Cybersecurity remains a priority for provider organizations

As cyberthreats in healthcare continue to grow, security remains a top priority for provider organizations, according to a new report published by IDC Health Insights.

Close to 60 percent of 100 healthcare industry respondents (59.6 percent) to a survey conducted in conjunction with the report said that spending levels for cybersecurity have increased over the last three years; 38.3 percent said that such spending has stayed the same.

Thirty-nine percent of respondents indicated that they had experienced more than 10 cyberattacks over the last 12 months, with 27 percent of those attacks dubbed "successful."

"Today's healthcare organizations are at a greater risk of a cyberattack than ever before, in part because electronic health information is more widely available today than in the nearly 20 years since the Health Insurance Portability and Accountability Act was passed in 1996," IDC Health Insights Research Vice President Lynne Dunbrack said in a statement. "For healthcare organizations, it's not a matter of whether they are going to be attacked, but when."

Earlier this month, the National Institute of Standards and Technology released a draft guidance on sharing cyberattack information; according to NIST, by sharing such information, organizations in healthcare and other industries can "gain valuable insights about their adversaries."

In October, it was reported that medical devices and hospital equipment are under investigation by the U.S. Department of Homeland Security because of suspected cybersecurity flaws that could allow such tools to be hacked.

A report published last May by security rating firm BitSight Technology determined that health IT security lags behind other industries, including retail, finance and utilities. According to the report, the healthcare industry experienced the largest growth in security incidents of the four industries during the study period--April 1, 2013, through March 31, 2014--but also boasted the slowest response time.

The report echoes a SANS Institute finding that compliance does not equal security. That report found that networks and Internet-connected devices of healthcare organizations are being compromised at an "alarming" frequency.

To learn more:
- purchase the IDC report
- read the accompanying announcement