Healthcare gets a 'D' on cybersecurity report card

Cyber insurance is no longer optional in hospitality
A new report gives healthcare a "D" grade in network security.

Healthcare security professionals are less confident in their ability to assess security risk than in the past.

That’s part of the reason network security firm Tenable gave the industry an overall “D” grade on its global cybersecurity report card.

In another recent survey of healthcare public relations pros, payer and provider executives said technology catastrophes were their top concern. That's a shift from previous years, when workforce issues, physician satisfaction and medical-legal problems were top of mind.

And credit reporting company Experian has warned of new, more sophisticated data breaches in 2017 as healthcare remains the most targeted sector among cybercriminals. While health insurers were a favored cyberthreat target in recent years, Experian sees criminal interest expanding to other sectors, such as hospitals’ distributed networks, which are harder to secure than centralized systems.

RELATED: Google DeepMind, NHS partnership sparks privacy fears

It's not all bad news: Among the healthcare industries' strengths, the Tenable report card gave the healthcare industry some passing grades, including:

  • Conveying risks to executives and board members (B-)
  • Measuring security effectiveness (B-)
  • Viewing network risks continuously (B-)

But healthcare got a failing grade in several areas, including:

  • Assessing DevOps environments (F)
  • Assessing containerization platforms (F)
  • Assessing mobile devices (F)

Emerging technologies are a weak point not only in healthcare but across all industries, according to Tenable. Worldwide, respondents ranked risk assessment for cloud and mobile among the biggest current enterprise security weaknesses, for example.

RELATED: Development budgets can't keep up with mobile app growth

“A notable concern includes failing grades in risk assessment scores for containerization platforms (52%), DevOps environments (57%) and mobile devices (57%),” the report notes.

“This can be explained, in part, by the accelerated adoption of cloud and mobile computing, combined with the emergence of DevOps and containers that increase the complexity and decentralization of enterprise IT. Together, these advances make it more difficult for security teams to see everything on their networks and accurately assess cyber risks.”

RELATED: Big data quality, privacy solutions lacking

For the 2017 report, Tenable surveyed 700 security professionals, assigning indices and grades based by country and industry. The data reflects an overall decline in perceptions of global cyber readiness, fueled by a pronounced inability to assess and mitigate cyber risks across the evolving IT landscape

Collectively, participants scored just 61% on the risk-assessment index, a drop of 12% from 2016, and 79% on the Security Assurance Index, which remains unchanged. The average overall score, 70%, represents a 6% decline from last year.

Industry experts have also warned about quality, privacy and security problems in "big bad data.” Doug Given, director of consulting firm Health2047, said there "is a real issue around quality.”