Large health systems better prepared on security, says CHIME Report

While most orgs surveyed said they have network access solutions to monitor devices connected to the network, fewer than half of small providers use network segmentation to control the spread of infections.
By Nathan Eddy
10:47 AM

The majority of health organizations are following cybersecurity practices recommended by a federally convened task group, according to a new study organized by the College of Healthcare Information Management Executives and KLAS Research.

The recommendations in the CHIME report include a host of cybersecurity policies including email and endpoint protection systems, data protection and loss prevention, network and vulnerability management, incident response and medical device security.

Although most of the organizations surveyed said they have network access solutions to monitor devices connected to the network, less than half of small organizations use network segmentation to control the spread of infections.

The study also revealed large organizations use more sophisticated and more frequent vulnerability scanning and application testing than small organizations.

For medical device security-- a top concern for organizations as they weigh patient-safety risks – some survey respondents reported investing in supporting technologies, while small organizations claim they have strong internal processes.

The survey found small organizations are less likely to use cybersecurity policies, with small to medium-size organizations four times less likely to have a chief information security officer than large organizations.

Cybersecurity questions represent a major component of the CHIME survey, conducted annually to identify industry best practices. While most organizations surveyed said they have an incident-response plan, just half conduct an annual enterprise-wide exercise to test the plan.

The survey also measured the use of digital signatures, which allow users to verify that emails come from trusted sources and have not been manipulated in transmission.

The results indicated large organizations are three times more likely to have adopted this technology than their smaller counterparts.

Healthcare executives and IT leaders are often overconfident regarding data privacy management, according to a recent report from vendor Integris Software. Even as they rely on outmoded data management processes, 70% of execs and IT leaders say they're "very" or "extremely" confident of their infosec strategies, the survey of 258 business executives and IT decision makers found.

Another recent study found the biggest barrier to meeting privacy and security challenges was lack of adequate resources – while healthcare security leaders are aware of the multitude of security threats, coordinated action to combat these threats is lagging, the CynergisTek survey of some five-dozen C-suite executives revealed.

About the new CHIME-KLAS report, Adam Gale, president of KLAS called it both a "wake-up call and roadmap to identifying cybersecurity vulnerabilities for healthcare providers, and highlighting where specific progress needs to be made."

"CHIME's goal is to improve patient safety and outcomes around the world by identifying best practices and sharing that knowledge across our industry," added Russell Branzell, CHIME's president and CEO. "Working with KLAS, we are able to use this resource to benchmark the current state of the industry and highlight strengths and gaps."

Nathan Eddy is a healthcare and technology freelancer based in Berlin.
Email the writer:
Twitter: @dropdeaded209

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.