More healthcare organizations are "decoupling" their HIPAA compliance efforts from their cybersecurity initiatives, a sign that the sector is maturing, says security expert Axel Wirth, discussing findings of a newly released annual study by HIMSS Analytics and Symantec.
"One thing that stood out ... that was a surprise is that organizations are looking at security more and more as a separate task and separate challenge as compared to a few years back where it was part of their larger compliance efforts," he says about key revelations from research unveiled at the HIMSS18 conference in Las Vegas.
Signs of Maturity
So what are some of the signs emerging from the Healthcare IT Security & Risk Management Study that suggest healthcare entities are taking a more serious approach to cybersecurity issues?
"We continue to see cybersecurity becoming an executive and board room topic. More and more healthcare providers are reporting in the study that cybersecurity as strategy as well as status ... are now being discussed at the executive level," Wirth says in an interview with Information Security Media Group.
From an investment standpoint, however, "we've seen a little improvement, but there's still room for growth because healthcare ... is still underinvesting in cybersecurity" compared with other sectors like finance, he says.
The study found that about 75 percent of healthcare organizations spend 6 percent or less of their IT budgets on cybersecurity.
In the interview (see audio link below photo), Wirth also discusses:
- Other signs of growing cybersecurity maturity in the healthcare sector uncovered by the study;
- The most popular cybersecurity frameworks being implemented by healthcare entities;
- Steps healthcare entities are taking to bolster the cybersecurity of medical devices;
- Top cloud security concerns;
- Recommendations for addressing cybersecurity gaps highlighted by the study.
With more than 25 years of international experience in the industry, Wirth, a solutions architect, helps Symantec's healthcare customers address critical security, privacy, compliance and IT management challenges. He formerly served in engineering leadership as well as strategic business development and marketing roles at Siemens Medical, Analogic Corp, Mitra Inc. and Agfa Healthcare.