Almost half of healthcare organizations conduct annual security risk assessments to assess their vulnerability to cyberthreats, according to the 2018 HIMSS Cybersecurity Survey.
For the survey, HIMSS — the Healthcare Information and Management Systems Society — asked 239 health information security professionals to weigh in on their experiences with and attitude toward cybersecurity in their respective organizations.
Here are four survey findings related to how healthcare organizations address information security.
1. The plurality of respondents (45.5 percent) indicated they undergo security risk assessments once a year. Only 9.6 percent of health information security professionals selected the next most common response — conducting daily security risk assessments.
2. When asked what security framework their organization has adopted, the majority of respondents cited the National Institute of Standards and Technology.
- NIST: 57.9 percent
- HITRUST: 26.4 percent
- Critical Security Controls: 24.7 percent
3. There's no uniform source of cyberthreat intelligence, according to the survey respondents, although the majority consider word-of-mouth information from peers a key resource.
- Peers: 68.6 percent
- U.S. Computer Emergency Readiness Team: 60 percent
- HIMSS resources: 53.8 percent
4. More than half of respondents cited lack of appropriate cybersecurity personnel as one of the biggest barriers for remediating and mitigating cybersecurity incidents.
- Lack of appropriate cybersecurity personnel: 52.4 percent
- Lack of financial resources: 46.6 percent
- Too many application vulnerabilities: 28.6 percent
To access the 2018 HIMSS Cybersecurity Survey, click here.