Cybersecurity concerns are the stuff of healthcare nightmares. Data breaches, leaked records, patients harmed — or worse — lax data protection are more than enough to wake infosec teams at night. Then, there are the big federal fines and legal expenses to take into account.

The consequences these threats hold are among the reasons we’re focusing on cybersecurity during October. 

HIMSS Media research, in fact, surveyed 180 qualified professionals in healthcare provider and non-provider  organizations among IT management and staff and clinical and business roles to determine their greatest security concerns, the most common ways they’re addressing the issue and just who is making these decisions on strategy and crafting internal policies.

Here’s what we found out.

Top security concerns
The biggest and baddest threats? Privacy concerns under HIPAA. Take a look.

What are the top security concerns around technology innovation?

Source: Technology Innovation in Healthcare Survey, HIMSS Media, August 2018

A quick scan of the list and the issues are clear. Operating without a solid security architecture on a tight budget with limited resources and, it’s no wonder those outweigh lack of internal policies including bring your own device (BYOD) and business associate agreements.

Now that we know the concerns, of course, it’s only natural to ask what hospitals are actually doing to tackle those.

How are organizations addressing security concerns?

Source: Technology Innovation in Healthcare Survey, HIMSS Media, August 2018

Employee training shouldn’t come as a surprise since people are both an organization’s greatest asset and its weakest link. Just don’t discount the importance of getting C-suite buy-in, a strategic tactic for bolstering funds and ensuring a culture of security throughout an organization.

The chart immediately above shows 49 percent of respondents ranked “documenting a security strategy” high on the list of how they’re addressing security concerns. Makes sense.

We also asked who’s involved in establishing that security strategy and policy?

Who is involved in establishing security strategy/policies?

Top 3: IT/IT security management; C-level/executive leaders; IT/IT security analysts or staff

Source: Technology Innovation in Healthcare Survey, HIMSS Media, August 2018

The results prove insightful: C-level and other executives, IT and security management and even the board of directors carry the most weight. It’s reflective of the findings in Chart 1 that many hospitals are operating on tight budgets and limited resources.

To a lesser extent, business leaders, clinicians and consultants are involved as well, just not very many physicians. It means that those executives driving security strategy have an opportunity to better engage people on the frontline who actually work with the sensitive data -- well beyond user training and education.

What to expect from our Focus on Cybersecurity
Each day this month, we’ll debut at least one security-focused piece on one or more of our HIMSS Media brands: Healthcare IT News, MobiHealthNews, Healthcare Finance and HIMSSTV.

We’ll cover a wide range of topics, from the right or wrong way to handle a breach to locking down your network through network monitoring, solid patch management policies and the tools to bolster a network.

We’ll also share advice about closing medical device flaws and deciding whether biomedical data sets are as secure in the cloud as you need them to be.

There will also be a four-part cyber insurance series to shed light on the obscure policies, including what a policy entails, mistakes to avoid when purchasing and the legal considerations after a breach.

And that’s just a brief preview of what we’ll be covering.

In October, Healthcare IT News will also host the HIMSS Healthcare Security Forum in Boston. The agenda is packed with keynote speakers Theresa Payton, former White House CIO and star of the CBS security-focused series “Hunted” and Kirk Lippold, Commander US Navy (Ret), who was the top officer on the USS Cole when it was attacked by terrorists in Yemen and, as such, has insights to share about leadership during crisis.

Much like September’s Focus on Innovation, our features, insights, opinions and news coverage of innovation and infosec won’t end when November begins.

Rather, we’ll continue year-round coverage across our channels. After our Focus on Cybersecurity, our next editorial initiative will be a Focus on Artificial Intelligence. Beyond that look for a Focus on Blockchain.

Twitter: SullyHIT
Email the writer: tom.sullivan@himssmedia.com