HIMSS
Résumé: The 2019 HIMSS Cybersecurity Survey provides insight into the information security experiences and practices of US healthcare organizations in light of increasing cyber-attacks and compromises. Reflecting the feedback from 166 US based health information security professionals, the findings of this study distill as follows:
-
- A pattern of cybersecurity threats and experiences is discernable across US healthcare organizations
- Significant security incidents are a near universal experience in US healthcare organizations with many of the incidents initiated by bad actors, leveraging e-mail as a means to compromise the integrity of their targets.
- Many positive advances are occurring in healthcare cybersecurity practices
- Healthcare organizations appear to be allocating more of their information technology (“IT”) budgets to cybersecurity.
- Complacency with cybersecurity practices can put cybersecurity programs at risk
- There are certain responses that are not necessarily “bad” cybersecurity practices, but may be an “early warning signal” about potential complacency seeping into the organization’s information security practices.
- Notable cybersecurity gaps exist in key areas of the healthcare ecosystem
- The lack of phishing tests in certain organizations and the pervasiveness of legacy systems raise grave concerns regarding the vulnerability of the healthcare ecosystem.
- A pattern of cybersecurity threats and experiences is discernable across US healthcare organizations