[BreachExchange] Hospitals, practices differ in cybersecurity preparedness

Audrey McNeil audrey at riskbasedsecurity.com
Fri Aug 19 16:00:42 EDT 2016


http://www.fiercehealthcare.com/privacy-security/himss-
how-hospitals-doctor-s-offices-differ-security-preparedness

Eighty percent of providers report experiencing a recent “significant
security incident,” according to a HIMSS cybersecurity survey, leading more
organizations to make security a top business priority.

The respondents cite three primary challenges behind their information
security efforts: phishing attacks, virus/malware incidents and proactively
addressing the results of a risk assessment.

The poll of 183 healthcare security professionals closely resembles the
results from last year, though this new report reveals differences in
security preparedness between hospitals and doctor’s offices.

Acute care providers, for instance, were significantly more likely to use
tools such as patch and vulnerability management tools, mobile device
management and single sign-on. Less than half the organizations in both
groups used multifactor authentication and data-loss-prevention tools.

The report’s authors, however, raised alarm about organizations failing to
use even basic security protections. Only 84.9 percent (acute) and 90.3
percent (non-acute) of providers use antivirus and anti-malware software.
Just 78.2 percent (acute) and 90.3 percent (non-acute) use firewalls.

The survey also found that:

68.1 percent of acute and 48.4 percent of non-acute organizations encrypt
data in transit
61.3 percent of acute and 48.4 percent of non-acute providers encrypt data
at rest
59.7 percent of acute and 61.3 percent of non-acute providers use audit
logs to track each access to patient and financial records

Both groups report they have enhanced security capabilities in the past
year, though on a 7-point scale, they ranked their preparedness in the
mid-4 range. They cite lack of appropriately trained staff and budget
constraints among the reasons they’re not doing more.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160819/90c803c1/attachment.html>


More information about the BreachExchange mailing list