The survey was conducted to measure the challenges facing healthcare organisations of all sizes and the security awareness and expectations of their employees. Survey takers consisted of 198 technical respondents and 200 non-technical respondents.
Survey results show that 91 percent of technical respondents believe criminals are increasingly targeting healthcare organisations, compared to 77 percent of non-technical respondents who believe similarly. In addition, 74 percent of technical respondents are concerned about their organisation getting breached, compared to 51 percent of non-technical respondents.
Notably, technical respondents (35 percent) reported that their company does not have enough staff and security expertise dedicated to security. More than a third (34 percent) of technical respondents also say their business performs vulnerability testing just once a year.
Data show that the size of the global electronic healthcare record (EHR) system will grow at an annual rate of 5.5 percent and reach $22.3 billion by the end of 2015, up from $18.8 billion in 2012. With incentives from the federal Affordable Care Act to move away from paper records, organisations are increasingly adopting EHR systems to track patient information. As businesses make the shift, the expanding threat surface is creating a critical need for healthcare entities to test everything across databases, networks and applications.
"Today's healthcare industry is under attack. From hospitals to physicians to urgent care clinics, healthcare organisations are swimming in private data and must make security a priority in order to protect it," said Steve Kelley, senior vice president of product and corporate at Trustwave. "Security challenges are nothing new for any business but the level of distress exponentially increases when someone's life may actually depend on the protection of sensitive data."
Other findings of the Trustwave study include:
- 65 percent of non-technical respondents believe that external threats pose more of a concern than insider threats (35 percent).
- Nearly a quarter (23 percent) of technical respondents said their organisation has experienced a breach, yet studies have shown the rate to be much higher.
- Half of technical respondents said 10 percent or less of their overall IT budget goes toward cybersecurity. And 27 percent reported their annual security budget has not changed in the past year.
Image credit: Flickr.com