SlideShare a Scribd company logo

Healthcare Cybersecurity Survey 2018 - Sirius

Sirius
Sirius

The document summarizes the key findings of a 2018 healthcare cybersecurity survey conducted by Sirius involving 143 healthcare IT leaders. The survey found that while most organizations recognize the importance of security risk assessments and business continuity plans, fewer than half have dedicated internal security teams. Additionally, responses showed variations in approaches to security training, vulnerability detection, and testing disaster recovery capabilities. Overall, the survey indicates that while healthcare organizations are tackling cybersecurity, there is still room for improvement in establishing robust security practices and programs.

Related slideshows

OFFICE 365 SECURITY
OFFICE 365 SECURITYOFFICE 365 SECURITY
OFFICE 365 SECURITY
 
Cyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorCyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial Sector
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
 
1 of 10
Download to read offline
HEALTHCARE CYBERSECURITY SURVEY 2 0 1 8 A Sirius Healthcare Cybersecurity Study | December 2018
Today, more data is generated and shared electronically than ever before, dramatically increasing opportunities for theft and accidental disclosure of sensitive information. This reality, along with stiff penalties for failing to comply with regulations such as HIPAA and GDPR, makes the need for cybersecurity critical. Sirius asked 143 healthcare IT leaders critical questions concerning their security practices, to gauge their approaches to cybersecurity.
KEY FINDINGS Based on responses, healthcare IT leaders recognize the importance of performing risk assessments, but differ when it comes to choosing how best to detect vulnerabilities. FEWER THAN HALF have an internal team dedicated to security information and event management (SIEM). MORE THAN HALF are operating on an internal hospital network. The vast majority have a business continuity & disaster recovery (BC/DR) plan, but vary in their capabilities to test failovers in a live environment. Overall, surveyed leaders require IT teams to complete security trainings either at hire, quarterly or annually. MORE THAN HALF FEWER THAN HALF
HOW ARE HEALTHCARE ORGANIZATIONS TACKLING CYBERSECURITY? 54% perform an annual information security risk assessment using INTERNAL RESOURCES. 40% perform an annual information security risk assessment using PARTNER RESOURCES. USING INTERNAL R E S O U R C E S 54% USING PARTNER R E S O U R C E S 40%
43% utilize internal staff to search for vulnerabilities. 29% have adopted a vulnerability scanning process, using the system to prioritize risks. 17% rely on vendors to notify them and prioritize threats on their behalf. IDENTIFYING CYBER THREATS U T I L I Z E I N T E R N A L S T A F F43% U T I L I Z E V E N D O R S17% A D O P T E D S C A N N I N G P R O C E S S29%
54% have deployed a NEXT-GENERATION ANTI-VIRUS or endpoint detection and response (EDR) solution to either replace traditional anti-virus or supplement it. 62% have an INTERNAL TEAM DEDICATED TO MONITORING SIEM. 61% have ADOPTED A PARTICULAR FRAMEWORK (NIST, PCI DSS, HIPAA/HITECH, ISO 27001/2) guided by a risk-based approach as the basis of their security program. INTERNAL SIEM M O N I T O R I N G ADOPTED INDUSTRY-STANDARD S E C U R I T Y NEXT GENERATION A N T I - V I R U S 54% 62% 61%
CLOUD SECURITY 24% have FULLY INTEGRATED their information security and risk management program into their use of cloud services. 34% have STARTED TO INTEGRATE their information security and risk management program into their use of cloud services. 19% treat their ON-PREMISES ENVIRONMENT SEPARATELY from their cloud services. 23% are NOT CURRENTLY USING cloud services 24% 23% 19% 34%
BUSINESS CONTINUITY 58% have a fully operational BC/DR plan and test failover in a live environment. B C / D R P L A N FULLY OPERATIONAL 58% 33% have a DR plan but cannot test failover without causing disruption. D R P L A N WITH DISRUPTION 33%
TRAINING AND SECURITY EXPERTISE How often is end-user training provided that covers how to securely use shared resources and systems in public areas? 13% require and conduct security trainings at HIRE AND QUARTERLY. 46% require and conduct security trainings at HIRE AND ANNUALLY. 18% require security trainings ANNUALLY. 15% require security training at HIRE. 13% 15% 18% 46%
LET’S TALK Attackers will never stop trying to exploit your organization’s vulnerabilities. As long as threats exist, you need effective security controls to counteract them. Sirius’ expertise, implementation capabilities and top-ranked managed services enable organizations to achieve end-to-end security from the enterprise to the cloud. Make an appointment with a Sirius security expert today to discuss your security compliance needs and goals. siriuscom.com | 800-460-1237 LEARN MORE

More Related Content

Healthcare Cybersecurity Survey 2018 - Sirius

  • 1. HEALTHCARE CYBERSECURITY SURVEY 2 0 1 8 A Sirius Healthcare Cybersecurity Study | December 2018
  • 2. Today, more data is generated and shared electronically than ever before, dramatically increasing opportunities for theft and accidental disclosure of sensitive information. This reality, along with stiff penalties for failing to comply with regulations such as HIPAA and GDPR, makes the need for cybersecurity critical. Sirius asked 143 healthcare IT leaders critical questions concerning their security practices, to gauge their approaches to cybersecurity.
  • 3. KEY FINDINGS Based on responses, healthcare IT leaders recognize the importance of performing risk assessments, but differ when it comes to choosing how best to detect vulnerabilities. FEWER THAN HALF have an internal team dedicated to security information and event management (SIEM). MORE THAN HALF are operating on an internal hospital network. The vast majority have a business continuity & disaster recovery (BC/DR) plan, but vary in their capabilities to test failovers in a live environment. Overall, surveyed leaders require IT teams to complete security trainings either at hire, quarterly or annually. MORE THAN HALF FEWER THAN HALF
  • 4. HOW ARE HEALTHCARE ORGANIZATIONS TACKLING CYBERSECURITY? 54% perform an annual information security risk assessment using INTERNAL RESOURCES. 40% perform an annual information security risk assessment using PARTNER RESOURCES. USING INTERNAL R E S O U R C E S 54% USING PARTNER R E S O U R C E S 40%
  • 5. 43% utilize internal staff to search for vulnerabilities. 29% have adopted a vulnerability scanning process, using the system to prioritize risks. 17% rely on vendors to notify them and prioritize threats on their behalf. IDENTIFYING CYBER THREATS U T I L I Z E I N T E R N A L S T A F F43% U T I L I Z E V E N D O R S17% A D O P T E D S C A N N I N G P R O C E S S29%
  • 6. 54% have deployed a NEXT-GENERATION ANTI-VIRUS or endpoint detection and response (EDR) solution to either replace traditional anti-virus or supplement it. 62% have an INTERNAL TEAM DEDICATED TO MONITORING SIEM. 61% have ADOPTED A PARTICULAR FRAMEWORK (NIST, PCI DSS, HIPAA/HITECH, ISO 27001/2) guided by a risk-based approach as the basis of their security program. INTERNAL SIEM M O N I T O R I N G ADOPTED INDUSTRY-STANDARD S E C U R I T Y NEXT GENERATION A N T I - V I R U S 54% 62% 61%
  • 7. CLOUD SECURITY 24% have FULLY INTEGRATED their information security and risk management program into their use of cloud services. 34% have STARTED TO INTEGRATE their information security and risk management program into their use of cloud services. 19% treat their ON-PREMISES ENVIRONMENT SEPARATELY from their cloud services. 23% are NOT CURRENTLY USING cloud services 24% 23% 19% 34%
  • 8. BUSINESS CONTINUITY 58% have a fully operational BC/DR plan and test failover in a live environment. B C / D R P L A N FULLY OPERATIONAL 58% 33% have a DR plan but cannot test failover without causing disruption. D R P L A N WITH DISRUPTION 33%
  • 9. TRAINING AND SECURITY EXPERTISE How often is end-user training provided that covers how to securely use shared resources and systems in public areas? 13% require and conduct security trainings at HIRE AND QUARTERLY. 46% require and conduct security trainings at HIRE AND ANNUALLY. 18% require security trainings ANNUALLY. 15% require security training at HIRE. 13% 15% 18% 46%
  • 10. LET’S TALK Attackers will never stop trying to exploit your organization’s vulnerabilities. As long as threats exist, you need effective security controls to counteract them. Sirius’ expertise, implementation capabilities and top-ranked managed services enable organizations to achieve end-to-end security from the enterprise to the cloud. Make an appointment with a Sirius security expert today to discuss your security compliance needs and goals. siriuscom.com | 800-460-1237 LEARN MORE