Managing Healthcare Risk in a Networked World

Independently conducted by Ponemon Institute LLC  |  Sponsored by Michigan Healthcare Cybersecurity Council

Planning & Strategy

KEY FINDING:  Avoiding unplanned downtime is a priority for healthcare organizations.

Concerns about the impact of unplanned downtime on patient care makes this the number one risk that is addressed in the data management strategy, as shown in Figure 13. This is followed by third-party vendors (54 percent of respondents). Despite the number of data breaches and cybersecurity incidents affecting healthcare organizations, less than half (47 percent) of respondents say the risk of cyber criminals is covered in the strategy and only 39 percent of respondents say data breaches are addressed.

Which of the following risks does your organization’s data management strategy address?

Unplanned downtime
0%
Third-party vendors
0%
Cyber criminals
0%
Negligent insiders
0%
Data breaches
0%
Malicious insiders
0%
Privileged user access management
0%

KEY FINDING:  Patient medical records are most at risk.

According to the graph below, 80 percent of respondents say their organizations are most concerned about the loss or theft of patient medical records. Passwords and other authentication credentials (62 percent of respondents) and login credentials (54 percent of respondents) are the next two highest items respondents are concerned about being at risk.

What types of data is your organization most concerned about?

Patient medical records
0%
Passwords and other authentication credentials
0%
Login credentials
0%
Patient billing information
0%
Productivity applications
0%
Email content and attachments
0%
Administrative and scheduling information
0%
Administrative and financial information
0%
Clinical and other research information
0%

KEY FINDING: Most organizations are not confident in their data loss prevention technologies.

When asked to rate their confidence in these technologies, only 36 percent rated their confidence as high (20 percent) or very high (16 percent). Of these respondents, 56 percent say confidence is based on clear leadership and 53 percent say it is sufficient staffing, as shown below. Forty-seven percent of respondents say it is because of the effectiveness of technologies.

If your organization is confident that data loss prevention technologies and processes used in your organization have reduced the loss or leakage of sensitive information, why?

Clear leadership
0%
Sufficient staffing
0%
Effective technologies
0%
Understanding how to protect against cyberattacks
0%
In-house expertise
0%
Management sees cyberattacks as a significant risk
0%
Considered a top priority
0%
Sufficient budget
0%
Other
0%