Doctors have less confidence in their organizations' ability to thwart cyberattacks than that of hospital administrators and IT leaders, according to a recent survey.
The survey, by MedData Group of Topsfield, Massachusetts, includes 272 responses, though it doesn't break down the numbers by role.
However, it found 21 percent of doctors rated their clinics' cybersecurity systems as below average, as compared to only 8 percent of administrators and IT workers. Doctors were also less likely than execs and IT pros to rate their systems as average, above average and excellent.
Almost three-quarters of administrators cited email and messaging systems as their top weaknesses, while only half of doctors agreed. The report also list electronic health records, mobile devices and patient portals among the systems vulnerable to attack.
Twice as many physicians at large practices (16+ members) rated their organizations as above average in countering cybersecurity, compared with physicians at small practices (1-10 members).
Top three cybersecurity risks cited by all three groups were malicious outsiders (68 percent); compromised applications (65 percent); and application, systems or network failures (40 percent).
Overall, 83 percent of physicians and hospital professionals believe that the top driver for securing sensitive data is the need to comply with standards and regulatory requirements.
Chris Ewell, CISO of Seattle Children's Hospital, however, warns that focusing on compliance in any security program is getting it backward.
"I do not have or will ever have a goal of saying I'm going to improve regulatory compliance," he told Healthcare Info Security in an interview. "I'm going to improve our maturity of information security controls and then, out of that improvement of those controls ... will come much better regulatory compliance."
Providers should also pay attention to the danger of insider threats, warns West Virginia United Health's Mark Combs.
And healthcare is near the bottom of the pack in a report from Veracode on reducing application security risks and remediation.
To learn more:
- check out the survey report