New Trustwave report reveals healthcare security gaps


Some 91 percent of technical respondents surveyed for cloud and managed security services provider Trustwave’s 2015 Security Health Check Report believe criminals are increasingly targeting healthcare organizations.

However, only 10 percent or less of their IT budget goes toward cybersecurity and protecting their patients’ highly sensitive information.

That is a key message of the report, which is based on a survey of 398 full-time health care professionals and quantifies the security snags and shortcomings facing the health care industry.

According to the study, the size of the global electronic healthcare record (eHR) system will grow at an annual rate of 5.5 percent and reach $22.3 billion by the end of 2015, up from $18.8 billion in 2012, according to a study by Accenture.

With incentives from the federal Affordable Care Act to move away from paper records, organizations are increasingly adopting eHR systems to track patient information. As businesses make the shift, the expanding threat surface is creating a critical need for health care entities to test everything across databases, networks and applications.

“Today’s health care industry is under attack. From hospitals to physicians to urgent care clinics, healthcare organizations are swimming in consumer data and must make security a priority in order to protect it,” said Steve Kelley, senior vice president of corporate and product marketing at Trustwave. “Security challenges are nothing new for any business but the level of distress exponentially increases when someone’s life may actually depend on the protection of sensitive data.”

Other key findings in the 2015 Security Health Check Report from Trustwave include the fact that 79 percent of technical respondents and 77 percent of non-technical respondents are most concerned about losing patient data, above other types of information, if their organization is breached. 

Some 77 percent of non-technical respondents believe criminals are increasingly targeting health care organizations, but an overwhelming majority (86 percent) said their organization has not experienced a breach.

Half of technical respondents said 10 percent or less of their overall IT budget goes toward cybersecurity, and 27 percent reported their annual security budget has not changed in the past year. Additionally, 65 percent of non-technical respondents believe that external threats pose more of a concern than insider threats (35 percent).

A quarter of non-technical respondents believe their organizations don’t have incident response plans.

A complimentary copy of the report, which includes a list of recommendations for health care organizations, can be downloaded here

Trustwave, US