Lack of employee awareness and education present the greatest security threat exposure according to responses from 125 health IT executives and professionals participating in the 2017 Level 3 Healthcare Security Study. The study, conducted by HIMSS, was designed to identify and understand high-level IT security concerns in the healthcare industry as the threat landscape continues to evolve, placing the industry's valuable healthcare data and critical care infrastructure at risk.

The survey found:

  • Nearly 80 percent of survey participants identified employee security awareness as the source of their greatest concern regarding threat exposure.
  • Ninety-five percent of respondents list EHR systems as having the greatest importance for network uptime. Hospital interface systems ranks as the second most important (51 percent) – ahead of remote monitoring for patients (39 percent), communications systems (37 percent) and PACS storage (36 percent).
  • The majority of organizations employ multiple risk mitigation practices: 87 percent leverage remote access/secure access controls, 85 percent rely on employee security awareness programs and 75 percent incorporate security consulting services like vulnerability assessments and penetration testing.
  • A little more than half of respondents have practices such as DDoS mitigation (56 percent) and/or threat intelligence (55 percent) in place today.