HIMSS' latest cybersecurity report confirms trends most in the healthcare industry have indicated: breaches are up, prioritizing cybersecurity is up, and lack of resources continues to be a top barrier in mitigating cybersecurity risks.
The 2016 HIMSS Cybersecurity Survey gathered responses from 150 U.S.-based provider organizations regarding their experiences dealing with cybersecurity.
Here are seven key findings from the report.
1. Eighty percent of respondents said their organization had experienced a "significant security incident" in 2016. Almost 45 percent indicated there was just one incident, and 35 percent said there were two or more incidents.
2. Eighty-five percent of respondents said security has increased as a business priority since the previous year. When broken down by provider type, nearly 87 percent of acute care providers indicated this was so, and 81 percent of non acute care providers indicated this was so.
3. As organizations enhanced security capabilities, they most often improved network security (71 percent said they enhanced in this way), endpoint protection (61 percent) and disaster recovery (52 percent).
4. When asked what motivated providers to proactively update their information security, two-thirds of respondents said they did so after undergoing a risk assessment. There were also a number of retroactive motivators, including experiencing a phishing attack (77 percent), virus/malware (67 percent) and negligent insider threat activity (52 percent).
5. Respondents identified email and mobile devices as the two greatest areas of cybersecurity vulnerabilities.
6. When asked to hypothesize cyber criminals' motivations based on the types of threats they experienced, the majority of respondents (77 percent) projected medical identity theft to be the primary motivator.
7. What's impeding providers from mitigating cybersecurity risk? Close to 59 percent of respondents said they lack appropriate cybersecurity personnel, and close to 55 percent said they lack the financial resources.
More articles on cybersecurity:
Making the case for comprehensive cyber-risk strategies: 10 startling facts that will spur C-suite action
Lack of cybersecurity talent leaves companies worldwide in a bind
HHS to fund cybersecurity information sharing organization