Only 5% of Healthcare Organizations Use Risk Management Software

A recent survey conducted by risk management software vendor Netwrix has revealed only 5% of healthcare organizations are using software for risk management and security governance. Additionally, only 32% of healthcare organizations said they had a separate cybersecurity function.

Stolen healthcare records are being sold for big bucks on darknet marketplaces and there is high demand for data. Hackers are increasingly attacking healthcare organizations due to the high potential returns. The risk of healthcare cyberattacks and data breaches is now greater than ever before.

Even though hackers are extensively targeting the healthcare industry, the greatest threat comes from within. As the Protenus Breach Barometer healthcare data breach reports show, negligent and malicious insiders cause the most data breaches. As Netwrix co-founder and CEO Michael Fimin explained, “Even though most employees do not have malicious intent, organizations need to gain visibility into user activity across the IT infrastructure.”

He also pointed out that many HIPAA covered entities do not know what is happening in their environment. That means it is not possible to effectively mitigate human error, data breach detection is slow, and the response time to incidents is too long. Insider data breaches often take many months – or even years – to discover.

Respondents to the survey rated employees as the biggest security threat. Malware was rated as the biggest cause of security breaches by 59% of respondents. Malware is often installed as a result of employees responding to phishing emails. 47% of respondents said human error was the main root cause of breaches.

The main security focus for organizations was endpoint security (61%), database security (56%) and virtual infrastructure security (47%).

When asked about their compliance programs, 36% of respondents said they had experienced problems passing an audit or were having difficulty with HIPAA compliance, which Netwrix notes, involves maintaining proper audit trails.

The biggest data security problem areas were unstructured data in third-party data centers, BYOD, and employees installing unauthorized software (Shadow IT).

The main obstacles preventing enhancements to cybersecurity defenses were a lack of budget and time, both were rated as major obstacles by 75% of respondents. 44% of respondents said insufficient participation from senior management was an issue.

56% of respondents said they will be investing in information security in the next 12 months, with the main areas being data breach prevention technology, intellectual property theft prevention, and technology to prevent cyber sabotage.

About Ryan Coyne 218 Articles
Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan’s professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter