A new poll from the Ponemon Institute has found that security preparedness is still sorely lacking across healthcare – a fact that could leave unsuspecting organizations "blindsided" by breaches.

The survey, conducted in partnership with Tripwire, asked 1,320 IT security professionals in healthcare and beyond about their privacy protections.

It found that, even as HIPAA fines have grown in size and frequency – including whopping sanctions against Affinity Health Plan ($1.2 million) and WellPoint ($1.7 million) this year – healthcare still lags far behind other industries when it comes to conducting risk assessments and implementing security controls.

[See also: HealthCare.gov security risks laid bare.]

Not only do just half of organizations (52 percent) conduct formal risk assessments, but "they are also far less open to challenging current assumptions," he added. "Both of these factors could cause them to be blindsided by the increasing number of cybersecurity threats to their businesses."

Among other findings of the report, 70 percent of respondents say communicating the state of security risk to senior executives isn't effective, since communications are contained in one department or line of business. Also, just 58 percent have fully or partially deployed change control and security configuration management.

Access the full report here.

[See also: At $1.2M, photocopy breach proves costly]