Healthcare Orgs Not Taking Cybersecurity Seriously Enough, Black Book Reports | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Healthcare Orgs Not Taking Cybersecurity Seriously Enough, Black Book Reports

December 20, 2017
by Rajiv Leventhal
| Reprints
9 in 10 C-suite executives said cybersecurity is still not a major talking point with their boards

More than eight in ten provider organizations lack a reliable enterprise leader for cybersecurity, while only 11 percent plan to get a cybersecurity officer in 2018, according to a new report from Black Book.

For the survey, Black Book researchers polled more than 300 strategic decision makers in U.S. healthcare organizations, including both providers and payers. When it comes to payers, 31 percent said they have an established manager for cybersecurity programs currently, with 44 percent planning to recruit a candidate in 2018.

The survey revealed that the healthcare industry continues to underestimate security threats as attackers continue to seek data and monetary gain, researchers attested. "The low security posture of most healthcare organizations may prove a target demographic for which these attacks are successful," said Doug Brown, managing partner of Black Book.

The survey also advised on the hesitation of healthcare provider organizations in adopting the best practices for cybersecurity. 54 percent of respondents admitted they do not conduct regular risk assessments, while 39 percent don’t carry out regular penetration testing on their firewalls. “These results may not be all that surprising, however, considering some of the new solution providers are offering passive monitoring for their networks and the upfront costs have been dramatically slashed,” said Brown.

What’s more, 92 percent of the C-suite officers surveyed stated that cybersecurity and the threat of data breach are still not major talking points with their board of directors. And 15 percent of all healthcare organizations responding to the survey said they are taking cybersecurity seriously by having a chief information security officer (CISO) in charge now.

“Cybersecurity has to be a top-down strategic initiative as it’s far too difficult for IT security teams to achieve their goals without the board leading the charge,” said Brown.

Further, 89 percent of respondents reported that in 2018 budgeted IT funds are dedicated toward primarily business functions with provable business cases and only a small fraction is being allocated to cybersecurity.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Dignity Health, UCSF Health Partner to Improve the Digital Patient Experience

Dignity Health and UCSF Health are collaborating to develop a digital engagement platform that officials believe will provide information and access to patients when and where they need it as they navigate primary and preventive care, as well as more acute or specialty care.

Report: Digital Health VC Funding Surges to Record $4.9 Billion in 2018

Global venture capital funding for digital health companies in the first half of 2018 was 22 percent higher year-over-year (YoY) with a record $4.9 billion raised in 383 deals compared to the $4 billion in 359 deals in the same time period last year, according to Mercom Capital Group’s latest report.

ONC Roundup: Senior Leadership Changes Spark Questions

The Office of the National Coordinator for Health IT (ONC) has continued to experience changes within its upper leadership, leading some folks to again ponder what the health IT agency’s role will be moving forward.

Media Report: Walmart Hires Former Humana Executive to Run Health Unit

Reigniting speculation that Walmart and insurer Humana are exploring ways to forge a closer partnership, Walmart Inc. has hired a Humana veteran to run its health care business, according to a report from Bloomberg.

Value-Based Care Shift Has Halted, Study Finds

A new study of 451 physicians and health plan executives suggests that progress toward value-based care has stalled. In fact, it may have even taken a step backward over the past year, the research revealed.

Study: EHRs Tied with Lower Hospital Mortality, But Only After Systems Have Matured

Over the past decade, there has been significant national investment in electronic health record (EHR) systems at U.S. hospitals, which was expected to result in improved quality and efficiency of care. However, evidence linking EHR adoption to better care is mixed, according to medical researchers.