2021 HIMSS Healthcare Cybersecurity Survey
2021 HIMSS Healthcare
Cybersecurity Survey
Sponsored by:
2021 HIMSS Healthcare Cybersecurity Survey
Table of Contents
Overview ...................................................................................................................... 3
Methodology and Demographics .................................................................................. 4
Findings ........................................................................................................................ 5
Section #1: The Most Significant Security Incident in the Past 12 Months ................. 5
A. Significant Security Incidents are the Norm ........................................................ 5
B. Phishing Attacks and Ransomware are Typically the Most Significant Security
Incidents ................................................................................................................... 6
C. Phishing Typically Plays a Role in the Most Significant Security Incident ............ 7
D.
Initial Point of Compromise for the Most Significant Security Incident ........... 8
(i)
Phishing is the Typical Initial Point of Compromise.................................... 8
E.
Target(s) of Threat Actors for the Most Significant Security Incident.................. 9
F.
Impact(s) of Most Significant Security Incident ................................................ 10
(i)
Disruption, data breaches and leakages, disruption of clinical care
systems/devices and monetary loss are top impacts ......................................... 10
Section #2: Cybersecurity Budgets .......................................................................... 11
A. Cybersecurity budgets are slim overall ............................................................. 11
(i)
Better Cybersecurity Budgets for Some, While Leaner for Others ........... 12
(ii)
Increase in Cybersecurity Budgets: Better Security Postures in 2021 ...... 13
(iii)
Decrease in Cybersecurity Budgets Lowers Security Postures in 2021 ..... 14
(iv)
Cybersecurity Budgets are Stagnant for Others in 2021 ........................... 15
B. Looking ahead to 2022 ¨C Change is Positive for Many, Worse for a Few .......... 15
Section #3: Threat Landscape & Security Challenges............................................... 16
A. Too Many Threats, Too Little Time ................................................................... 16
B. Many Challenges.............................................................................................. 17
(i)
Budget ...................................................................................................... 17
(ii)
Staff compliance with policies & procedures ........................................... 17
(iii)
Legacy technology .................................................................................... 18
2021 HIMSS Healthcare Cybersecurity Survey | ? 2022 Healthcare Information and Management Systems Society
1
(iv)
Patch and vulnerability management ...................................................... 20
Section #4: Implemented Security Solutions at Healthcare Organizations............... 22
A. Top Tier ¨C Basic Security Controls .................................................................... 23
(i)
Antivirus/anti-malware solutions ............................................................ 23
(ii)
Firewalls ................................................................................................... 23
(iii)
E-mail security gateways .......................................................................... 23
(iv)
Encryption-Data in Transit ....................................................................... 23
(v)
Patch and Vulnerability Management...................................................... 24
B. Second Tier ¨C Basic Security Controls ............................................................... 25
(i)
Network Monitoring Tools ....................................................................... 25
(ii)
Web Security Gateways ........................................................................... 25
(iii)
Intrusion detection and prevention systems (IDPS) ................................. 25
(iv)
Encryption-Data at Rest ........................................................................... 25
(v)
Multi-factor Authentication ..................................................................... 26
(vi)
Identity and Access Management ............................................................ 26
C. Third Tier ¨C Basic and Advanced Security Controls ........................................... 27
(i)
Privileged Access Management................................................................ 27
(ii)
Data Loss Prevention................................................................................ 27
(iii)
Single Sign On........................................................................................... 27
(iv)
Mobile Device Management .................................................................... 27
(v)
Zero Trust Solutions ................................................................................. 28
Section #5: Bug Bounty Programs ........................................................................... 29
A. Bug bounty programs are rare in healthcare .................................................... 29
Conclusion .................................................................................................................. 30
About HIMSS .............................................................................................................. 30
How to Cite this Survey............................................................................................... 30
For More Information ................................................................................................. 30
2021 HIMSS Healthcare Cybersecurity Survey | ? 2022 Healthcare Information and Management Systems Society
2
Overview
The 2021 HIMSS Healthcare Cybersecurity Survey provides insight into the state of
healthcare cybersecurity based upon the feedback from 167 healthcare cybersecurity
professionals. Healthcare organizations face a myriad of challenges, including tight
budgets, aging infrastructure and an increase in social engineering and ransomware
attacks.
The Most Significant Security Incident:
?
?
?
?
?? Phishing is still king. Phishing leads the pack.
?? Financial information is the main target. Threat actors typically go where the
money is.
?? Initial hook is by phishing. Phishing tends to be the initial point of compromise.
?? Disruption is a typical impact. Disruption is typical¡ªwhether organizations are
prepared is another question.
Cybersecurity budgets:
?
?
?
?? Overall, budgets are still tight. Six percent or less of the information technology
budget is typically allocated for cybersecurity.
?? Increases in budget for some. Cybersecurity budgets are modestly increasing
compared to the previous year. But tight budgets still mean that one has to pick and
choose which security solutions to acquire or implement.
?? Decreases in budget for others. Cybersecurity budgets are decreasing for a few.
This leads to less robust cybersecurity programs as a whole.
Threat landscape and security challenges:
?
?
?
?
?? The usual suspects. Ransomware and phishing attacks are top threats.
?? Many challenges. Budget & compliance with policies and procedures top the list.
?? Legacy systems are the norm. Unsupported legacy operating systems are
commonplace in healthcare organizations and the footprint is growing.
?? Slow to patch. Many organizations are slow to patch, but patching is quicker in
response to an active security incident.
Implemented security solutions:
?
? Patchwork progress. Many basic security controls are not fully implemented, while
some advanced controls are being implemented.
Bug bounties:
?
?? Most healthcare organizations do not have bug bounty programs.
2021 HIMSS Healthcare Cybersecurity Survey | ? 2022 Healthcare Information and Management Systems Society
3
Methodology and Demographics
The 2021 HIMSS Healthcare Cybersecurity Survey reflects the responses of 167 healthcare
cybersecurity professionals. These professionals had at least some responsibility for day-today cybersecurity operations or oversight.
The majority of respondents (61%) had primary responsibility over healthcare
cybersecurity programs at their respective organizations. Others had at least some
responsibility (23%) or sometimes as needed (16%).
Organization Profile:
Most respondents either worked for healthcare provider organizations (54%) or
vendor/consulting organizations (28%). The remainder of respondents worked for other
types of organizations (18%).
Professional Profile:
The majority of respondents (90%) reported having a management role in healthcare
cybersecurity. More respondents had roles in executive management (52%) compared to
non-executive management (38%). The remainder of respondents had non-management
roles (10%).
2021 HIMSS Healthcare Cybersecurity Survey | ? 2022 Healthcare Information and Management Systems Society
4
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- gao 21 477 cyber insurance insurers and policyholders face challenges
- information technology and cybersecurity funding white house
- ishares cybersecurity and tech etf
- the us national defense authorization act for fiscal year 2021
- 2021 cyber insurance market update gallagher
- in the c suite cyberwarfare 2021 report cybercrime magazine
- esg research report the life and times of cybersecurity professionals
- report on the cybersecurity insurance market national association of
- fy2021 federal cybersecurity r d strategic plan implementation nitrd
- top cybersecurity trends for 2021 and beyond homeland security affairs
Related searches
- nist cybersecurity risk assessment template
- cybersecurity resources for small businesses
- best cybersecurity stocks to buy
- united healthcare 2021 drug formulary
- cybersecurity policy for small business
- cybersecurity risk assessment template
- 2021 healthcare observances calendar
- 2021 healthcare plans
- 2021 calendar of healthcare recognition days usa
- cybersecurity for businesses
- cybersecurity policy and procedures
- 2021 healthcare awareness calendar