HIMSS Finds Notable Cybersecurity Gaps

February 25, 2019

In response to a rise in security incidents that continue to put patient data at risk, HIMSS introduced an annual research program to assess these experiences in healthcare organizations across the United States.

The 2019 HIMSS Cybersecurity Survey provides insight into what healthcare organizations are doing to protect their information and assets, in light of increasing cyber-attacks and compromises impacting the healthcare and public health (“HPH”) sector.

Based on the feedback from 166 US-based health information security professionals, an analysis of the findings yielded a few notable themes, which are explored in greater detail in this report and are summarized below:

•A pattern of cybersecurity threats and experiences is discernable across US healthcare organizations. Significant security incidents are a near universal experience in US healthcare organizations with many of the incidents initiated by bad actors, leveraging e-mail as a means to compromise the integrity of their targets.

•Many positive advances are occurring in healthcare cybersecurity practices and healthcare organizations appear to be allocating more of their information technology (“IT”) budgets to cybersecurity.

•Complacency with cybersecurity practices can put cybersecurity programs at risk. There are certain responses that are not necessarily “bad” cybersecurity practices, but may be an “early warning signal” about potential complacency seeping into the organization’s information security practices.

•Notable cybersecurity gaps exist in key areas of the healthcare ecosystem. The lack of phishing tests in certain organizations and the pervasiveness of legacy systems raise grave concerns regarding the vulnerability of the healthcare ecosystem.

HIMSS also released its 2019 HIMSS U.S. Leadership and Workforce Survey. Now in its 30th year, the annual survey continues to uncover trends and identify valuable insights into the rapidly changing market for healthcare and IT professionals. This year’s survey reflects the perspectives of U.S. health information and technology leaders on a myriad of topics influencing the healthcare sector, and provides a robust profile of digital health priorities, as well as insight into their health IT workforce experiences.

HIMSS 2019 Leadership & Workforce Survey Highlights

Workforce Continues to Grow
The health information technology industry should continue to see positive growth, but workforce challenges – particularly in hospitals – may slow progress. The majority of providers (59 percent) and vendors (81 percent) expect there to be increased demands for information and technology resources the coming year. However, about half of hospitals and a third of vendors anticipate delays in information systems implementation due to varied workforce challenges like recruiting and retaining skilled workers.

Cybersecurity is a Leading Priority
Cybersecurity, privacy and security topped the list of priorities across all survey respondent groups, especially those employed at hospitals. “This suggests that non-acute provider organizations may struggle to advance their IT capabilities without individuals employed to lead these efforts,” said Lorren Pettit, MS, MBA, vice president at HIMSS. Pettit oversees the enterprise’s thought leadership research efforts, including the annual cybersecurity survey conducted by HIMSS.

IT Leadership Strategies Vary Across the Industry
Hospitals and non-acute providers appear to have very different strategies regarding IT leadership and staff. While roughly 90 percent of hospital respondents indicated their organization employed at least one IT executive, over half (53 percent) of non-acute respondents reported their organization did not have an IT executive. “These findings may indicate that non-acute provider organizations could struggle to advance their information and technology capabilities in 2019 without individuals equipped to lead these efforts,” said Pettit.

Information Security Leadership Roles on the Rise
Of the top three information and technology executive roles hospitals tend to employ, only the senior information security leadership role experienced a notable increase (14 percent) between 2018 and 2019, in the percentage of hospitals employing these type of leaders. The increased presence of security leaders in hospitals is consistent with the elevated prioritization of cybersecurity, privacy and security within these organizations.

“The emergence of a third leader overseeing a hospital’s information and technology efforts is bound to result in internal tensions as competing interests and overlapping jurisdictions present themselves,” Pettit explained. “These challenges have the potential to stymy a hospital’s progression if hospital leaders are not careful to manage these hurdles effectively.”

Terms of Use | Copyright © 2002 - 2019 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement