Healthcare organizations are upgrading their cybersecurity programs to a greater degree than ever before, which is reflected in a survey of 126 U.S. health information security professionals conducted by the Healthcare Information and Management Systems Society (HIMSS).
The "2017 HIMSS Cybersecurity Survey" revealed 71 percent of respondents allocate a specific part of their budget to cybersecurity, and 60 percent allocate 3 percent or more of their overall budget to cybersecurity. For MSSPs, the survey suggests healthcare organizations are fertile ground for managed security services.
Other survey results included:
- 60 percent of respondents employ a senior information security leader such as a chief information security officer (CISO).
- 75 percent have some type of insider threat management program at their organization.
- 75 percent regularly conduct penetration testing, and 85 percent perform a risk assessment at least once a year.
- 80 percent indicate their organization employs cybersecurity staff.
- 87 percent conduct security awareness training classes for their staff at least once a year.
Cyberattackers continue to target healthcare organizations, HIMSS Senior Director of Health Information Systems Rod Piechowski said in a prepared statement.
However, healthcare organizations can deploy "quality, stress-tested cybersecurity programs" to navigate the complex security landscape, Piechowski stated.
Is Healthcare Data Safer in the Cloud Than On-Premises?
As healthcare organizations ramp up their cyber defenses, they're also evaluating where to manage their workloads -- on-premises or in the cloud.
The majority of healthcare professionals believe data is safer in the cloud than on-premises, according to a survey from cloud services company Evolve IP.
Key findings from the Evolve IP survey of 180 healthcare professionals included:
- Data backup, servers/data centers, software-as-a-service (SaaS) and Microsoft Exchange and Office were the top deployed cloud services for healthcare organizations.
- Healthcare organizations have an average of two and three services in the cloud.
- 60 percent of respondents said they preferred private cloud infrastructure over public clouds for data security.
- 81 percent plan to leverage new or additional cloud services in the next three years.
- The top cloud services that healthcare organizations expect to deploy over the next three years include data backup (48 percent), Exchange/Office (27.5 percent) and phone systems (27 percent).
Many healthcare organizations may target both cloud and on-premises cybersecurity solutions in the near future, which could create new growth opportunities for MSSPs.
A Closer Look at the Global Healthcare Cybersecurity Market
Lack of sufficient IT spending and lack of awareness about cybercrime have exposed the vulnerabilities of healthcare organizations, according to Grand View Research. The use of cyberattacks for unauthorized access to electronic patient health records (E-PHR) and social security records and IP theft could drive the global healthcare cybersecurity market's growth.
Overall, the global healthcare cybersecurity market could be worth $10.85 billion by 2022, Grand View Research predicted.