Healthcare organizations make progress in strengthening their security positions, but there is still a need to increase the focus on governance and more investments in the security workforce for health care, according to the latest analysis of a health information management systems analysis.
As for the report of the Cyber Healthcare Survey in 2024, Himss from Cyber Health Care Surveyed with daily cyber security responsibilities on current cyber security practices and trends throughout the industry.
the a report It highlights the increasing threats and issues that challenge security, consider how to use budgets and provides an insight into the place where organizations have the opportunity to improve their security conversations.
Threats are still a lack of funding
Now in its sixteenth year, the annual cybersecurity survey of Himss reflects the visions of cybersecurity security professionals who supervise or manage cybersecurity programs for health care. The main topics include ransom, safety accidents, budgets and artificial intelligence.
“This year’s survey shows that the tools alone are not sufficient – the strongest judgment is necessary, with critical areas including artificial intelligence and managing internal threats and Third party risk Management, “HIMSS, the parent company of Health care newsHe said in a statement.
“Money supports security, but without the ruling, the risks related to the prosecution are still,” said Li Kim, Director of Hims, Director of Cyber Security and Privacy. Ever Tuesday.
“These risks apply to the Health Care Organization, but also others. It extends to the subcontractors and third parties that deal with sick or sensitive data, as well as sellers who provide services to the Health Care Organization,” she noticed.
HIMSS researchers indicated that fewer ransom victims report ransom.
This may be partially due to the increase in security investments of information technology institutions in health care organizations. In allocating more resources to fortify cyber security defenses than in previous years, health care institutions are aligned with strategic budgets with critical weaknesses and additional investments.
The researchers said in the report: “The allocations in a range of 7-10 % gradually increased from 10 % in 2020 to 14 % in 2024, indicating an increase in investment in higher cybersecurity budgets,” the researchers said in the report.
A slight majority of respondents – 52 % – said they expect the total IT budgets for their organizations to increase in 2025, while 10 % indicated a decrease, and 28 % stated that they do not imagine any change and 10 % did not know.
However, HIMSS said in the report that increasing the budget of respondents to survey since 2019 in general and humble and that additional budget allocations are needed to support security risks for increasing service providers.
“Effective artificial intelligence governance requires the appropriate policies, employees and continuous monitoring of risk processing such as data leakage and breach of social engineering – which include without restrictions, Deepfakes Kim said: “The hunting attacks driven by artificial intelligence, internal threats, etc.”.
Amnesty International provokes more security investments
Cyber security professionals in the field of health care, who responded to the survey, said there is limited monitoring of the use of artificial intelligence in their organizations.
“When they were asked if their institutions have approved consent for artificial intelligence techniques, nearly half – 47 % – from respondents indicated that their organizations have approval, while 42 % informed that they do not do it,” the researchers said.
“An additional 11 % was not sure whether these operations were inside their organizations.”
This lack of official artificial intelligence governance increases the risks, according to the new report, which also indicated Internet trick As an emerging threat.
“Half -50 % – of the respondents said that their organizations only allow artificial intelligence techniques, while 30 % allow artificial intelligence without official restrictions and 16 % of artificial intelligence is fully used.”
Only 1 % of those who respond to action such as “developing artificial intelligence policies or the implementation of handrails”, while 3 % of Himss’s respondents were not sure of their organizations’ position.
The most weaker and weakest
In 2024, the respondents were martyred with security improvements to tools as the most important progressive than increasing the total budgets.
“The majority – 57 % – of significant improvements to the tools they use, reported 47 % about significant improvements in policies and 31 % have reported significant improvements to employees,” according to the report.
The strengthening of the workforce – retaining employees, employment and compensation – was an ongoing issue for the sector.
The respondents to survey the former cyberspace HIMSS Opinion polls They cited employees as a great obstacle to improving cybersecurity programs for health care, and the researchers said that limited security budgets have made progress in this slow challenge.
Last year’s report It showed that the 2023 poll found that the retention of qualified cyberspace security personnel represents a challenge to the professionals of privacy and security in that year.
“We are making progress, but we must do more to stay at the top of advanced threats today and be ready for future threats,” researchers said in a statement.
“The weakest link in any security program is people, which is why education, tools and policies are still the most important defense lines.”
Communication about the priorities of cybersecurity
This year’s report included 273 Spring Security Service for Health Care, who bear at least some responsibility for daily cybersecurity operations or overseeing the cybersecurity program of the Health Care Corporation.
The respondents on November 6 and December 16, 2024 have requested about their views, knowledge and experiences over the past 12 months.
Nearly half of the respondents were executives and held cybersecurity as their main responsibility and had final responses. The most vulnerable vision in allocating cybersecurity budget by other respondents is also a cause of concern, according to HIMSS researchers.
They said: “While the executive administrative respondents were aware of the allocation of cybersecurity budget, non -administrative and non -executive respondents showed limited awareness, with a highlight of a chance to share better information about cybersecurity programs.”
While hunting is the most common way to electronic attacks of major security accidents, according to the poll, the researchers indicated that Gamification, Table exercises Interactive workshops enhance the teaching of the workforce threat.
“With the development of the threat scene, health care organizations must remain vigilant while ensuring cybersecurity enables business and clinical business,” Hesses said in a statement.
“Continuing to adapt and innovation will be necessary to move in an increasing digital world.”
Learn more in Cyber Health Care ForumThis year Himss25 in Las Vegas.
Andrea Fox is a great health care editor.
Email: Afox@himss.org
Healthcare is Hosz News.
