Hospitals Lack Proper Web Security Programs, HIMSS Analytics Reports | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Hospitals Lack Proper Web Security Programs, HIMSS Analytics Reports

November 30, 2015
by Heather Landi
| Reprints

While healthcare leaders under the risks to their data security, many still do not understand the best way to address these challenges, leaving hospitals and health centers vulnerable to cybersecurity threats, according to a survey by HIMSS Analytics.

The survey found that 39 percent of healthcare organizations do not have an on-premise Web Application Firewall installed to protect their data center, which is the most traditional line of defense against Web application attacks, according to the survey authors. And, additionally, 23 percent of survey respondents said they have no web security programs in place at all, and nearly half of those respondents are from hospitals with 200 beds or more.

The HIMSS Analytics survey, in partnership with Akamai, was designed to highlight the current state of web security in healthcare as well as what plans are in place to improve preparedness. Survey respondents were comprised of 94 healthcare IT executives, including CIOs, CSOs, directors of IT and technology, IT security officer and chief compliance officer.

The survey also found that only 42 percent of healthcare organizations have implemented Distributed Denial of Service (DDoS) protection solutions, with only 13.2 percent planning to implement such a solution.

“This leaves 35 percent of healthcare organizations vulnerable to a type of cyberattack that is increasing in frequency and size across all industries, including healthcare, and is a significant threat to network availability,” the survey authors stated.

Additionally, only 21 percent of respondents say they have a cloud web application firewall (WAF), which, according to the authors, could help mitigate cybersecurity threats, and only 16.5 percent intend to implement one.

Respondents seem aware of their vulnerabilities, with 57 percent saying they “somewhat agree,” “agree,” or “strongly agree” with the statement, “Requirements for interoperability with entities and systems outside of my organization’s network is a security issue my organization faces.” And, despite the lack of protection, 61 percent of respondents said that they “agree” with the statement, “My organization is adequately protected against web application attacks.”

“Overall, the survey indicates a troubling reality relating to cybersecurity in healthcare: Since web-based attack methods become more pervasive as the healthcare industry becomes more connected, healthcare organizations need to increase their sense of urgency and their investment in implementing fundamental web security solutions,” the survey authors concluded.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Advocate Aurora Health, Foxconn Plan Employee Wellness, “Smart City,” and Precision Medicine Collaboration

Wisconsin-based Advocate Aurora Health is partnering with Foxconn Health Technology Business Group, a Taiwanese company, to develop new technology-driven healthcare services and tools.

Healthcare Data Breach Costs Remain Highest at $408 Per Record

The cost of a data breach for healthcare organizations continues to rise, from $380 per record last year to $408 per record this year, as the healthcare industry also continues to incur the highest cost for data breaches compared to any other industry, according to a new study from IBM Security and the Ponemon Institute.

Morris Leaves ONC to Lead VA Office of Electronic Health Record Modernization

Genevieve Morris, who has been detailed to the U.S. Department of Veterans Affairs (VA) from her position as the principal deputy national coordinator for the Department of Health and Human Services, will move over full time to lead the newly establishment VA Office of Electronic Health Record Modernization.

Cedars-Sinai Accelerator Program Presents Fourth Class of Startups

The Cedars-Sinai Accelerator, a program that helps entrepreneurs bring their innovative technology products to market, has brought in nine more health tech startups as part of its fourth class.

DirectTrust Adds Five Board Members

DirectTrust, a nonprofit organization that support health information exchange, announced the appointment of five new executives to its board of directors.

Analysis: Many States Continue to Have Restrictive Telemedicine Policies

State Medicaid programs are evolving to accelerate the adoption of telemedicine models, this evolution is occurring more quickly in some states than others, according to a recent analysis by Manatt Health.