Healthcare executives lack action plan to combat cybersecurity threats
Although nearly a third of respondents confirmed medical device security is one of the top five risks facing the healthcare industry, most do not have effective strategy in place to assess the risks posed by such devices.
Just over 40 percent of survey respondents said they were not at all prepared to meet privacy regulations, and roughly one in 10 respondents were “unaware” as to whether the organization was prepared or not.
More than half (54 percent) of survey respondents said the biggest barrier to meeting privacy and security challenges was due to lack of adequate resources, and less than half (48 percent) said they were even “moderately prepared” to meet new Federal-level national privacy rules and regulations.
THE LARGER TREND
“The fact that the vast majority of respondents report a lack of resources as a serious constraint against their cybersecurity program, and senior management buy-in as the least concern, shows there is a huge disconnect happening and is extremely troubling,” CynergisTek executive vice president of strategic innovation David Finn said in a statement.
He noted that it is vital to effectively communicate those issues to executive leadership figures to ensure they make cybersecurity a top business priority.
“If executive leadership truly understood the business risks posed by inadequate cybersecurity and realized the major operational, financial and patient safety implications a security incident can have, they would ensure any and all resources needed were available,” Finn continued.
The survey findings also indicated the other top issues respondents were most concerned about were the risks associated with Internet of Things (IoT), third-party vendors, and program development and management.
When it comes to emerging threat areas like 5G communications technology, artificial intelligence and IoT, more than half of respondents said they were the most concerned about IoT.
Other recent surveys indicate the cyber threat landscape for the healthcare industry has continued to evolve, with clear evidence that securing connected medical devices require a different approach to that of IoT devices.
According to a study published earlier this week by Carbon Black, two thirds of surveyed healthcare organizations said cyberattacks have become more sophisticated over the past year.
The report recommended healthcare organizations increase endpoint visibility, establish protection from emerging attacks, run automated compliance and vulnerability assessments, and constantly back-up data.
A May report from Digital Shadows, a San Francisco-based provider of digital risk protection solutions, found there has been a 50 percent increase in the exposure of medical-related data over the past year, and an April report from Varonis found the average institution leaves terabytes of sensitive information exposed to unauthorized parties.
