Only 27 Percent of Healthcare Security Execs Confident about Safeguarding Patient Data | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Only 27 Percent of Healthcare Security Execs Confident about Safeguarding Patient Data

November 20, 2017
by Heather Landi
| Reprints
Click To View Gallery

Just 27 percent of healthcare security executives said they have confidence they could safeguard patients’ medical records, even though nearly 80 percent are required to comply with government regulations, according to a recent survey from cybersecurity solutions provider Radware.

The survey of nearly 200 security executives from the healthcare sector (almost 90 percent having executive authority to direct security activities and investments) found that healthcare lagged behind other industries such as retail and financial services when it comes to mitigating risk.

Analysis of survey feedback paints a portrait of a sector ill at ease with the growing security demands being placed on their institutions, the report authors wrote. Nearly two-thirds of respondents (62 percent) have little to no confidence they could rapidly adopt security patches and updates without having an operational impact, while 70 percent said less than 50 percent of data loss incidents over the past 24 months were fully tracked and patched.

More than half (55 percent) of healthcare organizations said they had no way to track data shared with a third party after it left the corporate network. Healthcare organizations are particularly unlikely to monitor the Darknet for stolen data, with 37 percent saying they did so, compared to 56 percent in financial services, and 48 percent in retail.

While 68 percent of respondents invested somewhat or significantly in security controls following major industry data breaches or attacks, only 21 percent use API gateways, 23 percent WAFs and only 29 percent use both.

The survey results were published in a report titled “Web Application Security in a Digitally Connected World,” and looked at the retail, financial services and healthcare sectors specifically. Radware, in conjunction with Ponemon Research, surveyed over 600 chief information security officers (CISOs) and other security leaders across six continents. The intent was to uncover the challenges that emerging technologies, such as blockchain, artificial intelligence (AI) and Internet of Things (IoT) as well as rapid-fire application deployments are presenting, ascertain how organizations in different industries identified application-layer and API vulnerabilities, measure the impact that bots are having on organizations and construct a security roadmap for today and tomorrow.

The research also exposed the proliferation of bot-driven Web traffic and its impact on organizations’ application security. Bots, as with other industries, are becoming more dominant from a generated traffic perspective, with 36 percent of network traffic in healthcare being bots. However, only 20 percent of respondents can identify with certainty whether the 36 percent are good or bad bots.

The report also found that nearly half (45 percent) of respondents, across retail, financial services and healthcare industries, had experienced a data breach in the last year, and 68 percent are not confident they can keep corporate information safe.

What’s more, companies often leave sensitive data under-protected. Some 60 percent of organizations both share and consume data via APIs, including personally identifiable information, usernames/passwords, payment details, medical records, etc. Yet 52 percent don’t inspect the data that is being transferred back and forth via their APIs, and 51 percent of respondents don’t perform any security audits or analyze API vulnerabilities prior to integration.

Many organizations want the full automation and agility that the continuous delivery model of app development provides—half (49 percent) of respondents currently use the continuous delivery of application services and another 21 percent plan to adopt it within the next 12 to 24 months. However, continuous delivery can compound the security challenges of app development: 62 percent reckon it increases the attack surface and approximately half say that they do not integrate security into their continuous delivery process.

Any organization that collects information on European citizens will soon be required to meet the strict data privacy laws imposed by General Data Protection Regulations (GDPR). These regulations take effect in May 2018. However, with less than a year until the due date, 68 percent of organizations are not confident they will be ready to meet these requirements in time.

“It’s alarming that executives at organizations with sensitive data from millions of consumers collectively don’t feel confident in their security,” Carl Herberger, vice president of security solutions at Radware, said in a statement “They know the risks, but blind spots continue to pose a threat. Until companies get a handle on where their vulnerabilities are and take steps to protect them, major attacks and data breaches will continue to make headlines.”


Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Survey: Infrastructure, Interoperability Key Barriers to Global HIT Development

A new survey report from Black Book Research on global healthcare IT adoption and records systems connectivity finds nations in various phases of regional electronic health record (EHR) adoption. The survey results also reveal rapidly advancing opportunities for U.S.-based and local technology vendors.

Penn Medicine Opens Up Telehealth Hub

Philadelphia-based Penn Medicine has opened its Center for Connected Care to centralize the health system’s telemedicine activities.

Roche to Pay $1.9B for Flatiron Health

Switzerland-based pharmaceutical company Roche has agreed to pay $1.9 billion to buy New York-based Flatiron Health Inc., which has both an oncology EHR and data analytics platform.

Financial Exec Survey: Interoperability Key Obstacle to Value-Based Payment Models

Momentum continues to grow for value-based care as nearly three-quarters of healthcare executives report their organizations have achieved positive financial results from value-based payment programs, to date, according to a new study from the Healthcare Financial Management Association (HFMA).

Cerner, Children's National to Help UAE Pediatric Center with Health IT

Al Jalila Children's Specialty Hospital, the only pediatric hospital in the United Arab Emirates, has entered into an agreement with Washington, D.C.-based Children's National Health System to form a health IT strategic partnership.

Telemedicine Association Names New CEO

The American Telemedicine Association (ATA) has named Ann Mond Johnson its new CEO, replacing Jon Linkous who stepped down suddenly last August after 24 years as the organization’s CEO.