Respondents were most concerned about risks associated with Internet of Things (IoT), medical devices, third-party vendors and program development/management, according to the CAPP Conference Survey Results. 

Key findings from the report include:

• 40 percent say that third-party risk is the threat that concerns them the most.
• Of the emerging threat areas (5G, AI, IoT, and supply chain) discussed, over 50 percent responded that they were the most concerned about IoT.
• Nearly one third of respondents reported that medical device security is one of the top five risks facing healthcare according, to the Health Industry Cybersecurity Practices, however most reported not having an effective strategy in place to assess the risks posed by medical devices. Even more alarming, 26 percent said they don’t have any process in place at all.
• Almost half of the organizations reported to have conducted an incident response exercise only one time, or to have never done one at all.
• ‘Culture’ was listed as the leading difficulty (over compensation and training) in retaining cybersecurity professionals.
• 54 percent of those surveyed said the biggest barrier to meeting privacy and security challenges was due to lack of adequate resources (tools, money, or people), and only 13 percent was due to senior management buy-in. However, in a follow-up question, 40 percent responded that they didn’t know if their Boards were more or less involved with cybersecurity and privacy programs than they previously had been.

The “CAPP Conference Survey” findings iterate the issues facing the healthcare industry today and the difficulties to keep up with the advancing cybersecurity world. The disparity between the severity of these cybersecurity threats and the lack of urgency from organizations to implement a plan or solution is creating a dangerous landscape that many healthcare organizations have fallen victim to.