Health execs rank employee awareness as greatest cybersecurity concern

Nearly 80 percent of executives said employee security awareness is their greatest concern. And that’s despite 85 percent indicating they have existing security awareness programs, a new Level 3/HIMSS Analytics study finds.
By Bill Siwicki
02:43 PM
Share
employees greatest cybersecurity risk

Lack of employee awareness and education present the greatest security threat, according the 2017 Level 3 Healthcare Security Study. Even though 85 percent of respondents said they have educational programs in place, nearly 80 percent listed employee awareness as their top threat.

The Level 3 Survey of 125 health IT executives, conducted by HIMSS Analytics, also found that 95 percent of respondents listed electronic health records systems as having the greatest reliance on network uptime. Hospital interface systems ranked second (51 percent), ahead of remote patient monitoring (39 percent), communications systems (37 percent) and PACS storage (36 percent), the study said.

[Also: Phishing-as-a-service: White hats help but beware the dark web]

The vast majority of participating organizations employ multiple risk mitigation practices to protect data and systems: remote access/secure access controls (87 percent), employee security awareness programs (85 percent), and security consulting services like vulnerability assessments and penetration testing (75 percent), the study found.


 Learn more at Privacy & Security Forum San Francisco, May 11-12, 2017. Register here.​


A little over half of respondents in the study have practices such as DDoS mitigation (56 percent) or threat intelligence (55 percent) in place today.

“Healthcare organizations must remain vigilant against cybersecurity threats and leverage all of their resources effectively to ensure every individual knows their role,” said Bryan Fiekers, senior director of research services at HIMSS Analytics. “Security cannot become an out-of-sight, out-of-mind problem.” 

[Also: Cerber overthrows Locky as top ransomware menace]

Chris Richter, senior vice president, global security services, at Level 3 Communications, added that security threats the healthcare industry faces today are real and only increasing in volume and sophistication as bad actors continue to seek out coveted protected health information.

“Aside from fostering and maintaining a culture of security, which includes regular employee security training, healthcare organizations should implement a security governance framework and appropriate technology controls,” Richter said.

Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn