Dive Brief:
- Healthcare organizations are seriously stepping up their cybersecurity programs, the 2017 HIMSS Cybersecurity Survey shows.
- Of the 126 IT leaders surveyed, 71% said their organization budgets for cybersecurity and 60% of those said the allotment is 3% or more of the overall budget.
- The findings, released Wednesday, suggest that recent breaches and ransomware attacks — like the massive WannaCry attack that took place in May — are driving home the need for cybersecurity preparedness at hospitals and health systems.
Dive Insight:
Eight in 10 respondents said their organization has a dedicated cybersecurity staff and six in 10 said their organization employs a chief information security officer or other senior-level security leader. Three-quarters of respondents also reported having some type of insider threat management program.
Organizations aren't just ramping up awareness of cyber risks; they’re also checking for vulnerabilities and testing their response capabilities. More than eight in 10 IT leaders (85%) said they perform at least one risk assessment a year and 75% said they do regular penetration testing.
“This data is encouraging because it shows that many organizations are making security programs a priority,” Rob Piechowski, senior director of health information systems at HIMSS, said in a statement.
Healthcare organizations have been a prime target for cyber criminals in recent years because of the wealth of personal data they possess in their systems. In June, an HHS task force urged the government to do more to help organizations address the problem, saying healthcare cybersecurity is in “critical condition.” That echoed a Tenable Network Security report from December that gave the healthcare industry a “D” for cybersecurity performance.
WannaCry affected organizations in 104 countries, including 40 hospitals in the United Kingdom, which were forced to suspend normal services and accept only emergency patients. The malware enters computers via phishing emails and encrypts files, releasing them only after the victim pays a ransom in bitcoin.
The HIMSS survey reflects what other recent studies have found. According to a Thales survey released earlier this year, 80% of U.S. healthcare organizations and 76% globally plan to up their data security spending in 2017.