8 Security Categories Healthcare Providers Need to Improve On

A new survey by HIMSS finds that many providers don’t even cover the basics of IT security.

Steve Zurier, Contributing Writer, Dark Reading

September 6, 2016

9 Slides

The Healthcare Information and Management Systems Society (HIMSS) has laid it out in black and white for heathcare providers to see: A recent survey by HIMSS found that too many healthcare providers are failing to deploy security basics, such as antimalware tools, firewalls and encryption.

Lee Kim, director of privacy and security at HIMSS, says she’s troubled that more than 20 percent of acute facilities (hospitals are those associated with hospitals) are failing to use firewalls. Further, more than half of non-acute facilities (physician's offices, mental health facilities, etc.) are failing to encrypt data at-rest or data in-transit.

Even with something as basic as antivirus and antimalware tools, only 84.9 percent of acute and 90.3 of non-acute facilities are using these tools. Acute facilities are defined as hospitals that treat patients and conduct surgeries, while non-acute facilities are more long-term care units, assisted living or other facilities to care for elderly patients.

“I think our number for antivirus and antimalware has to be more in excess of 99 percent,” she says. “I would have felt much better if the acute facilities approaches a B-plus, but it was more like a B-minus.”

Kim says it’s been very challenging to get executives in the healthcare field to focus on security, even with numerous high-profile breaches.

“Traditionally healthcare providers are in the business of savings lives, so the IT security staffs have a difficult time competing for budget dollars,” she explains. “As recent as five years ago, you would hear people saying that people wouldn’t want to attack a health care facility because they didn’t believe anyone would want to do harm to the patients.”

Kim says these attitudes are changing slowly, but with such low scores on basic security techniques like using encryption, network monitoring and analyzing logs, she admits there’s a great deal of work ahead in the healthcare field.

Read on to see eight of the healthcare industry's most troubling infosec weak points: 

About the Author

Steve Zurier

Steve Zurier

Contributing Writer, Dark Reading

Steve Zurier has more than 30 years of journalism and publishing experience and has covered networking, security, and IT as a writer and editor since 1992. Steve is based in Columbia, Md.

See more from Steve Zurier
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars

Editor's Choice

A virtual computer screen above a keyboard
Vulnerabilities & Threats
OWASP Beefs Up GenAI Security Guidance Amid Growing DeepfakesOWASP Beefs Up GenAI Security Guidance Amid Growing Deepfakes
byRobert Lemos, Contributing Writer
Nov 4, 2024
5 Min Read
The words "Zero Trust" in purple on two sides of a cube; blue, digital background
Vulnerabilities & Threats
How to Win at Cyber by Influencing PeopleHow to Win at Cyber by Influencing People
byGregory R. Simpson
Nov 5, 2024
5 Min Read
A job classifieds newspaper
Application Security
Cybersecurity Job Market Stagnates, Dissatisfaction AboundsCybersecurity Job Market Stagnates, Dissatisfaction Abounds
byTara Seals, Managing Editor, News, Dark Reading
Oct 31, 2024
4 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers