Here’s a twist in the healthcare security discourse one doesn’t hear every day: 77 percent of respondents claim to be confident in their cybersecurity preparedness. And even more surprising is the 86 percent who are optimistic that in two to three years they’ll be even better positioned than industry peers.

What’s more, the same new IBM Institute for Business Value report also found that about three-quarters of respondents felt they’re effectively addressing the security foundation within their organizations and have adequate IT hygiene and risk awareness.

Given the rate of attacks in this year alone, however, it would appear security leaders are feeling more confident than they ought to about their cybersecurity posture.

Biggest problem? The board room
Today’s security challenges, especially in the healthcare industry, are vast. DDoS attacks, malware, ransomware, cybercriminals chasing the lucrative price medical records fetch on the dark web, not to mention nation-states perpetrating attacks.

Yet many hospitals have small budgets or simply don’t designate funds for security, according to ICIT Researcher James Scott.

“The vulnerability is in the boardroom,” Scott added. “These people have no tech aptitude whatsoever. They’re technophobes, with no idea about security issues. There needs to be a security person in the boardroom to help make decisions.”

In a recent ICIT dark web security breach report, Scott pointed to the vast data putting a huge target on the healthcare industry. And compounding the problem is the reality that the sector has essentially trivialized cybersecurity threats for too long.

The need to advance tech
“I hear in healthcare: We need to focus on educating our users. But educating your users isn’t going to solve the problem — it’s only part of the solution,” said Mac MacMillan, CynergisTek cofounder and CEO. “We need to advance technology in our environment to better protect our network and put pressure on manufacturers to deliver more secure platforms.”

That’s difficult when more than 70 percent of respondents in the IBM report spend only 10 percent of IT budgets on security, with the majority spending between 10 and 15 percent.

What’s more, 92 percent of respondents said funding requests of cybersecurity initiatives require an ROI or other financial analysis to justify the costs and approval.

“It’s literally like being a merchant sailor in the golden age of piracy — there’s no navy to protect you, there is no police force, you are on your own,” David Shipley, director of Strategic Initiatives, Information Technology Services for University of New Brunswick said in the IBM report. “On top of that, many don’t know how to sail their boats, and they can’t fire back at the attackers (it’s illegal). You’re literally trying to survive in a hostile world with both arms tied behind your back.” 

 The Privacy & Security Forum takes place in Boston Dec. 5-7, 2016. What to expect: 
⇒ How to beat back hackers and savvy cybercriminals? Delve into the dark web
⇒ A CISO, consultant, and infosec vendor nail down cybersecurity best practices
⇒ Gone' phishin': Mayo Clinic shares tips for fending off attacks
⇒ What's the fundamental problem with cybersecurity? Relying on the Internet
⇒ Budgets grow but breaches continue without best practices
⇒ Think offshoring PHI is safe? You may not be if a business associate breaches

Like Healthcare IT News on Facebook and LinkedIn