The state of healthcare security spending

security-screen

This year has been a big year for healthcare security – and not all in a good way. Through September of this year, according to the U.S Department of Health and Human Services Office for Civil Rights (OCR) website, nearly 5 million healthcare records have been exposed so far this year. And that’s only counting data breaches of 500 or more records.

Healthcare seems to be getting hit harder by cyber attacks as of late, with a rash of ransomware attacks and increasing data breaches like those listed by the OCR. And it’s not just U.S. companies taking the hit. Research firm Censuswide (commissioned by Infoblox) recently surveyed 305 healthcare IT professionals, with a breakdown of 152 from the U.S. and 153 from the U.K. This survey found that the risks associated with data breaches are weighing heavier on the UK side of the Atlantic. Twenty-three percent of UK healthcare IT professionals reported that they are not confident in their organization’s ability to respond to cyber attacks.

Stunningly, at least according to this survey, confidence is sky high among US healthcare IT professionals. Here, only 12 percent cited a lack of confidence in their organization’s ability to respond to an attack. I suspect a significant amount of overconfidence is on display here.

Other findings from the report include:

  • Focus on cybersecurity spending: 85% of healthcare organizations surveyed have increased their cybersecurity spending over the past year; 12% of organizations increased their cybersecurity spending by over 50%.
  • Still using outdated Microsoft OS: More than 22% of healthcare IT professionals surveyed reported the presence of Windows 7, the operating system exploited in the WannaCry attack. Similarly, 20% reported that Windows XP is running on their network, which has been unsupported since April 2014.
  • Employee education: One-third of healthcare IT professionals indicated their company is investing in employee education, email security solutions, and threat intelligence.
  • DNS security: One third have invested in DNS security solutions, which can actively disrupt Distributed Denial of Service (DDoS) attacks and data exfiltration.
  • Connected devices are a priority: 89% of respondents have a security policy in place that addresses the increase in connected devices on healthcare organizations’ networks. 21% of those surveyed have more than 5,000 devices on their network.
  • Willing to pay a ransom: Nearly 1 in 4 respondents in both the US and UK would be willing to pay a ransom in the event of a cyber attack. Of those willing, 68% of US respondents said they have a plan in place for how to pay the ransom, while 85% of UK professionals said they have a plan in place for this situation.

RELATED LINKS

The case for security breach communications in healthcare

Healthcare’s biggest public confidence challenge: Security and privacy

The Internet of Thing’s biggest vulnerability isn’t security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: