Only 11 percent of health care providers plan to introduce a cybersecurity officer in 2018, with 84 percent lacking reliable leadership for combating cyberattacks.

Those are the statistics found in a Q4 2017 survey conducted by Black Book Research, paired with 31 percent of payors who have an established manager for cybersecurity programs and 44 percent recruiting candidates in the new year.

“It’s a very thrilling time for health care technology,” Douglas Brown, managing partner for Black Book Research, told HCB News. “It's crucial that attention to that technology doesn't come at the expense of hospitals and physician practices giving the needed focus to network security, which becomes even more vulnerable as smart tech advances.”

Health care organizations are a notable target for cyberattacks, with crimes ranging from thefts of information from EHRs to complete shutdowns of hospital operations, endangering the care and lives of patients.

The chance of such attacks occurring is high, based on the survey’s findings — with 54 percent of respondents admitting to not conducting risk assessments on a regular basis and 39 percent not carrying out regular penetration testing for firewall efficiency, thereby showing an underestimation of security threats.

C-suite officers were also interviewed, with 92 percent reporting that cybersecurity and the threat of a data breach are not major talking points with their boards of directors. Eighty-nine percent of all respondents say that budgeted IT funds for 2018 will be primarily focused on business functions with provable business cases, and that only a small portion will go toward cybersecurity.

Other endeavors in this area have reported similar views, with a recent Mimecast Limited study conducted by HIMSS Analytics claiming that 78 percent of providers experienced email-related cyberattacks throughout 2017. Experts at this year’s RSNA meeting found that ransomware attacks were on the rise with the sales market rising by over 2000 percent in one year.

Brown said that expensive costs for cybersecurity software and insurance, insufficient awareness, process inconsistencies caused by consolidation and the fact that hospitals are lucrative targets are among the crucial factors that contribute to the lack of preparedness among providers.

“2018 ushers in a serious threat, as the health care industry is significantly behind other industries when it comes to the field of cybersecurity, and only recently began playing catch-up,” he said. “As a result, health care organizations, patients and providers are all left vulnerable against today’s sophisticated attackers.”

He suggested adopting more advanced forms of technology, making cybersecurity a priority and segmenting entire networks with encryptions and stricter policies to enhance protection against cyberattacks.

“One of the best steps health care enterprises can take is to leverage a specially-tailored solution via HIT systems that are built to meet the needs of the industry and provide cutting-edge service," he added. "As a health care business looking for such a solution, you'll want to make sure you find something that offers not only breach detection and data loss prevention tools, but also addresses compliance. Health care enterprises don't only need to worry about PCI DSS 3.0, but also HIPAA compliance as well. A well-crafted solution is one that meets — and exceeds — these standards.”

Health IT Homepage