As the gatekeeper of Social Security numbers, medical information and health insurance data, hospital are big targets for hackers. But, healthcare providers only spent about 5 percent of their IT budgets on security last year according to a survey by global research and advisory company Gartner.
The healthcare sector fell behind banking and financial services which spent 7.3 percent of their IT budgets on cybersecurity as well as retail and wholesale services which spent 6.1 percent, The Chicago Tribune reports.
Security threats are nothing new. Hospitals have been victims of ransomware and phishing attacks for decades because they are the "holy grail of personal data," Mark Greisinger, president of NetDiligence, a cybersecurity management company, told the Tribune.
About 82 percent of hospital IT security leaders reported a "significant security incident" in the last 12 months, a 2019 Health Information of Management Systems Society cybersecurity survey revealed.
Of those who reported security incidents, 20 percent blamed them on vendors, consultants or other parties. More than half said the incidents were malicious.
But when choosing between patient care or cybersecurity for where to spend limited resources, many hospitals choose the former.
"There are so many other things healthcare systems need and people are begging you for and yelling for," Doug Brown, president of Black Book Research, a market research company, told the publication. "They're not really putting the attention on cybersecurity because it's a really boring issue."
But healthcare providers are beginning to come around to the importance of cybersecurity. About 38 percent of healthcare organizations increased their cybersecurity spending from 2017 to 2018, according to the HIMSS cybersecurity survey.