As major healthcare data breaches continue to affect millions of people, healthcare organizations and their business associates are working hard to tighten cybersecurity while enabling their staff to better serve patients.
The good news is that 82% of surveyed healthcare organizations say that security is a top concern. The not-so-great news is that most of these organizations have a long way to go. Here are 27 stats about the current state of cybersecurity in the healthcare industry and emerging solutions that are helping solve the problem.
Data Protection
- 89% of healthcare organizations experienced a data breach in the past two years. (Source)
- 69% of those in the healthcare industry believe they are at great risk for a data breach than other industries. (Source)
- 54% of healthcare business associates say their top vulnerability is tied to employee negligence in handling patient information. (Source)
- 69% of healthcare organizations site negligent or careless employees as their top worry for security incidents, followed by cyber attacks (45%) and insecure mobile devices (30%). (Source)
- 94% are now using some form of advanced technology to protect sensitive data. (Source)
- 25% healthcare organizations using the public cloud report that they are not encrypting patient data. (Source)
Cybersecurity Staffing
- 42% of healthcare organizations have a vice president or C-level official in charge of cybersecurity. (Source)
- 11% of organizations had 11 to 20 employees dedicated to IT security in 2016, up from 8% the previous year. (Source)
- 59% of healthcare organizations report receiving at least five applications for each cybersecurity job opening – 13% receive 20 or more! (Source)
- 27% of employers say they are unable to fill cybersecurity positions. (Source)
- 25% say cybersecurity candidates lack the necessary technical skills. (Source)
- 37% reported that fewer than 1 in 4 candidates have the qualifications needed to keep companies secure.(Source)
- 14% are unsure if they could fill these positions or not. (Source)
- 39% of organizations say the top challenge of implementing better cybersecurity defenses is the lack of staff. (Source)
Spend
- Around 50% of healthcare organizations and their business associates have not increased their cybersecurity budgets in the last year. About 10% actually lowered spending on security. (Source)
- 81% of healthcare organizations say they will increase cybersecurity budgets this year. (Source)
- Only 18% of healthcare organizations have more than 7% of IT budget focused on security. (Source)
- 41% have less than 3% of IT budget dedicated to security. (Source)
- 59% of healthcare organizations don’t think or are unsure that their organization’s security budget is sufficient to curtail or minimize data breaches. 60% of healthcare business associates feel the same way. (Source)
- 33% of organizations feel that a lack of budget is their largest barrier to implementing better cybersecurity defenses. (Source)
- 57% of healthcare organizations say their top cybersecurity spending priority is compliance while 40% say it’s preventing data breaches. (Source)
Solutions & Approaches
- 16% percent of healthcare providers (mostly large hospitals or integrated delivery networks) report having “fully functional” security programs. (Source)
- 43% admitted that they are either still developing security programs or have not developed one. (Source)
- 93% of healthcare organizations are currently using some form of cloud services. (Source)
- 63% plan to use multiple cloud vendors. (Source)
- The average number of cloud services used dropped from 43 (in 2015) to 29 (in 2016). (Source)
- 54% of healthcare organizations believe they have technologies in place to effectively prevent or quickly detect unauthorized patient data access, loss or theft. That’s up from 49% in 2015. (Source)