25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

HIMSS Releases 2015 Healthcare Cybersecurity Report

Posted By on Jul 9, 2015

297 healthcare leaders and information security professionals have recently given their opinions to HIMSS on the state of healthcare cybersecurity, with the results of the survey recently published in HIMSS’s 2015 Cybersecurity Report.

The release of the report coincided with the Chicago Privacy and Security Forum event between June 30 and July 1 of this year. The report highlights a number of concerns about cybersecurity; perhaps the most pressing being the sheer shale of the current attack surface. Hackers are breaking through security defenses left, right and center; but more worrying is the fact that they have been doing that for a number of months, and are already inside many computer systems.

Healthcare Professionals are Concerned Their Protections may not be Enough

 

Numerous major breaches have affected tens of millions of employees, consumers and patients over the course of the past few months. New data breaches are being discovered on an almost daily basis and no industry appears to be safe from attack.

Hacking groups are (allegedly) being financed by foreign governments, and employees are snooping on patients and are selling their data. It is no surprise that IT professionals, CIOs and CISOs are concerned given the current threat landscape and how rapidly it is changing: 42% said that there were now so many threats it was impossible to track them all, and half of respondents felt their organizations only had an average level of protection.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

HIPAA requires multi-layered defenses to be put in place to secure Protected Health Information. The survey indicates an average of 11 technologies are employed by each organization to keep data secure, and half of the respondents said they now needed full time staff to manage information security.

A Wake-Up Call for the Healthcare Industry

 

HIMSS Vice President of Technology Solutions, Lisa Gallagher, said “The recent breaches in the healthcare industry have been a wake-up call that patient and other data are valuable targets and healthcare organizations need a laser focus on cybersecurity threats.”

Two thirds of respondents said they have suffered recent data breaches, even though at least 50% of the respondents had addressed cybersecurity threats with improved network security measures, endpoint protections, data loss prevention measures, disaster recovery policies and IT continuity measures.

Gallagher went on to say, “Healthcare organizations need to rapidly adjust their strategies to defend against cyber-attacks. This means incorporating threat data, and implementing new tools and sophisticated analysis into their security process.” At least two thirds of respondents will know all too well how important it is for defense strategies to be adjusted.

Security breaches are now an inevitability, and healthcare organizations have had to develop polices to deal with the increased threat and must install software that can identify breaches quickly. At least half of respondents had installed the necessary systems to be able to identify data breaches when they occurred and more than half of respondents thought they were effective.

The survey asked who identified breaches when they occurred: Internal security teams identified data breaches according to 51% of respondents, while 50% said that internal non-security staff raised the flag. Only 17% said external security firms notified them of a data breach

One of the main ways breaches are detected is through network monitoring systems. 80% of respondents rated the security control as one of the main methods used for identifying security incidents. However, 13% said that they didn’t use anti-virus or anti-malware tools.

There are numerous threats, but phishing campaigns are one of the major worries. 69% of respondents said the threat from such attacks was driving forward the implementation of more robust security measures; however budgetary constraints are problematic. 64% said that a lack of skilled personnel was preventing better cybersecurity measures from being installed.

 

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist