While protecting healthcare data remains a huge priority for hospitals, respondents to a new survey say lack of budget and non-compliant employees are two of their biggest challenges to security.
Surprisingly, 12 percent of CIO and IT director respondents say there are no obstacles to securing healthcare data, according to the survey, by research firm peer60.
Most organizations say there are multiple obstacles to securing data. Budget, for instance, is a bigger concern for small facilities.
Among the other findings:
- While some feel that total threat prevention is impossible, security managers and directors are more optimistic about their ability to deal with threats than CIOs
- Hospitals with more than 500 beds are most likely to point to underlying security weaknesses of healthcare IT systems. This was true of security managers and directors more so than execs
- Security managers also cite difficulty in keeping systems updated
- Mobile device management is a priority across the board for the next 12 months
- Intrusion detection is also high on many CIOs' lists, while security managers are prioritizing SIEM (security information and event management) and managed security services
- Other priorities in descending order are data-loss prevention technology, mobile device encryption, network-access control technology, followed by use and behavioral monitoring technology
- Mobile device management is the top priority for the largest hospitals (1,000-plus beds)
In a recent interview with The Wall Street Journal, Mayo Clinic Chief Information Security Officer Jim Nelms called healthcare data the most difficult to keep secure. Nelms had spent the previous 14 years securing financial information at The World Bank.
Yet the cost of a data breach has grown by 23 percent since 2013 to $3.8 million for a company, according to the Ponemon Institute.
Though Anthem carries cyberinsurance that will cover losses of up to $100 million, it might not be enough to cover its costs. That hack impacted close to 80 million current and former customers.
The Community Health Systems breach last year, which exposed 4.5 million patients' data in 29 states, was estimated to cost between $75 million and $150 million.
To learn more:
- download the survey report (registration required)