8 of 10 providers have cybersecurity briefs at board meetings, but half say its on ad-hoc basis: 8 things to know

Although healthcare organizations have taken a number of steps to address cybersecurity, they may not be moving quickly enough, according to a recent Symantec report.

Symantec teamed up with Healthcare Information and Management Systems Society Analytics to compile the third annual IT Security and Risk Management Study.

Here are eight report insights.

1. Healthcare providers (60 percent) are investing more in risk assessment, as opposed to HIPAA compliance.

2. Providers are increasingly adopting cybersecurity frameworks, with 40 percent using more than one.

3. The three most common frameworks are the National Institute of Standards and Technology Cybersecurity Framework (63 percent), the Health Information Trust Alliance (37 percent) and the Information Technology Infrastructure Library (31 percent).

4. Fifty-nine percent of providers identified "performance against risk frameworks" as a top security concern.

5. Although eight in 10 providers conduct a cybersecurity brief at board meetings, about half said it is done so on an ad-hoc basis.

6. Most providers (73 percent) said budget was the most significant barrier to their security programs, followed by staffing and skillsets.

7. About 74 percent of providers dedicate 6 percent or less of their total IT budget to IT security. The average IT security spend has remained flat over the last three years, according to the report.

8. About three of four providers are using the cloud, but 71 percent of providers said they have widespread security concerns about doing so.

More articles on cybersecurity:
KLAS: Healthcare consulting firms, ranked
EHR vendors stock report: Week of Feb. 26 - March 2
6 questions on patient-generated health data, answered

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Top 40 Articles from the Past 6 Months