More than 85% of healthcare providers invested in information security in the previous year, but only about half are prepared to handle a cyberattack, according to the responses of 223 healthcare executives surveyed by KPMG LLP.
Four-fifths of healthcare providers experienced a cyberattack within the last year, and 13% of survey respondents said they tracked an average of roughly one attempted cyber threat per day during that time. These attacks have not gone unnoticed by the business leaders at healthcare organizations, as 85% of executives said healthcare cybersecurity has been talked about at the board level.
“The magnitude of the threat against healthcare information has grown exponentially, but the intention or spend in securing that information has not always followed,” said Michael Ebert, KPMG partner and cyber practice healthcare leader, in the survey report.
When asked to list their top information security worries, two-thirds of respondents said they were leery of malware getting into their systems. More than half (57%) were concerned with inappropriate disclosure of patient data that could result in HIPAA violations. Despite their best efforts, many executives acknowledge that their best healthcare cybersecurity plans can be foiled by an uncontrollable variable. Nearly two-thirds said external hackers are the most significant threat to IT security.
Roughly half of KPMG respondents said sharing data with third parties could result in security vulnerabilities, making it the second-most frequent answer to that question. Only 35% of executives viewed employees as a legitimate threat to commit theft or allow a data breach, a figure that is at odds with another recent survey wherein more than 75% of healthcare providers listed human error as the most common cause of data breaches.
Risk management/IT compliance and handling firewalls are the only two areas in which 60% or more of healthcare executives are convinced their organizations’ have sufficient IT resources. More than half are confident they have enough IT assets to respond to security events and analyze data loss.