The healthcare sector may be turning a corner on how it views cybersecurity, according to new research. Here’s how it’s prioritizing data protection — and which areas still have it worried.
A new report from the Healthcare Information and Management Systems Society (HIMSS) says more and more hospitals are taking cybersecurity as a significant necessity for protecting patient data. It found that 60% of the 126 IT leaders surveyed currently have an infosec leader (CISO or related).
Even more encouraging, 75% have insider threat management programs in place, 75% regularly run penetration testing, and 85% conduct risk assessments at least once a year.
Where more work needs to be done: spending. Though 71% of respondents said their organization dedicates financial resources to cybersecurity, more than half listed it as only 3% of the total budget.
Other respondent concerns:
- Cloud security – including over ownership of data (53%), lack of cybersecurity (53%), and lack of transparency (42%)
- Medical device security – thanks to the Internet of Things, many devices are Bluetooth-enabled, intertwining device security and patient safety, and
- Due diligence – 88% of healthcare organizations with IT leaders and 57% of those without are focusing on cybersecurity before buying or implementing tech products and services.