HIMSS Releases 2020 Cybersecurity Survey

The 2020 HIMSS Cybersecurity Survey provides insight into the cybersecurity landscape of US healthcare organizations based upon the feedback from 168 US based healthcare cybersecurity professionals.

Healthcare organizations face a barrage of significant security incidents such as phishing, ransomware, and social engineering attacks, in addition to the challenges faced by dealing with the COVID-19 pandemic.

Findings are based upon the data provided by respondents.

Significant security incidents:

• Most organizations are experiencing significant security incidents. Significant security incidents are the norm.
   
• Phishing is the most common type of significant security incident. Phishing is the number one type of significant security incident; most phishing is either general phishing or spear-phishing occurring via e-mail.
   
• Top threat actors include online scam artists and cybercriminals. Online scam artists (e.g., phishers) and cybercriminals are targeting many healthcare organizations.
   
• Financial information is king. Threat actors typically seek the following:
  • financial information
  • employee information
  • patient information
     
• Initial hook is by phishing. Phishing e-mail is the typical initial point of compromise.
   
• Workforce members are the first line of defense. Internal security teams and internal personnel, including non-IT professionals, typically report significant security incidents to the organization.
   
• Disruption is the Primary Impact. Disruption of information technology (“IT”) operations and business operations are typical outcomes of cyber-attacks. Disruption of clinical care or damage or destruction of clinical care systems and devices also occurs.

Take a closer look, and read the full report.