Survey: IT Professionals Cite Importance of Cybersecurity
July 1, 2015 in News
Nearly 90% of health IT professionals say that cybersecurity has become a higher business priority for their organization over the past year, and about 67% said their organization experienced a “significant security incident in the recent past,” according to a survey released on Tuesday by the Healthcare Information and Management Systems Society, MedCity News reports.
Details of Survey
For the survey, HIMSS collected responses from 297 health information security officers and other health IT professionals.
Jennifer Horowitz — senior director of research for HIMSS North America — noted that researchers intentionally used the term “security incident” over the more specific terms “breach” and “hack.”
The researchers found that organizations used an average of 11 different technologies for network security efforts. Respondents used various technologies in part because attackers are becoming more sophisticated.
More than 80% of respondents said that security-related technologies must evolve.
Internal negligence was the top cause of recent security incidents, with 46% of respondents citing it. Further, 64% said that an insider had been the source of a significant incident at some point, according to MedCity News (Versel, MedCity News, 6/30).
When asked about cybersecurity efforts:
- 80% of respondents said they used network monitoring to find and investigate information security incidents; and
- 87% of respondents said they had implemented antivirus/malware tools to secure their information security environment.
The top factors motivating organizations to improve their information security environment were:
- Phishing attacks;
- Risk assessment results; and
- Virus or malware threats.
Meanwhile, just 12% of respondents said their organization had performed a mock cyber defense exercise.
Respondents reported an “average level” of confidence regarding their organization’s ability to protect IT infrastructure and data, even in cases when protective technologies were in place (Snell, Health IT Security, 6/30).
When asked about personnel:
- 57% of respondents said that their organization has one or more full-time worker for information security; and
- 42% said that there are too many new threats to address properly but that their security teams could identify more than half of information security threats internally (MedCity News, 6/30).