Today, Symantec and HIMSS Analytics announced the results of our second annual HIMSS Analytics IT Security & Risk Management Study, which examines where healthcare organizations stand with their investments and efforts to strengthen their security postures. We also developed an infographic that summarizes the research findings.
Some of the highlights:
- The number of employees allocated to IT security is starting to rise
- More organizations are adopting established cybersecurity frameworks
- Additionally, two-thirds of organizations have a dedicated full-time chief information security officer, who most often reports to the chief information officer – showing increased focus at the top
But, significant challenges still remain:
- More than half of respondents have been subjected to at least one external cyber-attack in the last 12 months – and we suspect that number is actually much higher
- IT security budgets have increased since 2015, but still tend to be six percent or less of the overall IT budget
- And, despite increases to security staffs and budgets, organizations say they remain the biggest barriers to improving confidence in security programs
- Why? A disconnect between the “business” and IT sides of healthcare may be to blame. On average, clinical and business respondents report much higher confidence in their organization’s cyber-attack preparedness than their IT and security counterparts
I’ll be doing a deep dive on the study findings at HIMSS next week, each day (Feb. 20-22) in our booth (#1733) at 11:30 a.m. I will also present on the study findings in the HIMSS Analytics booth (#2133) at 2 p.m. on Monday, Feb. 20. We also encourage HIMSS attendees to check out our other sessions with some of our top healthcare cybersecurity experts.
These are challenging times in healthcare cybersecurity, but we look forward to gathering at HIMSS to discuss how we can work together to develop integrated cyber defenses that protect critical healthcare information and systems, and support patient care.