Healthcare Organizations Lack Proper Cybersecurity

Revised NIST Cyber Security Framework - Security Magazine

Seventy-four percent of unauthorized insider access to patient records was users’ household members and the second most common was accessing high profile (VIP/confidential) patient data, according to a 2019 Measuring Progress: Expanding the Horizon report.

Additional findings include:

More than 60 percent of privacy assessments found gaps in maintaining written policies and procedures to guide workforce members in managing all or some of these uses and/or disclosures of PHI.
The most common gaps among third-party vendors included risk assessment, access management, and governance.
In terms of the Five Core Functions, there was a surprising .4 percent decline in Awareness and Training this year.
The average rating for the Respond and Recover Function was 2.5 (on a scale of 0 – 5), indicating the healthcare industry is still not as prepared to respond to a cyber incident as they should be.
An average 47 percent conformance with NIST CSF controls and an average 72 percent conformance with the HIPAA Security Rule, reflecting only a two percent increase with conformance with NIST CST and a two percent decrease in conformance with the HIPAA Security Rule from the previous year’s findings.

After being in effect for 14 years, the industry is still only achieving 72 percent compliance on the HIPAA Security Rule, according to the report.

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.