Data Theft and Social Engineering Rank as Key Security Concerns for Health IT Leaders
ANN ARBOR, MI, October 27, 2016 – A new survey of healthcare chief information and chief information security officers cited social engineering and data theft as the most common cybersecurity threats facing their organizations. Social engineering, which includes such tactics as phishing, spear phishing and baiting, deceive employees into inadvertently creating a vulnerability on their organization’s network. Cyber criminals can use a crack in a system’s defense to launch a number of different kinds of attacks on data and even medical devices.
The survey of nearly 200 members of the College of Healthcare Information Management (CHIME) and the Association for Executives in Healthcare Information Security (AEHIS) listed malware and ransomware as the top ways that cyber criminals are exploiting weaknesses. CHIME and AEHIS presented the survey findings Oct. 26 to the Department of Health and Human Services Cybersecurity Task Force. Mandated by the Cybersecurity Information Sharing Act of 2015, the task force is charged with analyzing the unique challenges and barriers to cybersecurity in healthcare. It is also studying how other industries are protecting data.
“The survey data is representative of what we are hearing from our colleagues across the industry. Cyber criminals are attacking us from nearly every angle,” said Marc Probst, chair of the CHIME board of trustees and CIO at Intermountain Healthcare. “We have to be extremely vigilant in educating our staff and our business partners on how to minimize the risk of an attack. We are only as safe as the weakest link along our networks.”
Probst also noted that healthcare organizations need greater assistance from federal agencies to improve information sharing and threat assessments. Nearly 65 percent of respondents said that they were somewhat confident or not confident at all that federal legislators understand the importance of security enough to support key policy initiatives being advocated by healthcare organizations.
Survey respondents said that the federal government should develop tools for providers of different sizes and level of resources. Smaller organizations with limited resources often have a different set of needs than large health systems. Respondents also called on lawmakers to adopt incentives that will encourage greater information sharing, including protecting organizations that voluntarily work to improve security across the delivery system from punitive government audits.
“We are all in this together,” Probst said. “New payment and delivery models are creating a more connected healthcare system than ever before, but we need our partners in the federal government to understand the risks that are out there and to work with us on finding common sense solutions.”
The HHS task force is expected to deliver its report on cybersecurity in healthcare early next year.
About CHIME
The College of Healthcare Information Management Executives (CHIME) is an executive organization dedicated to serving chief information officers and other senior healthcare IT leaders. With nearly 2,000 CIO members and over 150 healthcare IT vendors and professional services firms, CHIME provides a highly interactive, trusted environment enabling senior professional and industry leaders to collaborate; exchange best practices; address professional development needs; and advocate the effective use of information management to improve the health and healthcare in the communities they serve. For more information, please visit chimecentral.org.
About AEHIS
AEHIS is the only professional organization focused on supporting the healthcare industry’s security executive community. AEHIS provides professional development and educational resources on important healthcare security issues, as well as an environment where security leaders can communicate with, inform and educate one another. For more information, please visit aehis.org.
Contact
Matthew Weinstock
Director of Communications and Public Relations, CHIME
734.249.8917
[email protected]