Healthcare organizations are experiencing improvements in their security measures, yet there is still a pressing need for enhanced governance and greater investments in cybersecurity staff, as per the latest analysis from the Healthcare Information Management Systems Society (HIMSS).
In preparation for the 2024 Healthcare Cybersecurity Survey Report, HIMSS surveyed healthcare cybersecurity professionals responsible for daily security operations about industry practices and trends. The report indicates an increase in security threats and challenges, assesses budget utilization, and identifies opportunities for improvement in security discussions across organizations.
Continued Funding Shortfalls for Security Threats
The HIMSS annual cybersecurity survey, now in its 16th iteration, gathers insights from professionals managing healthcare cybersecurity programs. It explores critical issues such as ransomware, security breaches, budget allocations, and the impact of artificial intelligence.
“This year’s findings emphasize that relying solely on tools is insufficient; robust governance is crucial, emphasizing areas like AI, insider threats, and third-party risk management,” stated HIMSS, the parent organization of Healthcare IT News. Senior cybersecurity and privacy principal Lee Kim pointed out that while financial resources are vital for security, they alone cannot address AI-related risks without proper governance.
Interestingly, the survey revealed a decline in the number of ransomware victims willing to pay ransoms. This shift could be attributed to increased investments in IT security by healthcare organizations, which are now aligning their budgets more strategically with identified vulnerabilities. In fact, budget allocations for cybersecurity have gradually risen from 10% in 2020 to an anticipated 14% in 2024, indicating a positive trend towards enhanced cybersecurity spending.
AI Governance Needs Attention
Concerns about artificial intelligence are escalating, as many healthcare cybersecurity professionals reported limited monitoring of AI usage within their organizations. The survey found that while nearly half of the respondents (47%) confirmed their organizations have approval processes for AI technologies, 42% stated that such processes do not exist, leading to increased organizational risk.
The lack of formal governance surrounding AI raises alarm, particularly as machine learning-driven cyber threats emerge. According to the report, 50% of respondents indicated that their organizations only permit approved AI technologies, while 30% allow unrestricted AI use, and 16% entirely prohibit AI integration.
Improvements and Challenges in Cybersecurity Spending
Respondents highlighted improvements in cybersecurity tools as the most notable progress stemming from enhanced HIT budgets, with 57% reporting significant advancements in tool efficacy, 47% in policy improvements, and 31% in staffing enhancements. However, challenges in workforce retention, hiring, and training persist, with staffing cited as a top obstacle to bolstering cybersecurity programs.
Last year’s HIMSS survey revealed that maintaining a stable workforce of qualified cybersecurity professionals is still a significant hurdle. HIMSS researchers emphasized the need for continuous advancements to meet evolving threats and prepare for future risks, noting that education, tools, and policies play critical roles in defending against security challenges.
Enhancing Communication on Cybersecurity Initiatives
The 2024 survey involved 273 healthcare cybersecurity professionals with varying levels of responsibility in cybersecurity operations. Conducted between November 6 and December 16, it explored respondents’ perspectives on their organizations’ cybersecurity initiatives over the past year. While executive managers generally had better insights into budget allocations, non-management staff exhibited a lack of awareness, underscoring the need for improved information dissemination regarding cybersecurity strategies.
Phishing attacks remain the predominant method of cyber incidents, yet researchers noted that gamification and interactive threat education methods greatly enhance workforce engagement. “As the threat landscape evolves, healthcare organizations must remain vigilant while integrating cybersecurity into business and clinical operations,” HIMSS concluded, stressing the necessity for ongoing adaptation and innovation in an increasingly digital age.
