It seems a week cannot go by without another cyberattack on a healthcare organization. Just today two incidents have come to light. A limited number of Allscripts services were down Jan. 18 after a ransomware assault. And a hacker breached employee email accounts of Onco360 and CareMed Specialty Pharmacy, exposing the data of 53,173 patients.

While healthcare organizations have been hit by damaging ransomware and other cyberattacks, they allocate a smaller percentage of their IT budgets to security technologies than other industries: 22 percent, compared with the U.S. industry average of 28 percent, according to Forrester's "The U.S. Healthcare Security Benchmark 2017 to 2018."

The industry requires strong security in light of increased risks and breaches, but it is lagging and ill-prepared, Forrester shows. In fact, just 41 percent of U.S. healthcare workers indicate they receive training on how to stay secure at work, according to the study.

[Also: IoT risks, insider threats, password hacks, biometric cracks: Cybersecurity in 2018 looks messy]

Security staffing today comprises 14 percent of the overall U.S. healthcare IT security budget, the same portion it was two years ago, Forrester found. Further, among U.S. healthcare security decision makers, 44 percent expect overall IT security spending to increase by 5 percent or more over the next year while 40 percent expect spending on data security to increase by more than 5 percent through 2018, the study said.

Healthcare security professionals must enable digital transformation in the industry, Forrester Research concluded.

"Efforts to improve customer engagement require a digital transformation in healthcare," researchers noted. "Security pros must enable this transformation and apply security policies and tools that accelerate the adoption of mobile, cloud, social and analytic technologies."

Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com