Friday, April 26, 2024
Font size: A A A
Our events:
Security Twenty
Women in Security Awards
SUBSCRIBE TO THE MAGAZINE ADVERTISE WITH US
Latest Jobs
Post a Job Ad
Vertical Markets

IT in healthcare surveyed

by Mark Rowe

A survey on risk-based security management in the healthcare and pharmaceutical industries was conducted in April 2013 by IT security product firm Tripwire with the Ponemon Institute , sought the attitudes of 1,320 respondents from IT security, IT operations, IT risk management, business operations, compliance/internal audit and enterprise risk management. Some 117 health and pharmaceutical sector respondents from the US and UK participated in the healthcare portion of the survey.

The health and pharmaceutical industries have undergone significant information security changes in 2013 in the US, and Health Insurance Portability and Accountability Act (HIPAA ) fines have grown in both size and frequency. In August, Affinity Health Plan was fined more than $1.2 million for HIPAA violations and insurer WellPoint agreed to pay a $1.7 million penalty in July. As the final omnibus rule goes into effect, new US state healthcare exchanges place extra security and privacy pressures on healthcare bodies. Despite these regulatory pressures, This survey indicates that the healthcare industry lags behind other industries in the implementation of critical security controls.

Findings include:

70 percent say communicating the state of security risk to senior executives is not effective because communications are contained in one department or line of business.
Only 52 percent use formal risk assessments to identify security threats.
Only 58 percent have fully or partially deployed change control and security configuration management.

Dwayne Melancon, chief technology officer for Tripwire, said: “It is true that healthcare organizations rank better than average in some areas of this survey, but there is still a lot of room for improvement. About half of healthcare and pharmaceutical organizations are not using any kind of formal risk assessments, and they are also far less open to challenging current assumptions. Both of these factors could cause them to be blindsided by the increasing number of cybersecurity threats to their businesses.”

For more information about this survey, visit http://www.tripwire.com/ponemon/2013/

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

News

Products

Explore

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing

Close