Healthcare industry spends more on data security
A recent trend of cybercriminals targeting health data has put the spotlight on hospitals and other healthcare providers as they work to improve computer security. As MIT Technology Review reported in October 2012, a significant number of healthcare organizations are running outdated software on computerized medical equipment . One of the primary reasons for this stems from confusion regarding whether the U.S. Food and Drug Administration mandates allow hospitals to make any modifications to the medical equipment.
The lack of necessary security patches and other standard software updates has led to widespread malware infection throughout the industry. Perhaps in response to these incidents and a number of high-profile data breaches, hospitals are beginning to shift more funds to their information security budgets. For example, according to a survey the Health Information and Management Systems Society published in December, healthcare providers are now more likely to conduct risk assessments and at a higher frequency than in years past.
The survey found that 90 percent of respondents in hospitals conducted risk analysis, which is up from 75 percent in 2008. Seventy-one percent of those polled in 2012 said they conducted such an analysis at least once per year. While analysts commended organizations for making progress, there is still some room for improvement. Particularly in breach response planning, as only 43 percent of respondents said they've tested these strategies. In addition, security budgets are expected to increase, but will only represent 3 percent of total IT spending.
The report also analyzed how organizations conducted risk analysis. The majority (92 percent) used the yearly assessment to determine which security controls were put into place. In addition, 73 percent identified areas in which lacking controls presented risks.