Social Engineering Is Most Significant Cybersecurity Threat, Cybersecurity Expert Says

Lee Kim, senior principal, cybersecurity and privacy, with HIMSS, addressed the press on March 4 at the annual HIMSS conference about cybersecurity. HIMSS recently published its 2024 healthcare cybersecurity report.

“This year’s survey shows that tools alone are not enough—stronger governance is essential, with critical areas including artificial intelligence, insider threat management, and third-party risk management. The weakest link in any security program is the people, so education, tools, and policies remain the most important lines of defense. We are making progress, but we must do more to stay ahead of today’s evolving threats and to be prepared for future threats,” the HIMSS report stated.

Kim said that the most significant cybersecurity threat is social engineering. This is general email phishing and phishing through social media. Organizations need security awareness training. “Boards and directors are getting more informed in terms of overseeing cybersecurity risks,” Kim noted.

Regarding what we have learned since the Change Healthcare attack, Kim answered that healthcare CISOs are asking questions concerning vendors and having a backup. “We have clinical and financial ramifications that signal what kind of plan is needed,” Kim explained.