Sign in

Latest HIMSS cybersecurity report: threats rise, so does security

By: Lisa Marlin

September 5, 2017

The recently released August 2017 Healthcare Information and Management Systems Society (HIMSS) Cybersecurity Report indicates that respondents are taking proactive steps to stay ahead of security threats. According to Lee Kim, director, privacy and security, HIMSS North America, there are five key takeaways from the report. In brief, they are:

1) Penetration testing is essential. It’s a good way to test one’s cybersecurity defenses, incident response plans, awareness training, policies and procedures. Penetration test reports can hold significant value, as it will explain what gaps or deficiencies may exist and how to remedy them.

2) Cloud security concerns are top of mind. As more healthcare providers consider turning to cloud solutions, their concerns bring up some questions that need to be addressed: Where will my data be? Will my data go outside of the borders of the United States? Will I be able to get my data back once the contract is over? Who has access to my data at the cloud provider?

3) Medical device security is a top concern. Many acute providers have life-sustaining or life-saving medical devices. Considering that many of these are Bluetooth-enabled connected devices, medical device security and patient safety are very much intertwined—so much so that a potential compromise on a medical device may lead to an adverse event.

4) Frequent testing for failure of technological resources. Fifty-nine percent of organizations with chief information security officers or other senior IT security leaders and 40-percent of organizations without such senior leaders are testing for failure of technology resources for business continuity and disaster recovery purposes. As weather patterns get more extreme — for example, Hurricane Harvey — and as ransomware and denial of service attacks are on the rise, providers of all types are realizing the need to be prepared.

5) Cybersecurity due diligence of technology products and services is frequently done. Technology products or services bought off the shelf may be implanted with malware and/or they may have significant vulnerabilities off the shelf. Thus, an overwhelming 88% of healthcare organizations with chief information security officers or other IT security leaders and 57% percent of healthcare organizations without such leaders are ensuring that cybersecurity due diligence is done before implementing the technology product and/or service at the organization.

Where does your organization fit into the results of the HIMSS Cybersecurity Report? With the very real threat of security being continuously compromised into the foreseeable future, it’s imperative to stay proactive in protecting your organization, and ultimately, the patients it serves. PrivaPlan can help you do that. To learn more, contact our HIPAA experts today at info@privaplan.com or call 877-218-7707.