More on Risk Management

Almost all healthcare organizations plan investments in cybersecurity, report says

About 81 percent of U.S. healthcare organizations and 76 percent of global healthcare organizations will increase information security spending.

Bill Siwicki, Managing Editor, Healthcare IT News

According to a new study, 81 percent of U.S. healthcare organizations and 76 percent of global healthcare organizations will increase information security spending in 2017. The "2017 Thales Data Threat Report, Healthcare Edition" from cybersecurity technology and services vendor Thales and analyst firm 451 Research released the survey results at HIMSS17.

U.S. government regulations such as the HITECH Act's Electronic Patient Care Reporting (ePCR) requirements are driving healthcare organizations to digitize their data, and while this digitization creates efficiency, it comes at a hefty price: Individual healthcare data is exposed to more people, in more places and on more devices, including smartphones, laptops and, increasingly, Internet of Things devices, Thales said.

Despite the risks that come from increased access points, 60 percent of U.S. healthcare survey respondents reported their organizations were deploying to a cloud, Big Data, and Internet of Things or container environments without adequate data security controls. The healthcare industry also is adopting some of these technologies for sensitive data use wholesale, with 69 percent of U.S. respondents leveraging software-as-a-service, 59 percent Big Data, 46 percent mobile and 35 percent Internet of Things environments.

HIMSS20 Digital

Learn on-demand, earn credit, find products and solutions. Get Started >>

These numbers may explain why 90 percent of U.S. healthcare respondents feel vulnerable to data threats and why cybersecurity spending increases by U.S. healthcare organizations leads that of all other vertical markets surveyed, including the government and financial sectors, according to the report.

[Also: Expert: Cybercriminals will not only attack healthcare, but they'll profit from it]

Compliance requirements also drive data security decision-making in U.S. healthcare, with 57 percent of respondents listing it as the top spending impetus. But, compliance ranks near the bottom of spending drivers among global healthcare respondents. Instead, the top two motivations for security spending are preventing data breaches (39 percent) and protecting reputation and brand (also 39 percent).

These findings underscore the differences between the United States' privately focused healthcare system, and its emphasis on regulations like HIPAA, HITECH and others, versus areas of the world where healthcare is less regulated or primarily government-operated.

Across the board, encryption is the technology of choice when it comes to protecting sensitive data residing within cloud, Internet of Things and container environments, the study found. 65 percent of U.S. healthcare respondents and 58 percent of global healthcare respondents opt to encrypt data in the public cloud, with the survey yielding similar numbers for Internet of Things data (59 percent U.S.; 58 percent global) and container data (58 percent U.S.; 60 percent global).

Despite the healthcare industry's growing interest in encryption, many organizations remain focused on network and endpoint security, the report found. Network security is still the top choice for U.S. healthcare spending by a wide margin (69 percent), compared to 53 percent of global respondents. Endpoint security, at 61 percent, isn't far behind. While network and endpoint technologies are a required element of an organization's IT security stance, they are increasingly less effective at keeping external attacks at bay, and in securing cloud, Big Data, Internet of Things and container deployments, which result in data being distributed, processed and stored outside corporate network boundaries, Thales said.

Twitter: @SiwickiHealthIT