The most significant security incidents experienced by all types of healthcare organizations are typically phishing attacks or ransomware attacks, according to the 2021 HIMSS Healthcare Cybersecurity Survey, sponsored by Carahsoft.
The industry-wide annual survey reflects the perspectives and insights of healthcare cybersecurity professionals, including executives and non-executive managers who are responsible for day-to-day operations or oversight. Data collection and analysis occurred in 2021.
The survey indicates the largest vulnerability is the human factor, and healthcare cybersecurity professionals and their cybersecurity programs need more organizational support. Barriers to progress include tight security budgets, growing legacy footprints and the increasing volume of cyber-attacks and compromises, according to the data, and basic security controls have not been fully implemented at many organizations.
With phishing as the typical initial point of compromise, the report recommends organizations place a greater emphasis on security awareness programs, insider threat detection and mitigation and replacing or upgrading legacy (unsupported) software, if feasible.
Respondents reported threat actors most commonly target financial information (52 percent), employee information (43 percent) and patient information (39 percent). The impact of security incidents often includes disruption of systems/devices impacting business operations, disruption of IT operations, data breach or data leakage, disruption of systems/devices impacting clinical care and monetary loss.
The survey findings suggest healthcare organizations still have significant challenges to overcome. Read the full report.
In today’s world, discover how cybersecurity in healthcare—and protecting information—is vital for essential functions within an organization.