Cybersecurity remains a priority for provider organizations

As cyberthreats in healthcare continue to grow, security remains a top priority for provider organizations, according to a new report published by IDC Health Insights.

Close to 60 percent of 100 healthcare industry respondents (59.6 percent) to a survey conducted in conjunction with the report said that spending levels for cybersecurity have increased over the last three years; 38.3 percent said that such spending has stayed the same.

Thirty-nine percent of respondents indicated that they had experienced more than 10 cyberattacks over the last 12 months, with 27 percent of those attacks dubbed "successful."

"Today's healthcare organizations are at a greater risk of a cyberattack than ever before, in part because electronic health information is more widely available today than in the nearly 20 years since the Health Insurance Portability and Accountability Act was passed in 1996," IDC Health Insights Research Vice President Lynne Dunbrack said in a statement. "For healthcare organizations, it's not a matter of whether they are going to be attacked, but when."

Earlier this month, the National Institute of Standards and Technology released a draft guidance on sharing cyberattack information; according to NIST, by sharing such information, organizations in healthcare and other industries can "gain valuable insights about their adversaries."

In October, it was reported that medical devices and hospital equipment are under investigation by the U.S. Department of Homeland Security because of suspected cybersecurity flaws that could allow such tools to be hacked.

A report published last May by security rating firm BitSight Technology determined that health IT security lags behind other industries, including retail, finance and utilities. According to the report, the healthcare industry experienced the largest growth in security incidents of the four industries during the study period--April 1, 2013, through March 31, 2014--but also boasted the slowest response time.

The report echoes a SANS Institute finding that compliance does not equal security. That report found that networks and Internet-connected devices of healthcare organizations are being compromised at an "alarming" frequency.

To learn more:
- purchase the IDC report
- read the accompanying announcement

Suggested Articles

An assessment looking at 12 health systems that allow patients to download their health records to their smartphones via APIs finds modest uptake.

The National Institutes of Health-led All of Us precision medicine project has enrolled 230,000 participants with another 40,000 people registered.

Hospitals must pursue a deliberate strategy for managing their public image—and a powerful tool for doing so is inpatient clinical data registries.