Maintaining good cybersecurity hygiene in healthcare settings has become a nightmare, new research indicates. IT budgets are tight, staff and skills are lacking, and leadership is hard to find as the impact on a CISO’s career is simply too big in case of a security incident.
While some studies project a positive outlook for the global cybersecurity workforce, the healthcare industry doesn’t quite fit that model, according to Black Book Research. The firm’s surveys with various providers and job ranks have uncovered concerns about the state of cybersecurity in healthcare today. According to the research, there are so many gaps, vulnerabilities and deficiencies that healthcare institutions are essentially ‘sitting ducks’ for malicious actors.
A ‘people’ problem
Ninety-six percent of IT professionals in one survey said cybercriminals are outpacing their organizations’ defenses, leaving providers at a disadvantage in responding to vulnerabilities.
In a survey of 291 healthcare human resources executives,the researchers found it takes 70% longer to fill cybersecurity roles in health systems than other IT jobs.
In a poll of 66 health system CISOs, three quarters said experienced cybersecurity professionals are unlikely to choose a career in the healthcare industry because of hurdles associated with the job– especially in a cyber incident.
“More than in other industries, healthcare CISOs are ultimately held responsible for a data breach and the financial and reputation impacts to the provider organization despite having extremely limited decision-making technology or policy making authority,” according to the report.
Remote work and cloud-based operations
Healthcare cybersecurity has become even more complicated amid the COVID-19 pandemic, as understaffed IT security departments are scrambling to accommodate the surge in demand for remote services from patients and physicians while also responding to the surge in security risks.
90% of health systems and hospital employees who shifted to a work-at-home assignments due to the pandemic did not receive updated guidelines or training on the increasing risk of accessing sensitive patient data.
"Despite the rising threat, the vast majority of hospitals and physicians are unprepared to handle cybersecurity threats, even though they pose a major public health problem," said Brian Locastro, lead researcher on the 2020 State of the Healthcare Cybersecurity Industry study by Black Book Research.
To mitigate some risk, 59% of health system CIOs surveyed are shifting security strategies to address user authentication and data access.
Cybersecurity outsourcing (MDR/SOC) in high demand
Also among the C-suite, 69% said their health system's budget for cybersecurity consulting is increasing in 2021 to address gaps, secure network operations, and user security on-premises and in the cloud.
More importantly, the shortage of cybersecurity professionals and lack of appropriate technology solutions are forcing a rush to acquire services and outsourcing. Vendors, for their part, are responding to the labor crunch by offering healthcare providers and hospitals a growing portfolio of managed cybersecurity services, like Managed Detection and Response (MDR), or Security Operations Center as a Service (SOCaaS), the research showed.
Other findings include:
tags
Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.
View all postsDon’t miss out on exclusive content and exciting announcements!