Recent studies indicate that there is not necessarily a solid trend in whether healthcare cybersecurity budgets are increasing as needed to meet evolving threats.
As HIPAA data breaches continue to be reported, it would make sense that healthcare cybersecurity budgets increase as necessary to ensure that organizations are prepared for potential attacks. Making investments in technological safeguards, employee training, and IoT security measures for connected devices are all essential steps for protecting sensitive data.
Along with investing in cybersecurity needs, healthcare organizations must understand that different tools will often require unique data security measures and approaches.
A recent ZingBox survey found that 70 percent of healthcare IT decision makers believe that traditional security solutions used to secure laptops and servers are enough for IoT connected medical device security as well.
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
Approximately three-quarters of respondents said that they are confident or very confident that all devices connected to their network are protected.
ZingBox CEO and Co-founder Xu Zou explained that there are often confusion and misconceptions around securing healthcare medical devices.
“The need to gain a deeper understanding of the unique individual personalities of IoT devices remains a foreign concept to many,” Zou said in a statement. “Unfortunately, you need to understand the device personalities to gain accurate visibility and protection.”
“IoT technology presents special challenges to a healthcare organization’s ability to protect itself from both insider threats as well as external cyber-attacks across a wide range of attack vectors, as demonstrated by the most recent WannaCry ransomware and NotPetya wiperware attacks,” Zou continued. “As these attacks continue to step to the forefront, companies deploying IoT devices need to be more cognizant than ever of their security measures.”
Survey respondents also said that they believe they can detect network traffic irregularities and account for the different personalities of an infusion pump or glucometer. IT decision makers added they can detect when devices are not behaving as intended, even though the devices have the same laptop and server security techniques and not unique IoT security measures.
ZingBox CTO and Co-founder May Wang added that the survey results are “sobering,” and that healthcare organizations need to change how they view healthcare IT security, especially with connected devices.
“This is a tremendous opportunity to raise awareness of healthcare organizations regarding their perception of security and their need to consider modern techniques such as cloud, machine learning and real-time remediation across an organization’s entire IoT footprint,” Wang said in a statement. “IoT requires a more thorough approach to constantly monitor for deviations in behavior and provide alerts for suspicious behavior.”
A survey conducted in conjunction with CHIME also found that cybersecurity budgets might not be a top priority for IT executives.
Just 4 percent of 425 IT professionals said that cybersecurity was a top healthcare IT investment, which was a drop from 53.3 percent reporting the same in 2016.
Nearly sixty-seven percent said they planned to invest in patient portals and 58 percent were looking toward telemedicine technologies as a top investment area. EHR systems or services was also a leading priority, with 41 percent of respondents expecting to make a purchase in 2017.
Overall, 41 percent of those surveyed said that their budgets increased compared to 2016, with funding increasing from 1 to 5 percent. Six percent of respondents said they had budget increases of 16 percent or more.
However, a KLAS Research and CHIME survey published earlier this year found that 42 percent of organizations have a vice president or C-level official in charge of cybersecurity. Furthermore, 62 percent said that security is discussed quarterly at board meetings.
Nearly all respondents – 96 percent – reported that they have someone in charge of their organization’s security program.
In terms of IT spending though, the KLAS and CHIME report found that 41 percent of respondents dedicated less than 3 percent to security. Twenty-seven percent said they have dedicated 3 to 4 percent to security, while 18 percent said they had more than 7 percent of their IT budget focused on security.
CHIME President and CEO Russell Branzell, FCHIME, CHCIO explained though that healthcare organizations are taking patient data protection seriously.
“As healthcare continues to march toward greater integration and information sharing across the continuum, we must become more vigilant in protecting data networks,” Branzell said in a statement. “Security has to be seen as an organizational priority. It is encouraging to see more C-level executives and boards taking greater responsibility for the issue.”
Healthcare organizations might not think that cybersecurity spending needs to be a top priority, but it could take an even greater amount of money to recovery from a large-scale data breach. IoT security, mobile security, and basic healthcare cybersecurity measures must all be considered and appropriately applied.
Date:July 31, 2017