Skip to main content
Sister Publication Links
  • ESG: THE NEW IMPERATIVE
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • COVID-19
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Digital Health
  • Insights
    • ACA 10 Years After
    • Best Practices
    • Special Reports
    • Innovations
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Supply Chain
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • MORE +
    • Contact Us
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Technology
February 27, 2016 12:00 AM

Cybersecurity rising as health IT concern

Joseph Conn
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print

    After years of budgetary indifference to health information security, and fresh off the worst year in history for healthcare data breaches, many healthcare organizations will be putting more resources into protecting their data, according to Modern Healthcare's 26th annual Survey of Executive Opinions on Key Information Technology Issues.

    An overwhelming majority of respondents indicated that the threat of cybersecurity breaches will have some (51%) or considerable (42%) impact on their organization's IT security spending this year.

    And 3 out of 4 provider leaders surveyed indicated their IT security spending will increase in 2016, with only 25% indicating there would be no spending changes. No one indicated they would be making cuts in IT security spending.

    The median spending range for security as a percentage of their organizations' overall IT budget was 2.1% to 3% in 2015, according to the survey. The median spending range will rise to 3.1% to 4% this year, provider leaders reported.

    More than half (53%) of all providers this year say their organizations are encrypting personally identifiable data in storage, so-called “data at rest.” Encrypting data for transmission has been standard practice for years.

    Cyber and data security ranked No. 3 when providers were asked to name their top three hot-button health IT priorities. A number of respondents made it their top priority.

    MH Takeaways

    An unprecedented rise in the scale and scope of healthcare data breaches has forced systems to invest significantly more of their information technology budgets in preventing hacker attacks.

    Looking out a bit into the future, provider leaders still foresee the need to address security risks, the survey shows. Security also ranked No. 3 among executives asked to pick their top health IT priorities over the next 24 months.

    What's finally driving all this heightened interest and increased spending on health IT security?

    Fear.

    A sizable majority of respondents—81%—indicated they expect the number of cybersecurity attacks this year will exceed those in 2015, a record year for healthcare data insecurity.

    Several IT leaders who took the survey this year were reluctant to talk publicly about their security issues, preferring the safety of the herd with so many cyber predators on the prowl.

    One survey respondent, a chief information officer for three decades, agreed to speak only if granted anonymity. His midsize Midwestern community hospital will be spending a bit more on security in 2016, but “we're still not spending the level of budget we're going to need,” he said.

    “Up to 20% of my time is now spent in this (security) area, where three or four years ago, it was 2%,” he said. His hospital is creating an IT security department, has added security monitoring to the duties of a compliance committee that reports directly to the hospital board, and “there's talk about having a separate cybersecurity committee at board level,” he said.

    “We're getting constant attacks from the outside,” the CIO said. “Although we've not had a breach or something that's taken hold, the time and training (for security) has taken a significant amount of our focus. The folks trying to break in are getting very sophisticated. We're doing everything that we can at this point” to stop them.

    The current IT cybersecurity threat level will have a “considerable” impact on IT security spending this year at 189-bed Lawrence (Mass.) General Hospital, said Michael LeBlond, its senior director of information systems and technology.

    It's a disproportionate-share hospital that operates a busy emergency room and trauma center and multiple outpatient services in the community, LeBlond said.

    Get the charts

    Information Technology: 2016 - An analysis of healthcare IT based on executives' opinions in response to the Modern Healthcare Survey of Executive Opinions on Key Information Technology Issues

    On the survey, LeBlond listed security and compliance as his No. 1 hot button IT priority.

    His hospital's spending, already at an above-average level in 2015—3.1% to 4% of IT's budget—will rise to the 4.1% to 5% range in 2016.

    LeBlond said his IT department has 29 full-time staff members. There's only one security officer, added a couple of years ago, but a second is on the way, he said. “I've always been fortunate security has always had the attention at the board level here,” he said. “We've been a little ahead of the curve knowing this stuff is out there going on.”

    LeBlond said the hospital relies on in-house staff and outsourced security technology and services, particularly for monitoring “that I can't afford people to have staffing 24/7.”

    “We're a small community hospital and have to balance what we can put toward security and keeping all the other IT things running,” he said.

    Of the 1,470 major breaches on the “wall of shame” website kept since 2009 by HHS' Office for Civil Rights, only 11% are attributed to hacking incidents.

    But those relatively few hacks led to the exposure of 115.6 million individuals' medical records. And nearly 97% of those exposures were from hacking incidents reported in 2015. Four of the five largest healthcare data breaches in the history of the list were Anthem, 78.8 million individuals; Premera Blue Cross, 11 million; Excellus Health Plan, 10 million; and the University of California at Los Angeles, 4.5 million, all in 2015.

    This year, healthcare officials have seen the re-emergence of the ransomware threat. Hollywood (Calif.) Presbyterian Medical Center saw its electronic health-record system held hostage for about a week until it forked over $17,000 in ransom, paid in the hard-to-trace bitcoin cybercurrency.

    CIO Richard Mohnk of two-hospital, 326-bed Bayhealth, based in Dover, Del., has a full IT agenda, overseeing the IT needs of a replacement hospital under construction in Milford, Del. But a security update ranked No. 3 on Mohnk's hot button IT punch list.

    Consultants have looked at all of the systems' security policies and practices as well as all monitors and other clinical electronic equipment. “We wanted to identify our risks,” said Mohnk, a health IT veteran who has just six months on the job at Bayhealth. Security was moved into the IT department and a security training program is underway across the hospital.

    Mohnk plans to augment a five-person security department. “We're building from within just because there are only enough security professionals to cover about 60% of the available spots.”

    A couple of years ago, Bayhealth sent out a test batch of phishing e-mails to employees to see whether people would open them. Hospital officials wanted to know had the e-mails actually come from a hacker, how many employees would have put the hospital in jeopardy. “Unfortunately, it was way more successful than we wanted it to be,” Mohnk said, since a number of workers opened the e-mail.

    “We'll probably do another one of those in the next two to three months and really focus on it as an educational opportunity,” he said. Like most survey respondents, Mohnk indicated 2016 would be worse for cyberattacks than 2015.

    “I came from the University of Massachusetts Health System in July,” he said. “We've already had three cyberattacks” since then. “I hadn't had one in the previous 14 years at UMass. Everywhere you look, they're up. I think we'd all be foolish if we didn't think it'd be on the rise.”

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    money arrows decrease down 2.png
    Changing employer market leaves digital health companies rethinking strategy
    Two pill bottles from Amazon Pharmacy
    Amazon rolls out generic drug subscription service
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Health IT Strategist (HITS) Newsletter: Sign up for the latest IT and medical technology news delivered 3 days a week (M, W, F).
     
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • COVID-19
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Digital Health
    • Insights
      • ACA 10 Years After
      • Best Practices
      • Special Reports
      • Innovations
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Supply Chain
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • MORE +
      • Contact Us
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing