Cybersecurity has been elevated to a central concern for healthcare providers, with more attention at the board level and the C-suite, according to a new survey by KLAS Research and the College of Healthcare Information Management Executives (CHIME). For the study, KLAS conducted nearly 200 interviews of chief information security officers, chief information officers, chief technology officers and other security professionals on provider adoption of and experiences regarding specific cybersecurity solutions, including:
– data loss prevention (DLP)
– identity and access management (IAM)
– mobile device management (MDM)
– security information and event management (SIEM)
The study reveals that 42 percent of organizations have a vice president or C-level official in charge of cybersecurity; 62 percent report that security is discussed quarterly at board meetings. 16 percent of providers at mostly large hospitals or integrated delivery networks, reported having “fully functional” security programs. Another 41 percent reported that they’ve developed and are starting to implement a program. Smaller hospitals and physician practices lagged behind in their program development.
Other key findings of the CHIME-KLAS study include:
– 55 percent of respondents reported that encryption is the most common way of securing connected endpoints on their networks, followed by antivirus/malware systems at 42 percent.
– 63 percent of respondents reported that security information and event management (SIEM) is the most common method for detecting phishing and ransomware attacks.
– 75 percent of respondents reported that they are following the National Institute of Standards and Technology Cybersecurity Framework.
“Healthcare organizations take their responsibility for protecting patient information and their data networks very seriously,” said CHIME President and CEO Russell Branzell, FCHIME, CHCIO. “As healthcare continues to march toward greater integration and information sharing across the continuum, we must become more vigilant in protecting data networks. Security has to be seen as an organizational priority. It is encouraging to see more C-level executives and boards taking greater responsibility for the issue.”
“Providers are embracing cybersecurity and report that vendor solutions are becoming more robust and responsive to provider’s needs,” said Garrett Hall, Director of Cybersecurity for KLAS. “However, cybersecurity remains a significant challenge for many providers, and the healthcare industry as a whole.”
Providers may access a free copy of the report (registration required) at: