The 2017 HIMSS Cybersecurity Survey indicates healthcare organizations are prepared for cyberattacks and data breaches more than ever before, and certainly much more than expected.
The survey was conducted to find out how healthcare organizations are protecting their information and assets from cyber attacks. 60% of respondents said they had a senior information security leader such as a CISO within the company. The survey also found that 71% of organizations who were surveyed already allocate funds towards cybersecurity in their budgets, and 80% of IT leads within those organizations said that they have a dedicated cybersecurity team.
60% of organizations with specific cybersecurity budgets allocate 3% or more of their overall budget, and 75% of these organizations said that insider threat management programs are emplace. In addition, 85% conduct a risk assessment yearly or even more frequently, and 75% conduct penetrations testing regularly. It is clear that healthcare is heavily supporting and prioritizing the cybersecurity strength of its organizations.
Why such high numbers?
In may, the United Kingdom's National Health Service was attacked by WannaCry, forcing scheduled operations and other appointments to be cancelled. IT systems were shut down and some healthcare entities even had to turn patients away. In June, Merck, Nuance Communications, and Heritage Valley Health System were crippled by a global ransomware attack. It is clear that the healthcare industry is a target for cyber attacks worldwide, and it's not just the smaller healthcare organizations that are vulnerable - attacks are aimed at big fish.
“Quality, stress-tested cybersecurity programs are imperative to protecting provider organizations and the patients they care for,” Rod Piechowski, senior director of health information systems for HIMSS, said. “This data is encouraging because it shows that many organizations are making security programs a priority; however, there is room for continued improvement. Our hope is that the new research will be an important resource for organizations navigating the complex security landscape.”
What can healthcare organizations do?
More and more healthcare organizations are adopting the NIST Cybersecurity Framework. It is imperative to test, manage, and mitigate your cyber posture internally in order to understand your vulnerabilities and know where to allocate resources for the highest impact on cyber strength. Prioritize your cybersecurity budget and team as so many of these healthcare organizations have already done. In addition, you should be keeping track of cyber attacks and how to eradicate your vulnerabilities. Reach out to firstname.lastname@example.org to access all these capabilities on one platform, or view resources on steps to take to strengthen your cyber posture.