Healthcare Organizations See Employees as Their Greatest Threat to IT Security

By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow

A recent survey conducted by Netwrix found that although healthcare organizations understand the importance of protecting patient information, they often fall short on improving their security measures. An article on PR Newswire explores the findings of the Netwrix survey.

The survey included responses from IT professionals across various industries, including healthcare.

Where are healthcare organizations falling short?

According to the 2017 IT Risks report, Netwrix found a shocking 95% of healthcare organizations are not using any kind of software to assist with their risk management. Not only are healthcare organizations not utilizing security governance software, but 68% of healthcare providers also admitted to not having a separate cybersecurity function.

What do healthcare organizations feel is their biggest threat?

The survey found that 56% of healthcare organizations believe employees are their greatest threat when it comes to their security and system availability. Over half of the healthcare organizations in the survey (59%) have already dealt with malware. In addition, 47% of healthcare providers responded saying they had already encountered security incidents resulting from human error.

While healthcare organizations continue to struggle with compliance and system availability, the security of electronic health records (EHR) remains their biggest concern by far. Despite the surge in malware attacks and the high price that healthcare records command on the black market, the healthcare industry still sees employees as the main threat to the security of their assets. Even though most employees do not have malicious intent, organizations need to gain visibility into user activity across the IT infrastructure.”

– CEO and co-founder of Netwrix, Michael Fimin

How prepared are healthcare organizations for IT risks?

Unfortunately, when it comes to being prepared to beat cybersecurity risks, only 31% of healthcare organizations feel they are ready if an incident were to occur.

Why are healthcare organizations unprepared for IT risks?

75% of survey respondents felt that a lack of budget to improve their cybersecurity practices was keeping them from doing so. In addition, 75% of respondents also indicated that a lack of time was hindering their IT security. The survey also found that interestingly, 44% of healthcare organizations believe their number one obstacle in improving their management of IT risks comes from senior management not appropriately participating in the process.

Will healthcare organizations invest in the future?

While healthcare organizations know there is a need to invest in their IT security, there are certainly difficulties that are keeping them from doing so. Despite the obstacles, 56% of respondents indicated they plan to invest in their security solutions to help protect them against data breaches.

This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.