In view of recent highly publicized cyber attacks and the
resulting financial, regulatory and reputational risks, healthcare
organizations should be highly focused on cyber security. Yet in a
recent survey of 223 executives at healthcare providers and health
plans with more than $500 million in revenue, KPMG found that 81%
of the respondents said their organizations have been compromised
by at least one cyber attack during the past two years, and only
53% of the providers and 66% of the health plans felt that their
organizations are adequately prepared to prevent or defend against
attacks. (See "Health Care and Cyber Security: Increasing
Threats Require Increased Capabilities.")
The survey respondents identified their greatest data security
vulnerabilities as: external hackers (65%), sharing data with third
parties (48%), employee breaches or theft (35%), wireless computing
(35%), and inadequate firewalls (27%). Their most important
security concerns were: malware infecting systems (67%), HIPAA
violations/compromise of patient privacy (57%), employee theft or
negligence (40%), medical device security (32%), and adding
technology hardware (31%). One of the most alarming findings was
that only 35% of the respondents felt they had adequate security
resources for managing vendor security risks.
According to KPMG, "In terms of technical capabilities, the
healthcare industry is behind other industries in protecting its
infrastructure and electronic protected health information (ePHI)
– as commonly seen in the use of outdated clinical
technology, insecure network-enabled medical devices, and an
overall lack of information security management
processes."
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.