More than half (60 percent) of healthcare organisations employ a senior executive that oversees cybersecurity, such as a chief information security officer, according to a new report from the Healthcare Information and Management Systems Society (HIMSS).
The 2017 HIMSS Cybersecurity Survey provides insight into what healthcare providers are doing to protect their information and assets, in light of increasing cyberattacks and compromises affecting the healthcare sector. The survey included responses from 126 information security professionals at acute care hospitals, vendors, and payers as well as ambulatory clinics and physician practices.
Survey results show that having a CISO makes a big difference when it comes to overall cybersecurity posture. For example, 95 percent of respondents with a CISO or other senior security leader said their organisation uses the NIST Cybersecurity Framework, compared to just 30 percent among those without senior leadership. Additionally, 88 percent of organisations with a CISO conducted cybersecurity due diligence prior to purchasing new technology, compared to 57 percent of organisations without one.
With regard to staff education, 82 percent of CISO-led organisations support training for staff to increase knowledge on cybersecurity versus 57 percent of organisations without executive leadership. Also, more than twice as many respondents with a CISO were concerned about patient safety related to medical device security.
Interestingly, the HIMSS survey also found that more providers are dedicating a portion of their budget to cybersecurity. Of the 90 respondents that reported their organisation allocated a specific amount of money for cybersecurity, 60 percent said that portion made up more than 3 percent of the organisation’s overall budget.
“This data is encouraging because it shows that many organisations are making security programmes a priority; however, there is room for continued improvement,” according to Rod Piechowski, senior director for health information systems at HIMSS. "Our hope is that the new research will be an important resource for organisations navigating the complex security landscape.”
Image Credit: Pixabay