Hospitals, practices differ in cybersecurity preparedness

an open lock

Eighty percent of providers report experiencing a recent “significant security incident,” according to a HIMSS cybersecurity survey, leading more organizations to make security a top business priority.

The respondents cite three primary challenges behind their information security efforts: phishing attacks, virus/malware incidents and proactively addressing the results of a risk assessment.

The poll of 183 healthcare security professionals closely resembles the results from last year, though this new report reveals differences in security preparedness between hospitals and doctor’s offices.

New Whitepaper

CMS Doubles Down on CAHPS and Raises the Bar on Member Experience

A new CMS final rule will double the impact of CAHPS and member experience on a Medicare plan’s overall Star Rating. Learn more and discover how to exceed member expectations and improve Star Ratings in this new whitepaper.

Acute care providers, for instance, were significantly more likely to use tools such as patch and vulnerability management tools, mobile device management and single sign-on. Less than half the organizations in both groups used multifactor authentication and data-loss-prevention tools.

The report’s authors, however, raised alarm about organizations failing to use even basic security protections. Only 84.9 percent (acute) and 90.3 percent (non-acute) of providers use antivirus and anti-malware software. Just 78.2 percent (acute) and 90.3 percent (non-acute) use firewalls.

The survey also found that:

  • 68.1 percent of acute and 48.4 percent of non-acute organizations encrypt data in transit
  • 61.3 percent of acute and 48.4 percent of non-acute providers encrypt data at rest
  • 59.7 percent of acute and 61.3 percent of non-acute providers use audit logs to track each access to patient and financial records

Both groups report they have enhanced security capabilities in the past year, though on a 7-point scale, they ranked their preparedness in the mid-4 range. They cite lack of appropriately trained staff and budget constraints among the reasons they’re not doing more.

To learn more:
- here's the survey report

Suggested Articles

Blue Cross NC is teaming up with prominent providers and companies in the state to manufacture N95 respirators for healthcare workers.

The chief proposals Congress is considering to address surprise bills miss the mark.

Premera Blue Cross will pay $6.9 million to HHS over a data breach six years ago that exposed 10 million people's health information.