2018 HIMSS Cybersecurity Survey Findings

The 2018 HIMSS Cyber Security Survey has been released and it’s a “must read” for anyone in the healthcare security space.

Most Respondents Have Had a Significant Security Incident

An overwhelming 75% of survey respondents indicated that their organization had experienced a significant security incident in the past 12 months. It is unfortunate that the 2017 survey did not include this question for comparison purposes so it is impossible to tell whether the respondents would have indicated this is an increase or decrease over 2017.

Image Source: 2018 HIMSS Cybersecurity Survey

Phishing and Negligence are Top Threat Actors

37.6% of respondents identified “online scam artists” such as though behind phishing and spear phishing campaigns as the #1 threat actor in 2018. Next in line? “Negligent insiders” at 20.8%.  Negligent Insiders are defined as well-meaning but negligent individuals with trusted access that inadvertently may facilitate a breach.

E-mail Dominates as the Initial Point of Compromise

While this is no surprise given the #1 position of “online scam artists” cited above, the attribution of phishing emails as the starting point for 61.9% of all significant security events was higher than expected. This strongly suggests that in addition to robust network security detection and containment solutions healthcare providers should also be investing to create a culture of security through employee training.

More Resources Being Allocated to Cybersecurity

If there is a bright spot in the survey it is certainly that healthcare organizations as a whole (83.4%) are allocating more resources to cybersecurity. This is good news since 2018 saw cybercriminals increasing their focus on healthcare and other high profile industries that have deep pockets and a low threshold of pain.

The Cure for Your Cyber Security Pain

Konsultek knows healthcare security. Organizations both small and large trust their network security to our customized solutions and holistic approach. If you are experiencing the symptoms of a cybersecurity illness it may be time to schedule an appointment with one of our specialists.  From executive assessments to penetration testing we have the knowhow and experience to identify and cure what ails you.

© Copyright 2018 Konsultek