The latest analysis by Black Book Research shows the healthcare sector isn’t doing sufficient to cope with the danger of cyberattacks, as well as that cybersecurity is not yet taken earnestly enough.
The analysis was carried out on 323 key planners at healthcare companies of U.S. in the last quarter of 2017. Although the danger of cyberattacks is more than ever, and the healthcare business will remain the top aim for cybercriminals in 2018, just 11% of healthcare companies intend to hire a cybersecurity executive in 2018 to take control of safety. Presently 84% of provider companies don’t have a devoted manager for cybersecurity.
Payer companies are taking cybersecurity more earnestly. 31% have hired an administrator for their cybersecurity plans and 44% stated they would appoint a manager next year. In general, 15% of all reviewed companies stated they have a main information security office in control of cybersecurity.
The review also exposed that cybersecurity best methods aren’t generally applied in the healthcare business. Although HIPAA asks for frequent risk evaluations to be carried out, 54% of defendants said risk evaluations were not carried out frequently at their company, while 39% state they don’t conduct firewall penetration checks.
Additionally, although there have been rises in funds, it would seem that cybersecurity is a miserable preference. 89% of defendants stated that in 2018, planned IT finances were mainly being directed to business tasks with demonstrable business projects. Just a small fraction of those funds are assigned to cybersecurity.
To achieve cybersecurity goals, the involvement of C-Suite is required, in spite of that 92% of respondents stated that data breaches and cybersecurity were not talked about in board meetings. “Cybersecurity must be a top strategic program since it is very difficult for IT safety groups to accomplish their objectives without the board managing the charge,” stated Managing Partner of Black Book, Doug Brown.
With just a week remaining in the current month, there have been 331 healthcare data breaks informed to the Division of Health and Human Services’ OCR. For 2016, the total was 327 breaks, after increasing from 270 breaks in 2015. At the present rate, the target of 350 breaks for the year might even be touched. There’s also no sign that the year on year rises in data breaks will not carry on in 2018.
Brown said, “The important role of medical services, together with bad security practices as well as the scarcity of funds, make them susceptible to politically and financially inspired attacks”.
Unless more is done to make sure cybersecurity objectives are met, following year is expected to be yet one more record-breaking time for healthcare data breaks.