Two out of three healthcare information technology leaders in a recent survey said they experienced a “significant” data security incident in the past year.
Nearly as many respondents (62%), however, told the Healthcare Information and Management Systems Society that the breaches their organizations suffered had limited impact on either patient care or IT operations.
Medical identity theft was the No. 1 factor motivating security threats, cited by 79% of the surveyed, followed by the organization's own staffers improperly snooping on patient records (65%) and financial identity theft (51%).
According to the survey takers, the top two barriers to mitigating cybersecurity events were “a lack of appropriate cybersecurity personnel,” cited by 64%, and a lack of financial resources, 60%, while 42% opined that there are “too many emerging and new threats to track,” according to a HIMSS statement about the survey.
“Most respondents indicated that the security tools currently available to them are insufficient to protect us against the security threats and vulnerabilities their organizations will face today and in the future,” the report said. “Indeed, most agreed that innovative and advanced security tools are needed to protect healthcare organizations against the security threats and attacks that healthcare organizations will face.”
The concerns over security spending persist despite a string of high-profile data breaches that hit the healthcare industry in the past year or so, involving tens of millions of patient records. Several of the breaches were attributed to foreign-based hackers.
“The recent breaches in the healthcare industry have been a wake-up call that patient and other data are valuable targets and healthcare organizations need a laser focus on cybersecurity threats,” said Lisa Gallagher, vice president of technology solutions for the Chicago-based HIMSS. “Healthcare organizations need to rapidly adjust their strategies to defend against cyberattacks. This means implementing threat data, incorporating new tools and sophisticated analysis into their security process.”
HIMSS queried 297 health IT executives, most of whom (77%) work for hospitals or healthcare systems.