Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Hospitals & Medical Centers

Healthcare Industry Spending More on Security But Not Ready for Cyberattack

healthcare 3 responsive default
December 14, 2015

Two-thirds of the nation's healthcare provider organizations have experienced some kind of cyberattack in recent years and increased spending on data security hasn't improved the industry's readiness against attacks, according to a survey conducted by HIMSS.

The 2015 HIMSS Cybersecurity Survey found that the majority of respondents (87 percent) also indicated that information security had increased as a business priority at their organizations over the past year, resulting in improvements to security posture, such as improvements to network security capabilities, endpoint protection, data loss prevention, disaster recovery and information technology (IT) continuity.

However, despite the protective technologies implemented at healthcare organizations, respondents reported an average level of confidence with their organization’s ability to protect their IT infrastructure and data. Survey respondents were most confident their organizations could defend against a brute force attack (4.77) and least confident their organizations could protect against a zero day attack (3.82).

Indeed, two-thirds of respondents indicated their healthcare organizations had experienced a significant security incident in the recent past. And while the single largest source of a security incident was a negligent insider, 64 percent of respondents noted an incident at their organizations by an external actor, such as an online scam artist, hacker, or through social engineering. Furthermore, while the majority of respondents noted that security incidents were detected within 24 hours, approximately 20 percent of these security incidents ultimately resulted in the loss of patient, financial or operational data.

Additionally, respondents noted that today’s security tools are not going to be sufficient to protect the industry against the types of security threats their organizations expect to face in the future. Indeed, respondents were widely likely to indicate that more innovative and advanced tools are required to secure their environments in the future. Furthermore, they indicated that healthcare organizations must operate from a perspective which presumes their organization’s perimeter has already been breached. Moreover, more than half of respondents (59 percent) indicated agreement with the statement “cross-sector cyber threat information sharing is beneficial to my organization.”

Finally, respondents reported being highly concerned about the prospect of a future attack against their organizations. They were most likely to be concerned about phishing attacks, negligent insiders and advanced persistent threat (APT) attacks.

 

Other key survey results included:

  • Security Tools and Technologies: Healthcare organizations continue to rely on technologies such as anti-virus software, firewalls and data encryption to secure their IT environments. Respondents were much less likely to report their organizations used multi-factor digital identity (where digital identity is used for authentication), dynamic biometric technologies and dark web research.
  • Assessment of Network Defense and IT Security Capabilities: Respondents were most likely to report the use of risk assessments and vulnerability scans to assess their organization’s security. Only 12 percent reported their organization conducted a mock cyber defense exercise.
  • Motivators for Improving Information Security Environments: The top motivators for improving information security environments included results of risk assessments and concerns about phishing attacks and viruses/malware.
  • Detecting Security Incidents: The majority of respondents indicated that security incidents at their healthcare organizations were identified by an internal resource, such as an internal security team. Only 17 percent of respondents indicated that security incidents were identified by an external source, such as a patient whose information was compromised or a law enforcement agency.
  • Sources for cyber threat intelligence: Nearly 60 percent of respondents reported getting information about cyber threat intelligence from their peers (i.e., word of mouth). Third party vendor threat intelligence feeds (49 percent) and US Computer Emergency Readiness Team (CERT) alerts were also fairly widely used (45 percent).
  • Investigating Security Incidents: More than half of respondents reported that an external organization, such as a vendor/consultant or law enforcement agency, was brought in to investigate their security incidents. However, nearly half reported their healthcare organizations addressed the security incidents solely through an internal investigation.
  • Barriers to Mitigating Security Events: While respondents were most likely to indicate that lack of staffing and lack of financial resources were key barriers, 42 percent also indicated that there were too many emerging and new threats to keep track of.
  • External threat actors: Two-thirds of respondents reported a high degree of concern related to external threat actors. In comparison, 42 percent of respondents reported a high degree of concern in regard to insider threat actors.

The full survey is at http://www.himss.org/2015-cybersecurity-survey/executive-summary

 

KEYWORDS: cyber security healthcare security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • security leadership responsive default security

    You’re Not Ready for GDPR, but Don't Panic

    See More
  • cybersecurity-blog

    Healthcare Industry at Risk for Not Keeping Up with Cybersecurity

    See More
  • identity-freepik1170x658v470.jpg

    Identity security is a priority for IT security teams, but not understood by the C-suite

    See More

Related Products

See More Products
  • Photonic-Sensing.gif

    Photonic Sensing: Principles and Applications for Safety and Security Monitoring

  • Physical-Security-and-Safet.gif

    Physical Security and Safety: A Field Guide for the Practitioner

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing