Healthcare leaders crown employee cybersecurity awareness as primary threat concern

Dive Insight:

Most organizations use a variety of methods to mitigate cybersecurity risks, the survey reveals. Eighty-seven percent employ remote access/secure access controls, 85% use employee security awareness tactics and 75% utilize security counseling services like vulnerability assessments and penetration testing.

“The security threats the healthcare industry is facing are real and they’re only increasing in volume and sophistication as bad actors continue to seek out coveted protected health information,” Chris Richter, senior vice president of global security services at Level 3, said in a statement. “Aside from fostering and maintaining a culture of security, which includes regular employee security training, healthcare organizations should implement a security governance framework and appropriate technology controls. These include threat intelligence, DDoS mitigation and next generation firewalling and sandboxing — all critical next steps for healthcare providers to secure their networks.”

And employee privacy and security missteps can be costly. In February, Memorial Healthcare Systems paid HHS $5.5 million to settle potential HIPAA violations after employees gained unauthorized access to 115,143 patients’ protected health information and disclosed them to affiliated physician office staff. The settlement and other recent ones like it underscore HHS’ determination to enforce HIPAA violations and providers and health systems need to find ways to prevent future breaches.

About 80% of health executives in a recent Thales survey said their organizations plan to step up security spending in 2017. Compliance was the main driver for security spending in the U.S., with 57% of respondents, while data breaches (39%) and protecting reputation and brand (39%) led global concerns.