Healthcare Orgs Not Taking Cybersecurity Seriously Enough, Black Book Reports

Dec. 20, 2017
More than eight in ten provider organizations lack a reliable enterprise leader for cybersecurity, while only 11 percent plan to get a cybersecurity officer in 2018, according to a new report from Black Book.

More than eight in ten provider organizations lack a reliable enterprise leader for cybersecurity, while only 11 percent plan to get a cybersecurity officer in 2018, according to a new report from Black Book.

For the survey, Black Book researchers polled more than 300 strategic decision makers in U.S. healthcare organizations, including both providers and payers. When it comes to payers, 31 percent said they have an established manager for cybersecurity programs currently, with 44 percent planning to recruit a candidate in 2018.

The survey revealed that the healthcare industry continues to underestimate security threats as attackers continue to seek data and monetary gain, researchers attested. "The low security posture of most healthcare organizations may prove a target demographic for which these attacks are successful," said Doug Brown, managing partner of Black Book.

The survey also advised on the hesitation of healthcare provider organizations in adopting the best practices for cybersecurity. 54 percent of respondents admitted they do not conduct regular risk assessments, while 39 percent don’t carry out regular penetration testing on their firewalls. “These results may not be all that surprising, however, considering some of the new solution providers are offering passive monitoring for their networks and the upfront costs have been dramatically slashed,” said Brown.

What’s more, 92 percent of the C-suite officers surveyed stated that cybersecurity and the threat of data breach are still not major talking points with their board of directors. And 15 percent of all healthcare organizations responding to the survey said they are taking cybersecurity seriously by having a chief information security officer (CISO) in charge now.

“Cybersecurity has to be a top-down strategic initiative as it’s far too difficult for IT security teams to achieve their goals without the board leading the charge,” said Brown.

Further, 89 percent of respondents reported that in 2018 budgeted IT funds are dedicated toward primarily business functions with provable business cases and only a small fraction is being allocated to cybersecurity.

Sponsored Recommendations

Healthcare Rankings Report

Adapting in Healthcare: Key Insights and Strategies from Leading Systems As healthcare marketers navigate changes in a volatile industry, they know one thing is certain: we've...

Healthcare Reputation Industry Trends

Navigating the Tipping Point: Strategies for Reputation Management in a Volatile Healthcare Environment As healthcare marketers navigate changes in a volatile industry, they can...

Clinical Evaluation: An AI Assistant for Primary Care

The AAFP's clinical evaluation offers a detailed analysis of how an innovative AI solution can help relieve physicians' administrative burden and aid them in improving health ...

From Chaos to Clarity: How AI Is Making Sense of Clinical Documentation

From Chaos to Clarity dives deep into how AI Is making sense of disorganized patient data and turning it into evidence-based diagnosis suggestions that physicians can trust, leading...