About 76 percent of healthcare leadership admitted that their organizations had faced a significant security incident in 2017, according to the annual HIMSS cybersecurity survey released during the conference. But overall healthcare cybersecurity is advancing with some significant improvements, noted the authors of the study.
HIMSS polled 239 healthcare leaders between December 2017 and January 2018. The report found that 96 percent of cyber attacks were caused by an identifiable threat factor. The top three culprits were phishers, negligent insiders and hackers. Email was the primary initial point of entry for 61 percent of these attacks. Compromised customer networks, guessed passwords, web app attacks, misconfigured cloud or software, human errors, compromised company websites and software or hardware pre-loaded with malware accounted for the remaining attacks.
About 12 percent of respondents were unsure of how hackers accessed their networks but 68 percent of these breaches were discovered within seven days, while 47 percent were found within 24 hours. The report also found that while the healthcare sector has seen a significant increase in security incidents in the past year, the severity of breaches has diminished year over year. This reflects a serious improvement in cybersecurity for the industry overall, according to the document.
About 84 percent of respondents said their organizations had increased resources to address cybersecurity needs. Hospitals had also seen a vast improvement in hiring senior information security leadership. However, “there is always room for growth,” noted the authors.