8 in 10 healthcare organizations lack chief cybersecurity officer
- Too many healthcare organizations are still not making cybersecurity a top priority, making them a prime target for cyber and ransomware attacks, a new Black Book Market Research survey stated.
- Eight in 10 organizations lack a C-suite leader to manage cybersecurity enterprise-wide, and just 11% plan to get a cybersecurity chief in 2018. Only 15% of respondents reported said they currently have a chief information security officer.
- By contrast, 31% of payers claim to have a top-level cybersecurity manager and 44% plan to hire one in the year ahead.
Providers have also been slow to adopt cybersecurity best practices, the survey shows, with more than half (54%) of respondents conceding they don’t routinely conduct risk assessments.
Despite a growing number of cyberattacks on hospitals and health systems, 92% of healthcare leaders said cybersecurity and the threat of a breach is not a major focus with their board of directors. And just a fraction said funds are being budgeted for cybersecurity in 2018.
“Cybersecurity has to be a top-down strategic initiative as it’s far too difficult for IT security teams to achieve their goals without the board leading the charge,” Doug Brown, managing partner of Black Book, said in a release.
This past year saw a number of disruptive cyberattacks on healthcare organizations. The massive WannaCry virus shut down many hospitals in the U.K. and affected businesses in 104 countries worldwide. Another virus, dubbed Defray, specifically targeted healthcare concerns, spreading in a Microsoft word attachment in emails, while an offshoot of WannaCry hit First Health of the Carolinas.
According to research by Accenture and the American Medical Association, released this month, four out of five physicians in the U.S. have experienced a cyberattack. The most frequent form of attack was phishing, experienced by 55% of doctors. Nearly half (48%) said their computers had been hit by a virus.
While Black Book’s study indicates a lack of understanding about the seriousness of cybersecurity threats, a HIMSS survey earlier this year suggests hospitals are beefing up their cybersecurity efforts. In that survey, 71% of healthcare organizations said they budget for cybersecurity and 60% of those said they allotted 3% or more of the overall budget for breach prevention and related activities.