EXOME

all the information, none of the junk | biotech • healthcare • life sciences

Doctors See Big Cybersecurity Risks, Compliance as Key for Hospitals

Xconomy Boston — 

Cybersecurity and healthcare IT are both burgeoning areas of business. Put them together and you have a volatile mix of emerging technologies, security and privacy risks, and regulatory requirements—but also a lot of opportunity for growth and improvements.

It’s no surprise that doctors and hospital administrators are concerned with security. The healthcare industry is a top target of cyber attacks (see the Anthem data breach), and it has highly sensitive information about large swaths of the population.

But a new survey from MedData Group in Topsfield, MA, shows that physicians have very different opinions about cyber threats as compared to administrators and health IT professionals. The survey was done in June and polled 272 doctors and healthcare workers around the U.S.

A key finding is that doctors gave lower ratings to their organizations’ abilities to counter cyber crime than did hospital administrators and IT personnel. The chart below shows 21 percent of doctors rated their clinics’ cybersecurity systems as below average, as compared to only 8 percent of administrators and IT workers. (Not surprising, perhaps, but I’m going with the doctors on this one.)

Healthcare and cyber threats

 

Another difference of opinion is in where the greatest vulnerabilities lie. Administrators tend to cite e-mail and messaging systems as the top weakness, while doctors also list electronic health records, mobile devices, and patient portals:

Security vulnerabilities in healthcare

 

What everyone seems to agree on is where the threats are coming from. Across all healthcare staff surveyed, the top risks cited are malicious outsiders, malware, and hacked mobile apps, with application or network failures coming in after that:

risks

 

Another point of agreement is on what will drive change. Eighty-three percent of respondents said the top driver for securing sensitive data in healthcare organizations is the need to comply with standards and regulatory requirements.

The healthcare industry has enough to worry about without getting hacked, of course. Sadly, this is the reality in any sector whose companies and organizations have access to a lot of valuable information. Now is the time to listen to those on the front lines—before the next big attack is discovered.