HIMSS: Providers Responding to Cyber Attacks as Fear Grows | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

HIMSS: Providers Responding to Cyber Attacks as Fear Grows

August 17, 2016
by Rajiv Leventhal
| Reprints
Providers cite lack of personnel, resources as main barriers to elevating cybersecurity; ransomware is most feared future threat

With health information increasingly under attack, provider organizations have been increasingly responding to the threat: 85 percent of survey respondents report that cybersecurity efforts within their organization were elevated as a business priority during the past year, according to new research from HIMSS North America.

Instituted as an annual research program in 2015, the Healthcare Information and Management Systems Society (HIMSS) study gauges the perceptions and experiences of U.S. healthcare organizations on a number of cybersecurity topics. The 2016 HIMSS Cybersecurity Survey reflects the first year follow-up from the baseline report established in 2015. One of the reasons providers may be motivated to elevate information security as a business priority is the pervasiveness of security attacks and breaches. In fact, 80 percent of providers in 2016 admitted that their organization had experienced a recent “significant security incident," according to the findings.

This year’s report focuses exclusively on the responses from 150 information security leaders who report having some degree of responsibility for information security in a U.S.-based healthcare provider organization, such as a hospital or long-term care facility. Of the 150 respondents, 119 were acute care providers.

Key findings from the 2016 survey include notable differences between acute and non-acute providers:

• 87 percent of acute providers and 81 percent of non-acute providers made information security a higher priority.

• Barriers to elevating cybersecurity were the lack of appropriate cybersecurity personnel (58 percent (acute, 62 percent non-acute), and lack of financial resources (50 percent acute, 71 percent non-acute).

• Motivations for increased cybersecurity are phishing attacks (80 percent acute, 65 percent non-acute); virus/malware (68 percent acute, 65 percent non-acute); and results of risk assessment (64 percent acute, 77 percent non-acute).

• Vulnerabilities include email, mobile devices and internet of things.

• Common reason for attacks is medical identify theft (77 percent acute, 74 percent non-acute).

• The perceived ability to detect and protect are brute force attacks (75 percent), exploitation of known software vulnerabilities (74 percent), and negligent insider attacks (73 percent).

• Most feared future threats include ransomware (69 percent), advanced persistent threat attacks (61 percent), and phishing attacks (61 percent).

“Stories surrounding the breach of hospital and health systems data are unfortunately no longer infrequent occurrences,” Rod Piechowski, senior director, health information systems, HIMSS, said in a statement. “Cybersecurity attacks have the potential to yield disastrous results for healthcare providers and society as a whole. It is imperative that healthcare providers acknowledge the need to address cybersecurity concerns and act accordingly. Fortunately, the evidence from this study suggests providers are taking steps to address cybersecurity concerns. However, more progress needs to be made so that providers can truly stay ahead of the threats.”

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Email-Related Cyber Attacks a Top Concern for Providers

U.S. healthcare providers overwhelmingly rank email as the top source of a potential data breach, according to new research from email and data security company Mimecast and conducted by HIMSS Analytics.

Former Health IT Head in San Diego County Charged with Defrauding Provider out of $800K

The ex-health IT director at North County Health Services, a San Diego County-based healthcare service provider, has been charged with spearheading fraudulent operations that cost the organization $800,000.

Allscripts Touts 1 Billion API Shares in 2017

Officials from Chicago-based health IT vendor Allscripts have attested that the company has reached a new milestone— one billion application programming interface (API) data exchange transactions in 2017.

Dignity Health, CHI Merging to Form New Catholic Health System

Catholic Health Initiatives (CHI), based in Englewood, Colorado, and San Francisco-based Dignity Health officially announced they are merging and have signed a definitive agreement to combine ministries and create a new, nonprofit Catholic health system.

HHS Announces Winning Solutions in Opioid Code-a-Thon

The U.S. Department of Health and Human Services (HHS) hosted this week a first-of-its-kind two-day Code-a-Thon to use data and technology to develop new solutions to address the opioid epidemic.

In GAO Report, More Concern over VA VistA Modernization Project

A recent Government Accountability Office (GAO) report is calling into question the more than $1 billion that has been spent to modernize the Department of Veterans Affairs' (VA) health IT system.