Survey: Ransomware Attacks Worry Health IT and Security Execs

Respondents want federal government to help improve information sharing among organizations

Ransomware and malware attacks are the top cybersecurity concerns for hospital information technology (IT) and security executives who responded to a survey jointly conducted by the College of Healthcare Information Management Executives (CHIME) and the Association for Executives in Healthcare Information Security (AEHIS). The findings were presented to the Department of Health and Human Services’ Cybersecurity Task Force. Mandated by the Cybersecurity Information Sharing Act of 2015, the task force is charged with analyzing the challenges and barriers to cybersecurity in health care.

The survey of 190 CHIME and AEHIS members identified social engineering, data theft, and internal threats as the most common cybersecurity threats facing their organizations. Ransomware and malware ranked as the top ways that cyber criminals are exploiting weaknesses.

The survey’s findings also showed that health care organizations need greater assistance from federal agencies to improve information sharing and threat assessments. Nearly 65% of respondents said that they were only “somewhat confident” or “not confident” that federal legislators understand the importance of security enough to support key policy initiatives being advocated by health care organizations.

Approximately half (51%) of the survey respondents said that the federal government should develop tools for providers of different sizes and different levels of resources. Smaller organizations with limited resources often have a different set of needs compared with those of large health systems. Most of the respondents also called on lawmakers to adopt incentives that will encourage greater information sharing, including protecting organizations that voluntarily work to improve security across the delivery system from punitive government audits.

The Department of Health and Human Services’ task force is expected to deliver its report on cybersecurity in health care early next year.

The CHIME/AEHIS survey was conducted from August 29 to September 30, 2016.

Sources: FierceHealthcare; October 27, 2016; CHIME; October 27, 2016; and Cybersecurity Survey; October 2016.