• Home

  • Healthcare

  • Infographic: Symantec Healthcare IT Security Risk Management Study
1
Cybersecurity in Healthcare: Why It’s Not Enough, Why It Can’t Wait While cyberattacks and data breaches are rising across industries, healthcare is lagging behind in cybersecurity investment: Worldwide spending on IT security is projected to increase 34% from 2015 spend. 1 $ 101B 2018 $ 75.4B 2015 The U.S. financial market is the largest market investing in cybersecurity, with a cumulative spend forecasted to exceed 68 billion between 2016-2020. 2 68 billion Cybersecurity is approximately 16% of the federal IT budget for 2016. 3 Total 2016 federal IT budget $ 86B $ 14B Cybersecurity In comparison, the healthcare industry averages are much lower, with less than 6% of their IT budget allocated to IT security. 4 <6 % Healthcare data is unique, which makes the privacy and security of it so critical: Criminal attacks, the number 1 root cause of healthcare data breaches, are rising. 6 While credit cards can be canceled when lost or stolen, medical records can be compromised for years. Electronic health records sell for $ 50 per chart on the black market, compared to $ 1 for a stolen social security number or credit card number. 5 WHY? Medical records contain most of the data hackers want, making them ideal for ONE-STOP STEALING. 7 Weak cybersecurity makes electronic protected health information (ePHI) more vulnerable. 50 % of survey respondents said 0-3 % of IT budget is allocated to IT security. 8 20 % of respondents comply with key mandates only (HIPAA, HITECH). But neither regulation addresses significant changes in IT, including cloud and mobile, to properly secure ePHI. 9 Medical device manufacturers are not mandated to incorporate cybersecurity features in their design and development. 10 The 2016 HIMSS Analytics Healthcare IT Security and Risk Management Study reveals several gaps in the current state of healthcare cybersecurity: Healthcare organizations are not filling the gaps in security for medical devices: 50 % of survey respondents are only beginning to address medical device security. 11 Overcoming the disconnect by defining cybersecurity in terms of risk: Survey respondents ranked the importance of a cybsercurity strategy for their organization high, but ONLY 23 % have an ongoing, consistent risk-management program. 12 Throwing security products into your network is not the answer. Healthcare organizations need to understand cybersecurity in terms of risk. 5.0 Importance of Cybersecurity Strategy 4.23 References: 1 Cybersecurity Market Report, Q4 2015, Cybersecurity Ventures, http://cybersecurityventures.com/cybersecurity-market-report/ 2 U.S. Financial Services: U.S. Financial Services: Cybersecurity Systems & Services Market – 2016-2020, http://www.prnewswire.com/news-releases/us-financial-services-cybersecurity-systems--services-market--2016-2020-300172422.html 3 https://www.whitehouse.gov/omb/budget/ 4 The HIMSS Analytic Healthcare IT Security and Risk Management Study 5 FBI Cyber Division, Private Industry Notification, April 4, 2014, http://www.illuminweb.com/wp-content/uploads/ill-mo-uploads/103/2418/health-systems-cyber-intrusions.pdf 6 Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, Ponemon Institute, May 2015, http://www.ponemon.org/blog/criminal-attacks-the-new-leading-cause-of-data-breach-in-healthcare 7 Internet Security Threat Report 2015, volume 20, Symantec, http://www.symantec.com/security_response/publications/threatreport.jsp 8, 9, 11, 12 The HIMSS Analytic Healthcare IT Security and Risk Management Study 10 http://www.bloomberg.com/features/2015-hospital-hack/, http://www.fda.gov/RegulatoryInformation/Guidances/ucm070634.htm www.himssmedia.com | ©2016 Produced by IT security budget Cybersecurity Budget Total IT Budget COMPLIANCE IS NOT ASSURANCE. These 5 steps can help your organization move from a reactive to a sustainable, business-driven approach: $ 50 $ 50 $ 1 $ 1 SSN 123-45-6789 125 % growth in 5 yrs 1 COMPLY with key mandates; base security controls 2 STAY AHEAD of threats 3 Let risk assessment DRIVE priorities 4 IMPLEMENT a sustainable risk-management program 5 Let business priorities ADVANCE the security strategy Find out how you can build a proactive cybersecurity strategy at www.symantec.com/healthcare &

Infographic: Symantec Healthcare IT Security Risk Management Study

Embed Size (px)

Citation preview

Page 1: Infographic: Symantec Healthcare IT Security Risk Management Study

Cybersecurity in Healthcare:Why It’s Not Enough, Why It Can’t Wait

While cyberattacks and data breaches are rising across industries,healthcare is lagging behind in cybersecurity investment:

Worldwide spending on ITsecurity is projected to increase34% from 2015 spend.1

$101B 2018

$75.4B 2015 The U.S. financial market isthe largest market investingin cybersecurity, with a cumulative spend forecastedto exceed 68 billion between2016-2020.2

68 billion

Cybersecurity isapproximately 16%of the federal IT budget for 2016.3

Total 2016federalIT budget

$86B $14B Cybersecurity

In comparison, the healthcareindustry averages are much lower, with less than 6% of theirIT budget allocated to IT security.4

<6%

Healthcare data is unique, which makes the privacy and security of it so critical:

Criminal attacks, the number 1root cause of healthcare databreaches, are rising.6

While credit cards can be canceledwhen lost or stolen, medical recordscan be compromised for years.

Electronic healthrecords sell for $50per chart on the black market, compared to$1 for a stolen social security number or credit card number.5

WHY? Medical records contain most ofthe data hackers want, makingthem ideal for ONE-STOP STEALING.7 Weak cybersecurity makes electronic protected healthinformation (ePHI) more vulnerable.

50% of survey respondents

said 0-3% of IT budget isallocated to IT security.8

20% of respondents

comply with key mandatesonly (HIPAA, HITECH). Butneither regulation addressessignificant changes in IT, including cloud and mobile, to properly secure ePHI.9

Medical device manufacturersare not mandated to incorporatecybersecurity features in theirdesign and development.10

The 2016 HIMSS Analytics Healthcare IT Security and Risk Management Studyreveals several gaps in the current state of healthcare cybersecurity:

Healthcare organizations are notfilling the gaps in security formedical devices: 50% of surveyrespondents are only beginning toaddress medical device security.11

Overcoming the disconnect by defining cybersecurity in terms of risk:

Survey respondents ranked theimportance of a cybsercuritystrategy for their organization

high, but ONLY 23%

have an ongoing, consistent risk-management program.12

Throwing security productsinto your network is notthe answer. Healthcareorganizations need tounderstand cybersecurityin terms of risk.

5.0

Importance ofCybersecurity

Strategy

4.23

References:1 Cybersecurity Market Report, Q4 2015, Cybersecurity Ventures, http://cybersecurityventures.com/cybersecurity-market-report/2 U.S. Financial Services: U.S. Financial Services: Cybersecurity Systems & Services Market – 2016-2020, http://www.prnewswire.com/news-releases/us-financial-services-cybersecurity-systems--services-market--2016-2020-300172422.html3 https://www.whitehouse.gov/omb/budget/4 The HIMSS Analytic Healthcare IT Security and Risk Management Study5 FBI Cyber Division, Private Industry Notification, April 4, 2014, http://www.illuminweb.com/wp-content/uploads/ill-mo-uploads/103/2418/health-systems-cyber-intrusions.pdf6 Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, Ponemon Institute, May 2015, http://www.ponemon.org/blog/criminal-attacks-the-new-leading-cause-of-data-breach-in-healthcare7 Internet Security Threat Report 2015, volume 20, Symantec, http://www.symantec.com/security_response/publications/threatreport.jsp 8, 9, 11, 12 The HIMSS Analytic Healthcare IT Security and Risk Management Study10 http://www.bloomberg.com/features/2015-hospital-hack/, http://www.fda.gov/RegulatoryInformation/Guidances/ucm070634.htm

www.himssmedia.com | ©2016

Produced by

IT security budgetCybersecurityBudget

Total ITBudget

COMPLIANCE ISNOT ASSURANCE.

These 5 steps can help your organization move from a reactive to a sustainable, business-driven approach:

$50$50 $1

$1SSN

123-45-6789 125%growthin 5 yrs

1 COMPLY with key mandates; base security controls 2 STAY AHEAD of threats

3 Let risk assessment DRIVE priorities 4 IMPLEMENT a sustainable risk-management program

5 Let business priorities ADVANCE the security strategy

Find out how you can build a proactive cybersecurity strategy at www.symantec.com/healthcare

&

TrustisnotaControlButyousllhaveto haveit.(Or$How$Ilearned ... B23.pdf · SYMANTEC$VISION$2013$ HITRUST,"simplified" Symantec$Healthcare$ • To$increase$trustin$the$way$health$informaon$is$safeguarded.$$

TrustisnotaControlButyousllhaveto haveit.(Or$How$Ilearned ... B23.pdf · SYMANTEC$VISION$2013$ HITRUST,"simplified" Symantec$Healthcare$ • To$increase$trustin$the$way$health$informaon$is$safeguarded.$$

Documents
Symantec Freak Vulnerability Infographic

Symantec Freak Vulnerability Infographic

Business
The Shifting Landscape of Healthcare in Asia-Pacific Infographic

The Shifting Landscape of Healthcare in Asia-Pacific Infographic

Healthcare
Top 7 2015 Healthcare Trends infographic

Top 7 2015 Healthcare Trends infographic

Healthcare
SAP Healthcare Infographic

SAP Healthcare Infographic

Documents
Importance of Mobile Applications in Healthcare Industry [INFOGRAPHIC]

Importance of Mobile Applications in Healthcare Industry [INFOGRAPHIC]

Health & Medicine
2015 Healthcare IT Vision Infographic...2015 Healthcare IT Vision Infographic Author Accenture Subject View infographic about Top 5 eHealth trends for 2015 healthcare IT vision Keywords

2015 Healthcare IT Vision Infographic...2015 Healthcare IT Vision Infographic Author Accenture Subject View infographic about Top 5 eHealth trends for 2015 healthcare IT vision Keywords

Documents
Intel Symantec Alliance Infographic

Intel Symantec Alliance Infographic

Technology
Symantec Infographic: The psychology of trust in websites

Symantec Infographic: The psychology of trust in websites

Technology
Executive Perspective on the Healthcare IT Landscape Infographic

Executive Perspective on the Healthcare IT Landscape Infographic

Technology
The Healthcare IoT: Rewards and Risks (Infographic)

The Healthcare IoT: Rewards and Risks (Infographic)

Technology
Post breachdownload.microsoft.com/documents/pt-pt/Post_Breach...3 Symantec report: 2016 Symantec Internet Security Threat Report 4 promisec Blog: Endpoint Security Infographic Windows

Post breachdownload.microsoft.com/documents/pt-pt/Post_Breach...3 Symantec report: 2016 Symantec Internet Security Threat Report 4 promisec Blog: Endpoint Security Infographic Windows

Documents
Infographic: B2B Integration for Healthcare IT

Infographic: B2B Integration for Healthcare IT

Healthcare
Vip strong authentication : No Passwords - infographic by Symantec

Vip strong authentication : No Passwords - infographic by Symantec

Internet
BYOD ePHI & HIPAA Compliance Healthcare Infographic eFax Corporate

BYOD ePHI & HIPAA Compliance Healthcare Infographic eFax Corporate

Healthcare
Healthcare Almanac 2017 Infographic

Healthcare Almanac 2017 Infographic

Health & Medicine
Healthcare Legal Policies and Ethics Overview Infographic€¦ · Healthcare Legal Policies and Ethics ... This infographic I came across by the University of Cincinnati provides

Healthcare Legal Policies and Ethics Overview Infographic€¦ · Healthcare Legal Policies and Ethics ... This infographic I came across by the University of Cincinnati provides

Documents
Healthcare B2B Integration Infographic

Healthcare B2B Integration Infographic

Technology
WhitePaper - EPIC Healthcare protection by Symantec ...cdn.localon.com/upload-6811366812738561508.pdf · EPIC Healthcare protection by Symantec NetBackup ... EPIC Healthcare protection

WhitePaper - EPIC Healthcare protection by Symantec ...cdn.localon.com/upload-6811366812738561508.pdf · EPIC Healthcare protection by Symantec NetBackup ... EPIC Healthcare protection

Documents
Infographic: The Healthcare Quality Game

Infographic: The Healthcare Quality Game

Healthcare
Clinical Mobile Workspaces: Changing Healthcare with Mobile IT [Infographic]

Clinical Mobile Workspaces: Changing Healthcare with Mobile IT [Infographic]

Health & Medicine
Cloud based models in healthcare analytics (infographic) (pdf)

Cloud based models in healthcare analytics (infographic) (pdf)

Data & Analytics
GS1 UK Healthcare Conference 2016 infographic

GS1 UK Healthcare Conference 2016 infographic

Government & Nonprofit
Infographic: South-east Asia Healthcare 2016

Infographic: South-east Asia Healthcare 2016

Healthcare
Toxic Employees in Healthcare Infographic

Toxic Employees in Healthcare Infographic

Documents
Change Healthcare HCTI Q4 2013 Infographic

Change Healthcare HCTI Q4 2013 Infographic

Healthcare
Why Healthcare Brands Must Create Exceptional Content [Infographic]

Why Healthcare Brands Must Create Exceptional Content [Infographic]

Healthcare
Will Connected Health Save the Healthcare Industry? [Infographic]

Will Connected Health Save the Healthcare Industry? [Infographic]

Healthcare
OT Healthcare Infographic€¦ · OT Healthcare Infographic Author: CommScope Subject: This infographic covers the challenges operational technology (OT) managers face in the healthcare

OT Healthcare Infographic€¦ · OT Healthcare Infographic Author: CommScope Subject: This infographic covers the challenges operational technology (OT) managers face in the healthcare

Documents
Digital Healthcare - Global Electronic Health Records Market | An Aranca Infographic

Digital Healthcare - Global Electronic Health Records Market | An Aranca Infographic

Healthcare