News Feature | July 22, 2015

Two-Thirds Of Healthcare Organizations Had Significant Data Security Breaches

Christine Kern

By Christine Kern, contributing writer

Retail Breaches

Last year saw large numbers of breaches, but limited impact on patient care and IT.

Two-thirds of surveyed health IT executives reported they experienced a “significant” data security breach in the past year, but 62 percent stated those breaches had a limited effect on patient care or IT operations according to a HIMSS survey.

According to HIMSS, data collected in the survey “helps to gauge the awareness and readiness that healthcare organizations have in this era where significant security incidents are a regular occurrence.”

The survey polled 297 health IT executives and found that primary obstacles to reducing security breaches included lack of appropriate cybersecurity personnel and insufficient financial resources. Forty-two percent of those polled said that there are “too many emerging and new threats to track,” according to a HIMSS statement.

The survey further found that, in spite of preventive technologies now commonly implemented at healthcare organizations, respondents reported an average level of confidence in their organization’s ability to protect their IT infrastructure and data. Those polled reported the highest levels of confidence in protection against a brute force attack and lowest levels in protecting against a zero day attack.

Meanwhile, 87 percent reported information security had been prioritized over the past year, leading to improvements in security postures including network security capabilities, endpoint protection, data loss prevention, disaster recovery, and IT continuity.

While healthcare organizations continue to rely on security tools and technologies such as anti-virus software, firewalls, and data encryption to secure their IT environments, respondents also indicated more innovative and advanced tools are necessary in order to protect their sensitive data in the future. The report states, “They indicated that healthcare organizations must operate form a perspective which presumes their organization’s perimeter has already been breached.” Further, 59 percent of respondents agreed that “cross-sector cyber threat information sharing is beneficial” to their organizations.

Lisa Gallagher, vice president for technology solutions for HIMSS said that “the recent breaches in the healthcare industry have been a wake-up call that patient and other data are valuable targets and healthcare organizations need a laser focus on cybersecurity threats.”

Other survey findings include:

  • Respondents reportedly used an average of 11 different technologies to security their environment, and more than half of them hired full time personnel to manage information security.
  • More than half of information security threats are identified by internal security teams.
  • Almost two-thirds (64 percent) of respondents say that a lack of appropriate cybersecurity personnel is a barrier to mitigating cybersecurity events.
  • Sixty-nine percent of those surveyed said that phishing attacks are a motivator for improving the information security environment.