Hospitals, practices differ in cybersecurity preparedness

an open lock

Eighty percent of providers report experiencing a recent “significant security incident,” according to a HIMSS cybersecurity survey, leading more organizations to make security a top business priority.

The respondents cite three primary challenges behind their information security efforts: phishing attacks, virus/malware incidents and proactively addressing the results of a risk assessment.

The poll of 183 healthcare security professionals closely resembles the results from last year, though this new report reveals differences in security preparedness between hospitals and doctor’s offices.

Free Daily Newsletter

Like this story? Subscribe to FierceHealthcare!

The healthcare sector remains in flux as policy, regulation, technology and trends shape the market. FierceHealthcare subscribers rely on our suite of newsletters as their must-read source for the latest news, analysis and data impacting their world. Sign up today to get healthcare news and updates delivered to your inbox and read on the go.

Acute care providers, for instance, were significantly more likely to use tools such as patch and vulnerability management tools, mobile device management and single sign-on. Less than half the organizations in both groups used multifactor authentication and data-loss-prevention tools.

The report’s authors, however, raised alarm about organizations failing to use even basic security protections. Only 84.9 percent (acute) and 90.3 percent (non-acute) of providers use antivirus and anti-malware software. Just 78.2 percent (acute) and 90.3 percent (non-acute) use firewalls.

The survey also found that:

  • 68.1 percent of acute and 48.4 percent of non-acute organizations encrypt data in transit
  • 61.3 percent of acute and 48.4 percent of non-acute providers encrypt data at rest
  • 59.7 percent of acute and 61.3 percent of non-acute providers use audit logs to track each access to patient and financial records

Both groups report they have enhanced security capabilities in the past year, though on a 7-point scale, they ranked their preparedness in the mid-4 range. They cite lack of appropriately trained staff and budget constraints among the reasons they’re not doing more.

To learn more:
- here's the survey report

Suggested Articles

Ochsner Health System is partnering with Color to launch a population health pilot program to integrate genetic information into preventive care.

Health IT company Cerner announced a definitive agreement to acquire IT consulting and engineering firm AbleVets as a wholly owned subsidiary.

Tech giant Google has tapped former Obama administration healthcare official Karen DeSalvo as its first chief health officer.