Study: Healthcare IT Professionals Overconfident in Breach Detection Skills | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Study: Healthcare IT Professionals Overconfident in Breach Detection Skills

December 15, 2016
by Heather Landi
| Reprints

In a study evaluating the confidence of IT professionals regarding the efficacy of seven key security controls to help detect a cyber attack in progress, healthcare IT professionals were overconfident in their ability to quickly collect the data needed to identify and remediate a cyber attack.

Tripwire, a provider of security and compliance solutions, sponsored the study, which was conducted by Dimensional Research. The study evaluated the confidence vs. knowledge of IT professionals regarding the efficacy of seven key security controls, which must be in place to quickly detect a cyber attack in progress. Respondents of the Tripwire 2016 Breach Detection Study included 763 IT professionals from various industries, including 101 participants from the health care sector.

For many controls, IT professionals believed they had the information necessary to detect a breach quickly—but provided contradictory information about the specific data, according to the study report.

The Tripwire study also cites data from Verizon’s 2016 Data Breach Investigations Report which indicates that 63 percent of successful system compromises in the health care industry occurred within minutes, 56 percent of data breaches impacting the health care sector actually took months to detect.

The Tripwire study found that 90 percent of healthcare IT professionals believe they could detect configuration changes to endpoint devices on their organization’s networks within hours, but less than half (49 percent) know exactly how long it would take their vulnerability scanning systems to generate an alert.

“There’s no argument that these basic controls work and contribute directly to an organization’s cyber security, yet the research shows they are not in place at enough health care organizations,” Tim Erlin, senior director of IT security and risk strategy at Tripwire, said in a statement. “This is occurring at a time when the health care industry is facing unique cyber threats, from physical theft to sophisticated ransomware campaigns.”

Erlin continued, “The basics of finding unauthorized devices and vulnerabilities and applying patches in a timely manner should be done at every organization in order to create a baseline of cybersecurity. These fundamental controls should be in place before organizations look at the latest shiny security object.”

The study results also indicated that nearly two-thirds (60 percent) of the healthcare IT respondents believe their automated tools do not pick up all of the critical details or information that is needed to identify the locations and departments where the unauthorized devices were detected.

Eighty-three percent of the respondents believe they could detect configuration changes to a network device within hours; however, only a little over half (54 percent) know how long the process would actually take.

Nearly half of the respondents (45 percent) said critical vulnerabilities detected by their scanning tools are not fixed or remediated within 30 days. Additionally, 43 percent of the respondents said less than 80 percent of patches succeed in a typical patch cycle.

The study is based on seven key security controls required by a wide variety of compliance regulations, including PCI DSS, SOX, NERC CIP, MAS TRM, NIST 800-53, CIS Top 20 and IRS 1075. These controls also align with the United States Computer Emergency Readiness Team’s (US-CERT) recommendations and international guidance, such as the Australian Signals Directorate’s Strategies to Mitigate Targeted Cyber Intrusions.

When implemented across an organization, these controls deliver specific, actionable information necessary to defend against the most pervasive and dangerous cyber attacks. According to the study authors, it is vital for organizations to identify indicators of compromise quickly, so that appropriate action can be taken before any damage is done.


Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Study will Leverage Connecticut HIE to Help Prevent Suicides

A new study will aim to leverage CTHealthLink, a physician-led health information exchange (HIE) in Connecticut, to help identify the factors leading to suicide and to ultimately help prevent those deaths.

Duke Health First to Achieve HIMSS Stage 7 Rating in Analytics

North Carolina-based Duke Health has become the first U.S. healthcare institution to be awarded the highest honor for analytic capabilities by HIMSS Analytics.

NIH Releases First Dataset from Adolescent Brain Development Study

The National Institutes of Health (NIH) announced the release of the first dataset from the Adolescent Brain Cognitive Development (ABCD) study, which will enable scientists to conduct research on the many factors that influence brain, cognitive, social, and emotional development.

Boston Children's Accelerates Data-Driven Approach to Clinical Research

In an effort to bring a more data-driven approach to clinical research, Boston Children’s Hospital has joined the TriNetX global health research network.

Paper Records, Films Most Common Type of Healthcare Data Breach, Study Finds

Despite the high level of hospital adoption of electronic health records and federal incentives to do so, paper and films were the most frequent location of breached data in hospitals, according to a recent study.

AHA Appoints Senior Advisor for Cybersecurity and Risk

The American Hospital Association (AHA) has announced that John Riggi has joined the association as senior advisor for cybersecurity and risk.