Hospitals, practices differ in cybersecurity preparedness

an open lock

Eighty percent of providers report experiencing a recent “significant security incident,” according to a HIMSS cybersecurity survey, leading more organizations to make security a top business priority.

The respondents cite three primary challenges behind their information security efforts: phishing attacks, virus/malware incidents and proactively addressing the results of a risk assessment.

The poll of 183 healthcare security professionals closely resembles the results from last year, though this new report reveals differences in security preparedness between hospitals and doctor’s offices.

Acute care providers, for instance, were significantly more likely to use tools such as patch and vulnerability management tools, mobile device management and single sign-on. Less than half the organizations in both groups used multifactor authentication and data-loss-prevention tools.

The report’s authors, however, raised alarm about organizations failing to use even basic security protections. Only 84.9 percent (acute) and 90.3 percent (non-acute) of providers use antivirus and anti-malware software. Just 78.2 percent (acute) and 90.3 percent (non-acute) use firewalls.

The survey also found that:

  • 68.1 percent of acute and 48.4 percent of non-acute organizations encrypt data in transit
  • 61.3 percent of acute and 48.4 percent of non-acute providers encrypt data at rest
  • 59.7 percent of acute and 61.3 percent of non-acute providers use audit logs to track each access to patient and financial records

Both groups report they have enhanced security capabilities in the past year, though on a 7-point scale, they ranked their preparedness in the mid-4 range. They cite lack of appropriately trained staff and budget constraints among the reasons they’re not doing more.

To learn more:
- here's the survey report