Healthcare leaders crown employee cybersecurity awareness as primary threat concern
- Nearly 80% of healthcare leaders say employee awareness is their greatest security threat concern, despite 85% maintaining they have existing employee security awareness programs, according to a new survey.
- The survey of 125 health IT executives — conducted by HIMSS Analytics for Level 3 Communications — found that one third are highly concerned that their organization will experience a security breach this year.
- Ninety-nine percent of respondents ranked EHR systems as having the greatest significance for network uptime, followed by hospital interface systems ( 51%), remote patient monitoring (39%), communications (37%) and PACS storage (36%).
Most organizations use a variety of methods to mitigate cybersecurity risks, the survey reveals. Eighty-seven percent employ remote access/secure access controls, 85% use employee security awareness tactics and 75% utilize security counseling services like vulnerability assessments and penetration testing.
“The security threats the healthcare industry is facing are real and they’re only increasing in volume and sophistication as bad actors continue to seek out coveted protected health information,” Chris Richter, senior vice president of global security services at Level 3, said in a statement. “Aside from fostering and maintaining a culture of security, which includes regular employee security training, healthcare organizations should implement a security governance framework and appropriate technology controls. These include threat intelligence, DDoS mitigation and next generation firewalling and sandboxing — all critical next steps for healthcare providers to secure their networks.”
And employee privacy and security missteps can be costly. In February, Memorial Healthcare Systems paid HHS $5.5 million to settle potential HIPAA violations after employees gained unauthorized access to 115,143 patients’ protected health information and disclosed them to affiliated physician office staff. The settlement and other recent ones like it underscore HHS’ determination to enforce HIPAA violations and providers and health systems need to find ways to prevent future breaches.
About 80% of health executives in a recent Thales survey said their organizations plan to step up security spending in 2017. Compliance was the main driver for security spending in the U.S., with 57% of respondents, while data breaches (39%) and protecting reputation and brand (39%) led global concerns.