Insights on cyber-attacks and data breaches from US-based health IT security professionals

The 2019 HIMSS Cybersecurity Survey provides insight into the information security experiences and practices of US healthcare organizations in light of increasing cyber-attacks and compromises.

Reflecting the feedback from 166 US based health information security professionals, the findings of this study distill as follows: A pattern of cybersecurity threats and experiences is discernable across US healthcare organisations

  • Significant security incidents are a near universal experience in US healthcare organisations with many of the incidents initiated by bad actors, leveraging e-mail as a means to compromise the integrity of their targets. Many positive advances are occurring in healthcare cybersecurity practices.
  • Healthcare organisations appear to be allocating more of their information technology (“IT”) budgets to cybersecurity. Complacency with cybersecurity practices can put cybersecurity programs at risk.
  • There are certain responses that are not necessarily “bad” cybersecurity practices, but may be an “early warning signal” about potential complacency seeping into the organisation’s information security practices. Notable cybersecurity gaps exist in key areas of the healthcare ecosystem.
  • The lack of phishing tests in certain organisations and the pervasiveness of legacy systems raise grave concerns regarding the vulnerability of the healthcare ecosystem.


Lookout Watch entry date: 09/08/2019

Watch category:

Watch Type: