Fortified Health Security, a provider of healthcare-focused information security, compliance and managed services recently released its annual Horizon Healthcare Cybersecurity Report. The Horizon Report reviews Fortified’s predictions for 2017 and how they fared against reality, while providing a summary of lessons learned during the past year.
In 2017, Fortified conducted a security risk analysis, OCR mock audits, HITRUST certifications and strategic security planning for the majority of its clients. Although varied in size, revenue, network complexities and geography, three common trends were identified were:
1. Policies and procedures are weak, or don’t align with the actual implementation of safeguards
2. Organizations lack concise asset inventories
3. There is a lack of well-structured vulnerability management programs.
“It’s evident from this analysis that although healthcare organizations are busy with EHR transitions and upgrades, movements to the cloud and other IT and security projects, it is imperative that a priority be set on getting back to the fundamentals of risk management and good cybersecurity hygiene,” said Dan L. Dodson, president of Fortified Health Security in a statement. “We must commit ourselves if we want and expect to improve.”
The report also takes a look at what healthcare organizations can expect to experience regarding healthcare cybersecurity in 2018: