Majority of healthcare organizations have recently seen ‘significant’ data security incident

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://medcitynews.com/2015/06/majority-of-healthcare-organizations-have-recently-seen-significant-data-security-incident/

Think healthcare data security is a bigger problem now than it was a year
ago? Insiders would agree.

In a newly released survey from the Healthcare Information and Management
Systems Society, 87 percent of health information security officers and
other health IT professionals said that cybersecurity has become a higher
business priority within their organizations in the last year. Two-thirds
of the 297 respondents reported having experienced a “significant security
incident in the recent past,” according to the survey, released Tuesday at
the HIMSS Privacy & Security Forum in Chicago.

“I don’t think that I was necessarily surprised by this,” Jennifer
Horowitz, senior director of research for HIMSS North America, told MedCity
News.

Horowitz said that the question was worded vaguely on purpose. “We left
that to the discretion of the respondents.” HIMSS used the word “incident”
instead of “breach” or “hack” for the same reason, she said.

On average, the survey-takers’ organizations use 11 different technologies
to try to secure their networks and data, in part because hackers, phishers
and other scammers are getting more sophisticated. According to the survey,
81 percent said that security-related technologies need to evolve and 69
percent said that the threat of phishing attacks have motivated them to
step up cybersecurity.

Still, though, the top source of recent “security incidents” is negligence
from inside the organization, named by 46 percent of respondents, and 64
percent said that an insider has been responsible for a significant
incident at some point.

On the positive side, 57 percent indicated that their organization has at
least one full-time staffer dedicated to this problem. While 42 percent
said that there are too many new and emerging threats to track adequately,
their security teams are able to identify more than half of all information
security threats internally.

“I think they’re doing a lot of things right,” Horowitz said.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!