Cybersecurity

Cybersecurity must be a hands-on boardroom concern, expert says

Despite signs that risk management in the healthcare space is maturing, dangerous cybersecurity gaps still loom and provider confidence in their own ability to stop an attack is flat, according to the third annual HIMSS Analytics and Symantec IT Security and Risk Management report, unveiled at the HIMSS18 global conference this week. In order to enable lasting and meaningful change, providers must move cybersecurity out of IT and into the boardroom, the study said.

The study examines IT and security executive perspectives, as well as IT administrators, physicians, and business professionals when it comes to IT security strategies. Findings were based on a web survey  and in-depth interviews conducted in December.

The good news is that healthcare organizations are starting to implement practices that show a better understanding of cybersecurity. There are also establishing cybersecurity frameworks and making risk assessments more of a priority, with study results showing 60 percent of IT leaders now identify risk assessment as the number one driver of security investments, instead of HIPAA compliance and 94 percent rank it in the top three drivers.  Also, 59 percent said “performance against risk frameworks” was a top KPI. 

C-suite executives are also just starting to get more hands on with cybersecurity as well, the report said, with security reports either being provided on request, roughly 40 percent of respondents, or being presented regularly at meetings, approximately 27 percent. A little more than 14 percent proactively discuss new or existing risks.