Privacy & Security

Black Book: 84% of hospitals lack a dedicated security leader

With attacks continuing unabated and healthcare again expected to be 2018's top cyber target, just 11 percent of providers plan to get a cybersecurity officer in 2018, the new research report finds.
By Bill Siwicki
December 18, 2017
02:01 PM

One would think, after all of the high-profile cyberattacks on healthcare, from WannaCry to Petya to NotPetya, not to mention countless smaller assaults, that healthcare C-suite executives would take cybersecurity deadly seriously. That doesn’t seem to be the case, according to a new Q4 2017 survey from Black Book Research.

Eighty-four percent of provider organizations lack a reliable enterprise leader for cybersecurity, while only 11 percent plan to get a cybersecurity officer in 2018, found the survey of 323 strategic decision makers in the U.S. healthcare industry.

When it comes to payers, 31 percent have an established manager for cybersecurity programs currently, with 44 percent planning to recruit a candidate in the new year, the survey said.

"The low-security posture of most healthcare organizations may prove a target demographic for which these attacks are successful," said Black Book Managing Partner Doug Brown. "Cybersecurity has to be a top-down strategic initiative as it's far too difficult for IT security teams to achieve their goals without the board leading the charge.”

Future-proofing security

Why cybersecurity is top of mind for forward-looking healthcare orgs.

The survey also shed light on the hesitation of healthcare provider organizations in adopting best practices for cybersecurity. 54 percent of respondents admitted they do not conduct regular risk assessments, while 39 percent do not carry out regular penetration testing on their firewalls.

"These results may not be all that surprising, however, considering some of the new solution providers are offering passive monitoring for their networks and the upfront costs have been dramatically slashed," Brown said.

Still, a whopping 92 percent of the C-suite executives surveyed said cybersecurity and the threat of data breach are not major talking points with their board of directors.

Fifteen percent of healthcare organizations do appear to be taking cybersecurity seriously, by having a chief information security officer in charge today, the survey showed.

But by and large, for hackers looking for valuable data with minimal effort, the healthcare industry remains a prime target.

"The critical role of medical facilities, combined with poor security practices and lack of resources, make them vulnerable to financially and politically motivated attacks," said Brown.

Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com

Topics: 
Privacy & Security, Workforce

More regional news

Dr. Bala Hota of Tendo on AI

To find success with AI, health IT leaders must understand its recent evolution

By
Bill Siwicki
April 25, 2024
Physician talks with patient via telehealth

Joint Commission intros new Telehealth Accreditation Program

By
Mike Miliard
April 25, 2024
Hospital emergency entrance

HCA deploys AI from Augmedix for acute care documentation in EDs

By
Andrea Fox
April 25, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Physician talks with patient via telehealth
Joint Commission intros new Telehealth Accreditation Program

Most Read

Generative AI to bring 'transformative change,' says Froedtert/Inception Health CTO
Change Healthcare cyberattack still impacting pharmacies, as H-ISAC issues alert
OCR settles its 2nd ransomware investigation, probably not the last
NIST updates Cybersecurity Framework with Version 2.0
HSCC publishes 5-year healthcare cybersecurity strategic plan
Healthcare is the big victim of Blackcat's cyber counteroffensive

Research

White Papers

More Whitepapers

Compliance & Legal
Artificial Intelligence
Analytics

Webinars

More Webinars

Artificial Intelligence
Analytics
Analytics

Video

Jonathan Bush at Zus Health_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Independent patient data platform helps advance interoperability
Heidi Wold at Longevity Health Plan_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Patients benefit from post-acute care
Dr. Jesse M. Ehrenfeld, AMA president_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
AMA leader: Physicians must be the lodestar for IT innovation
Garrett Singletary at Concord Technologies_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Digitizing faxed data offers new advances for interoperability

More Stories

One of Mercy Health's hospitals in Victoria
Role-based messaging's growing popularity in...
Garrett Singletary at Concord Technologies_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Digitizing faxed data offers new advances for interoperability
Dr. Eve Cunningham on virtual care at Providence
At Providence, RPM is improving patient health and reducing provider workload
Stethoscope on tablet
HIMSSCast: Revolutionizing the Medicare program
Andrew Schultz at PatientPoint_Patient listening to nurse photo by SDI Productions/Getty Images
How a connected engagement ecosystem can empower better health
A nurse attending to a patient in the San's Poon Day Infusion Centre
Managing a safe transition to new treatment guidelines
Dr. Monika Sonu at Healthinnovation Toolbox_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
How to build digital health tools with the clinician in mind
Healthcare data exchange
ONC pubs Common Agreement v2.0, with regs for FHIR exchange