Most healthcare cybersecurity stories over the last year or so have focused on ransomware, the frightening new weapon in the hacker arsenal. But the results from the recent 2016 HIMSS Cybersecurity Survey suggest that medical identity theft remains both more lucrative than ransomware for hackers and the primary concern of healthcare IT leaders. According to the survey, 77 percent of respondents feel medical identity theft is the “most common reason” for virtual attacks on healthcare facilities.

What else can we learn from HIMSS’ survey of 150 provider organizations?

• The lack of resources—both financial and human—is the underlying challenge in mitigating cybersecurity risk.  Nearly 60 percent of respondents said they don’t have adequate personnel, and 55 percent said they lack the funds to properly combat what has become a daily battle with hackers.
• Employees are either an asset or a liability, depending on their level of preparedness. At 77 percent, phishing attacks are the number one cybersecurity concern of survey respondents, who also said email is the primary vulnerability.
• Healthcare organizations are not using the full set of tools. When asked what cybersecurity tools they use, 64 percent of poll participants said data encryption in transit; 59 percent use encryption at rest, and 54 percent use intrusion detection systems. “Providers have implemented a modest amount of basic and advanced information security tools,” says the HIMSS report.
• Ransomware has a lot of people scared. When looking to the future of cybersecurity, ransomware is the challenge most respondents fear at 69 percent. Never expected to disappear, phishing scams come in second at 61 percent.
• The healthcare cybersecurity battle is a daily fact of life. Among poll respondents, 80 percent said they had experienced a “significant security incident” recently. HIMSS recognizes that cybersecurity is a sensitive topic for most if not all healthcare organizations and “… the pervasiveness of attacks presented here may actually be under-represented.”

Perhaps there are security measures mentioned in the report you could be taking but didn’t know about. Maybe you feel like an island in an ocean of hackers that for some reason have targeted you and seemingly no one else. The 2016 HIMSS Cybersecurity Survey report provides an industry overview, but it also enables you to compare your security readiness with others and understand the challenges all healthcare organizations face in the information age.

Every hospital should complete a security risk analysis at least once a year, preferably by an objective third part security professional. I hope you will contact us, if you need the security knowledge and expertise of certified specialists with over 20 years of hospital privacy and security experience.