Health systems lack proper Web security solutions, survey finds

Hospitals today better understand the Web security risks they face, but how to tackle those issues is less clear, according to a survey conducted by HIMSS Analytics in partnership with Akamai.

Many organizations are underprotecting their systems, according to the survey's authors. For example, one traditional line of defense is ensuring that a firewall is in place to protect an organization's data center; however, 39 percent of respondents said they don't have one installed. In addition, 23 percent said they have no Web security systems in place at all.

Respondents to the survey included 94 healthcare IT executives, including CIOs, CISOs, IT directors and more.

The survey also found that only 42 percent of those organizations have distributed-denial-of-service (DDoS) protection solutions in place; only another 13.2 percent are looking to implement that protection. And when it comes to cloud Web application firewall solutions, only 21 percent said their systems have such protection. 

One system found out first-hand last year what could happen without a DDoS system in place. At Boston Children's Hospital, a DDoS attack tested the facility's security; the hacktivist group Anonymous was suspected of launching the attacks, FierceHealthIT previously reported.

However, healthcare systems responding to the survey said they are "adequately protected against Web application attacks," with 61 percent of respondents agreeing with that statement.

"Overall, the survey indicates a troubling reality relating to cybersecurity in healthcare: Since Web-based attack methods become more pervasive as the healthcare industry becomes more connected, healthcare organizations need to increase their sense of urgency and their investment in implementing fundamental Web security solutions," the report's authors said.

The kinds of threats healthcare systems face are growing. In addition to Web security, device security is another problem to tackle--Forrester Research predicts ransomware will come to medical devices or wearables in 2016.

To learn more:
- here's the survey (.pdf)