patients.
24uNet knows healthcare organizations are under a lot of pressure to stay safe against cybercrime, which is why we:
Start maintaining compliance and focusing on the health of your patients. 24uNet is here to help. Call (303) 468 or email us at -5515sales@24uNet.com to find out more about our managed IT services for healthcare organizations in Denver.