Hospital web security survey shows 'troubling' efforts in place

Despite the prevalence of health data breaches and cybersecurity threats, many hospitals have surprisingly weak web security programs.

That's the finding of a survey conducted by HIMSS Analytics and Akamai, a content delivery network.

More than one-third (39 percent) of hospitals surveyed don't have a web application firewell on their premises. This is considered the most traditional line of defense against web application attacks.

Only 42 percent have have implemented distributed denial of service (DDoS) protection solutions, with another 13 percent planning to implement such a solution. "This leaves 35 percent of healthcare organizations vulnerable to a type of cyberattack that is increasing in frequency and size across all industries, including healthcare, and is a significant threat to network availability," according to the survey. Only 21 percent respondents use a cloud web application firewall solution and 17 percent plan to implement one. But, those with plans to implement are very large hospitals even though hospitals of all sizes have the same level of vulnerability to cyberattack. Almost one-quarter (23 percent) said they have no web security programs in place at all. Nearly half of those respondents are from hospitals with 200 beds or more. Healthcare organizations seem to understand part of the cause of their vulnerability, with 57 percent saying that they “Somewhat Agree,” “Agree” or “Strongly Agree” with the statement “Requirements for interoperability with entities and systems outside of my organization’s network is a security issue my organization faces.” But, 61 percednt of respondents said that they “Somewhat Agree,” “Agree” or “Strongly Agree” with the statement “My organization is adequately protected against web application attacks.” The survey "indicates a troubling reality relating to cybersecurity in healthcare: Since web-based attack methods become more pervasive as the healthcare industry becomes more connected, healthcare organizations need to increase their sense of urgency and their investment in implementing fundamental web security solutions," according to Akamai and HIMSS Analytics.
Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Around the web

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”