Boards, senior execs pay more attention to security

Top healthcare IT executives say their organizations’ board members and senior leaders are paying more attention to data security concerns.

But at the same time, few organizations have a fully functional security program, say about 200 chief information, security and technology officers who participated in the survey, conducted by KLAS Research and the College of Healthcare Information Management Executives.

Only 16 percent of responding providers reported having a robust security initiative, and most of those were large hospitals or integrated delivery systems.

Also See: CIO and CMIO roles will continue to evolve in 2017

Some 41 percent of respondents reported that their organizations are developing a program and starting implementation; smaller hospitals and physician practices lag, survey results indicate.

According to the survey, 42 percent of responding organizations have a vice president or C-level person in charge of cybersecurity, and 62 percent of respondents report having quarterly security discussions with their boards.

“As healthcare continues to march toward greater integration and information sharing across the continuum, we must become more vigilant in protecting data networks,” says Russell Branzell, president and CEO of CHIME. “Security has to be seen as an organizational priority. It is encouraging to see more C-level executives and boards taking greater responsibility for the issue.”

Branzell-Russ-CROP2.png

More than half of respondents say their organizations are using encryption to secure information on networks; 42 percent are using antivirus/malware technology; and nearly two-thirds report using security information and event management technology (SIEM) to detect phishing and ransomware attacks. Significantly, 75 percent follow the NIST Cybersecurity Framework.

Also See: 13 top paying cloud and security jobs for 2017

The study also includes provider experiences in such security areas as data loss prevention, identity and access management, mobile device management and SIEM. The report is available here for free; registration is required.

For reprint and licensing requests for this article, click here.