Healthcare Information Security

Cybersecurity News

Healthcare Cybersecurity Threats Hinder HIT Development

Black Book found that health IT development can be further improved with solutions to aid in healthcare cybersecurity threat prevention and in easing interoperability.

healthcare cybersecurity threat mitigation data security

Source: Thinkstock

By Elizabeth Snell

- Healthcare organizations across the globe are working to adopt and deploy EHRs without opening themselves up to interoperability issues, healthcare cybersecurity threats, and HIT infrastructure problems, according to a recent Black Book survey.

Ninety percent of international respondents said confusion continues to exist around the definition of a highly interoperable EHR system outside the US, the 2018 State of the Global EHR Industry found. Only 7 percent of all international EHR survey respondents said their regional HIT system had "meaningfully connectivity" with other providers.

Black Book surveyed approximately 7,500 physicians, health administrators, technology managers, and clinical leaders in ambulatory and inpatient settings in 23 countries. Respondents revealed gaps, challenges and successes in healthcare IT adoption and records systems connectivity.

"A number of countries have launched national initiatives to develop ICT-based health solutions including EHR systems and have progressed well, despite several hurdles," Black Book Research Managing Partner Doug Brown said in a statement. "As the obstacles are clearing with technological and non-technological interventions, approved standards and regulatory frameworks, funding and health-tech guidelines, the growth opportunities for U.S.-based global EHR vendors magnify as well." 

Cybersecurity issues were also cited as a top concern with senior executives in a recent survey from Marsh and Microsoft Corp. Two-thirds of respondents said cybersecurity was one of their top five risk management priorities but 19 percent stated they were highly confident in their organization’s ability to mitigate and respond to a cyber event.

One-third of respondents said their organization had developed a plan to mitigate and respond to a cybersecurity issue.

The Marsh and Microsoft report gathered responses from 1,300 senior executives such as CEOs, CFOs, chief technology officers, chief risk officers. Respondents hailed from numerous countries and industries, including but not limited to healthcare, manufacturing, and financial services.

There was also confusion with regard to which department is actually in charge of cybersecurity, the report showed. Seventy percent of respondents said the IT department was a primary owner and decision-maker for cyber risk management, while 37 percent put the responsibility with the C-suite.

“Cyber risk is an escalating management priority as the use of technology in business increases and the threat environment gets more complex,” Marsh Global Risk and Digital President John Drzik said in a statement. “It’s time for organizations to adopt a more comprehensive approach to cyber resilience, which engages the full executive team and spans risk prevention, response, mitigation and transfer.” 

Twenty percent of respondents said they did not currently have or plan to have cyber insurance, with 25 percent saying they did not know their organization’s cyber insurance status.

Business interruption (75 percent), reputational damage (59 percent), breach of customer information (55 percent), data or software damage (49 percent), and extortion/ransomware (41 percent) were the top cited cyber loss scenarios that presented the greatest impact to an organization.

Proper cyber hygiene is crucial to improving cyber risk management, report authors explained.

“As cybercriminals become ever-more sophisticated, there is simply no way for organizations to protect themselves against threats unless they update their systems,” researchers wrote. “Without continuous cyber hygiene, organizations are fighting the problems of the present with tools from the past.”

Healthcare cybersecurity threat prevention will benefit greatly from having the right cybersecurity staff members in place. Regular and comprehensive employee training is also critical for current risk management plans.

A Black Book survey published in December 2017 further underlined this fact when it found that 84 percent of healthcare organizations do not have a cybersecurity leader. Only 11 percent of the 324 decision makers at US healthcare organizations said they planned to hire a cybersecurity officer for 2018.

Additionally, 15 percent of respondents said their organization had a chief information security officer (CISO) currently in charge.

Approximately half of those surveyed added they do not conduct regular risk assessments, with 39 percent saying their organization does not conduct regular firewall penetration testing.

"The low security posture of most healthcare organizations may prove a target demographic for which these attacks are successful," Black Book’s Brown stated. “Cybersecurity has to be a top-down strategic initiative as it's far too difficult for IT security teams to achieve their goals without the board leading the charge."


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...