While security training is considered helpful by most organizations, approximately 34 percent of healthcare leaders say that their organizations lack sufficient or effective employee training for cybersecurity. Without training, healthcare staff, including clinicians, may be more likely to click on malicious links or engage in other unsecure practices that could lead to successful cyberattacks and put patient data at risk.
“Many respondents said they needed better enablement and training for their people,” Hagopian says. “Developing your workforce is really essential so that your team is better equipped to handle the dynamic threat landscape. As a byproduct of comprehensive people development that’s focused not only on technology operations but also on methodologies, processes and frameworks, it will make your people feel more valued within your organization.”
Other areas that health IT leaders say are missing from their organizations’ approaches to cybersecurity include sufficient threat detection (24 percent), sufficient understanding of staffing needs (20 percent) and sufficient planning for incident response (20 percent).
Health IT leaders are also concerned about the pros and cons of AI. Thirty-one percent of those surveyed report that their organizations lack a complete understanding of how AI affects security.
DISCOVER: What role does AI play in healthcare cybersecurity?
Managed Services Support Healthcare Cybersecurity Goals
IT staff shortages can have a major impact on an organization’s ability to meet its technology and security goals. To address this concern, many health systems are turning to managed services. Of the healthcare security leaders surveyed, 80 percent say that managed security services such as security operations centers or SIEM solutions have been helpful for their organizations’ security initiatives. In addition, more than two-thirds of leaders say that they find advisory services to be helpful, while 63 percent say that virtual CISOs are helpful to their organizations.
Only 32 percent of healthcare professionals surveyed say that their organizations aren’t outsourcing any security initiatives. Of the health systems outsourcing areas of their security programs, security training, vulnerability assessments and third-party risk management are the most popular focuses of partner support.
Supporting internal IT teams with managed security services can increase an organization’s overall security posture and mitigate staff burnout. With many health IT leaders reporting losses in the millions due to data breaches over the past five years (9 percent of leaders surveyed reported a loss of more than $10 million), ensuring a holistic and robust cybersecurity and incident response strategy is critical for protecting a business’s bottom line in addition to keeping patient trust and ensuring continuity of care.
“You can find partners to outsource some of these elements out there. Nobody builds their own HVAC system and then sends somebody up to the top to do recharges of the coolant,” says Bell. “Take a look at what you can outsource within the security model to keep your people fresh and doing relevant work for your business.”
