Doctors See Big Cybersecurity Risks, Compliance as Key for Hospitals

healthtech, cybersecurity, Medical IoT

Cybersecurity and healthcare IT are both burgeoning areas of business. Put them together and you have a volatile mix of emerging technologies, security and privacy risks, and regulatory requirements—but also a lot of opportunity for growth and improvements.

It’s no surprise that doctors and hospital administrators are concerned with security. The healthcare industry is a top target of cyber attacks (see the Anthem data breach), and it has highly sensitive information about large swaths of the population.

But a new survey from MedData Group in Topsfield, MA, shows that physicians have very different opinions about cyber threats as compared to administrators and health IT professionals. The survey was done in June and polled 272 doctors and healthcare workers around the U.S.

A key finding is that doctors gave lower ratings to their organizations’ abilities to counter cyber crime than did hospital administrators and IT personnel. The chart below shows 21 percent of doctors rated their clinics’ cybersecurity systems as below average, as compared to only 8 percent of administrators and IT workers. (Not surprising, perhaps, but I’m going with the doctors on this one.)

Healthcare and cyber threats

 

Another difference of opinion is in where the greatest vulnerabilities lie. Administrators tend to cite e-mail and messaging systems as the top weakness, while doctors also list electronic health records, mobile devices, and patient portals:

Security vulnerabilities in healthcare

 

What everyone seems to agree on is where the threats are coming from. Across all healthcare staff surveyed, the top risks cited are malicious outsiders, malware, and hacked mobile apps, with application or network failures coming in after that:

risks

 

Another point of agreement is on what will drive change. Eighty-three percent of respondents said the top driver for securing sensitive data in healthcare organizations is the need to comply with standards and regulatory requirements.

The healthcare industry has enough to worry about without getting hacked, of course. Sadly, this is the reality in any sector whose companies and organizations have access to a lot of valuable information. Now is the time to listen to those on the front lines—before the next big attack is discovered.

Author: Gregory T. Huang

Greg is a veteran journalist who has covered a wide range of science, technology, and business. As former editor in chief, he overaw daily news, features, and events across Xconomy's national network. Before joining Xconomy, he was a features editor at New Scientist magazine, where he edited and wrote articles on physics, technology, and neuroscience. Previously he was senior writer at Technology Review, where he reported on emerging technologies, R&D, and advances in computing, robotics, and applied physics. His writing has also appeared in Wired, Nature, and The Atlantic Monthly’s website. He was named a New York Times professional fellow in 2003. Greg is the co-author of Guanxi (Simon & Schuster, 2006), about Microsoft in China and the global competition for talent and technology. Before becoming a journalist, he did research at MIT’s Artificial Intelligence Lab. He has published 20 papers in scientific journals and conferences and spoken on innovation at Adobe, Amazon, eBay, Google, HP, Microsoft, Yahoo, and other organizations. He has a Master’s and Ph.D. in electrical engineering and computer science from MIT, and a B.S. in electrical engineering from the University of Illinois, Urbana-Champaign.