More than 90 percent of health care professionals believe criminals are increasingly targeting health care organizations, according to a survey of 398 full-time health care professionals by Trustwave, a security-as-a-service vendor.
Despite these concerns, the report found only 10 percent or less of their IT budget goes toward cyber-security and protecting their patients’ highly sensitive information.
"It’s not clear why health care organizations put so little emphasis on information security budgeting, but adding more advanced threat and vulnerability management doesn’t have to break the bank," Cas Purdy, vice president of corporate marketing and communications at Trustwave, told eWEEK. "While they could go out and buy all the latest security technologies, that’s normally too much for a health care organization due to lack of resources, staff and security skills needed to install, manage and monitor them."
Purdy said that instead, health care organizations, in particular entities like urgent care clinics and doctors’ offices, should seek the help of a managed security services provider to provide more advanced threat management to go beyond what the basic level of security that many of them have today.
The report found 79 percent of respondents who work in IT and 77 percent of non-IT respondents are most concerned about losing patient data, above other types of information, if their organization is breached.
"Consumers should always be vigilant and aware of potential misuses of their confidential data, but the onus is on businesses to protect their networks, databases and applications," Purdy said. "That means regularly testing, and testing often through both automated scanning and more
Nearly three-quarters (74 percent) of IT respondents said they are concerned about their organization getting breached, compared to 51 percent of non-IT respondents.
While nearly a quarter (23 percent) of technical respondents said their organization has experienced a breach, other studies have shown the rate to be much higher.
In addition, 65 percent of IT respondents believe that external threats pose more of a concern than insider threats (35 percent).
"Electronic health care records and the Internet of Things (IoT) and the security challenges those bring have to be the biggest game changers in health care security," Purdy said. "Medical records are rapidly moving online and being widely shared among patient and health provider sources, Web-connected Internet of Things devices and cloud services are rapidly expanding the attack surface."