• Home

  • Healthcare

  • Infographic: Symantec Healthcare IT Security Risk Management Study
1
Cybersecurity in Healthcare: Why It’s Not Enough, Why It Can’t Wait While cyberattacks and data breaches are rising across industries, healthcare is lagging behind in cybersecurity investment: Worldwide spending on IT security is projected to increase 34% from 2015 spend. 1 $ 101B 2018 $ 75.4B 2015 The U.S. financial market is the largest market investing in cybersecurity, with a cumulative spend forecasted to exceed 68 billion between 2016-2020. 2 68 billion Cybersecurity is approximately 16% of the federal IT budget for 2016. 3 Total 2016 federal IT budget $ 86B $ 14B Cybersecurity In comparison, the healthcare industry averages are much lower, with less than 6% of their IT budget allocated to IT security. 4 <6 % Healthcare data is unique, which makes the privacy and security of it so critical: Criminal attacks, the number 1 root cause of healthcare data breaches, are rising. 6 While credit cards can be canceled when lost or stolen, medical records can be compromised for years. Electronic health records sell for $ 50 per chart on the black market, compared to $ 1 for a stolen social security number or credit card number. 5 WHY? Medical records contain most of the data hackers want, making them ideal for ONE-STOP STEALING. 7 Weak cybersecurity makes electronic protected health information (ePHI) more vulnerable. 50 % of survey respondents said 0-3 % of IT budget is allocated to IT security. 8 20 % of respondents comply with key mandates only (HIPAA, HITECH). But neither regulation addresses significant changes in IT, including cloud and mobile, to properly secure ePHI. 9 Medical device manufacturers are not mandated to incorporate cybersecurity features in their design and development. 10 The 2016 HIMSS Analytics Healthcare IT Security and Risk Management Study reveals several gaps in the current state of healthcare cybersecurity: Healthcare organizations are not filling the gaps in security for medical devices: 50 % of survey respondents are only beginning to address medical device security. 11 Overcoming the disconnect by defining cybersecurity in terms of risk: Survey respondents ranked the importance of a cybsercurity strategy for their organization high, but ONLY 23 % have an ongoing, consistent risk-management program. 12 Throwing security products into your network is not the answer. Healthcare organizations need to understand cybersecurity in terms of risk. 5.0 Importance of Cybersecurity Strategy 4.23 References: 1 Cybersecurity Market Report, Q4 2015, Cybersecurity Ventures, http://cybersecurityventures.com/cybersecurity-market-report/ 2 U.S. Financial Services: U.S. Financial Services: Cybersecurity Systems & Services Market – 2016-2020, http://www.prnewswire.com/news-releases/us-financial-services-cybersecurity-systems--services-market--2016-2020-300172422.html 3 https://www.whitehouse.gov/omb/budget/ 4 The HIMSS Analytic Healthcare IT Security and Risk Management Study 5 FBI Cyber Division, Private Industry Notification, April 4, 2014, http://www.illuminweb.com/wp-content/uploads/ill-mo-uploads/103/2418/health-systems-cyber-intrusions.pdf 6 Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, Ponemon Institute, May 2015, http://www.ponemon.org/blog/criminal-attacks-the-new-leading-cause-of-data-breach-in-healthcare 7 Internet Security Threat Report 2015, volume 20, Symantec, http://www.symantec.com/security_response/publications/threatreport.jsp 8, 9, 11, 12 The HIMSS Analytic Healthcare IT Security and Risk Management Study 10 http://www.bloomberg.com/features/2015-hospital-hack/, http://www.fda.gov/RegulatoryInformation/Guidances/ucm070634.htm www.himssmedia.com | ©2016 Produced by IT security budget Cybersecurity Budget Total IT Budget COMPLIANCE IS NOT ASSURANCE. These 5 steps can help your organization move from a reactive to a sustainable, business-driven approach: $ 50 $ 50 $ 1 $ 1 SSN 123-45-6789 125 % growth in 5 yrs 1 COMPLY with key mandates; base security controls 2 STAY AHEAD of threats 3 Let risk assessment DRIVE priorities 4 IMPLEMENT a sustainable risk-management program 5 Let business priorities ADVANCE the security strategy Find out how you can build a proactive cybersecurity strategy at www.symantec.com/healthcare &

Infographic: Symantec Healthcare IT Security Risk Management Study

Embed Size (px)

Citation preview

Page 1: Infographic: Symantec Healthcare IT Security Risk Management Study

Cybersecurity in Healthcare:Why It’s Not Enough, Why It Can’t Wait

While cyberattacks and data breaches are rising across industries,healthcare is lagging behind in cybersecurity investment:

Worldwide spending on ITsecurity is projected to increase34% from 2015 spend.1

$101B 2018

$75.4B 2015 The U.S. financial market isthe largest market investingin cybersecurity, with a cumulative spend forecastedto exceed 68 billion between2016-2020.2

68 billion

Cybersecurity isapproximately 16%of the federal IT budget for 2016.3

Total 2016federalIT budget

$86B $14B Cybersecurity

In comparison, the healthcareindustry averages are much lower, with less than 6% of theirIT budget allocated to IT security.4

<6%

Healthcare data is unique, which makes the privacy and security of it so critical:

Criminal attacks, the number 1root cause of healthcare databreaches, are rising.6

While credit cards can be canceledwhen lost or stolen, medical recordscan be compromised for years.

Electronic healthrecords sell for $50per chart on the black market, compared to$1 for a stolen social security number or credit card number.5

WHY? Medical records contain most ofthe data hackers want, makingthem ideal for ONE-STOP STEALING.7 Weak cybersecurity makes electronic protected healthinformation (ePHI) more vulnerable.

50% of survey respondents

said 0-3% of IT budget isallocated to IT security.8

20% of respondents

comply with key mandatesonly (HIPAA, HITECH). Butneither regulation addressessignificant changes in IT, including cloud and mobile, to properly secure ePHI.9

Medical device manufacturersare not mandated to incorporatecybersecurity features in theirdesign and development.10

The 2016 HIMSS Analytics Healthcare IT Security and Risk Management Studyreveals several gaps in the current state of healthcare cybersecurity:

Healthcare organizations are notfilling the gaps in security formedical devices: 50% of surveyrespondents are only beginning toaddress medical device security.11

Overcoming the disconnect by defining cybersecurity in terms of risk:

Survey respondents ranked theimportance of a cybsercuritystrategy for their organization

high, but ONLY 23%

have an ongoing, consistent risk-management program.12

Throwing security productsinto your network is notthe answer. Healthcareorganizations need tounderstand cybersecurityin terms of risk.

5.0

Importance ofCybersecurity

Strategy

4.23

References:1 Cybersecurity Market Report, Q4 2015, Cybersecurity Ventures, http://cybersecurityventures.com/cybersecurity-market-report/2 U.S. Financial Services: U.S. Financial Services: Cybersecurity Systems & Services Market – 2016-2020, http://www.prnewswire.com/news-releases/us-financial-services-cybersecurity-systems--services-market--2016-2020-300172422.html3 https://www.whitehouse.gov/omb/budget/4 The HIMSS Analytic Healthcare IT Security and Risk Management Study5 FBI Cyber Division, Private Industry Notification, April 4, 2014, http://www.illuminweb.com/wp-content/uploads/ill-mo-uploads/103/2418/health-systems-cyber-intrusions.pdf6 Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, Ponemon Institute, May 2015, http://www.ponemon.org/blog/criminal-attacks-the-new-leading-cause-of-data-breach-in-healthcare7 Internet Security Threat Report 2015, volume 20, Symantec, http://www.symantec.com/security_response/publications/threatreport.jsp 8, 9, 11, 12 The HIMSS Analytic Healthcare IT Security and Risk Management Study10 http://www.bloomberg.com/features/2015-hospital-hack/, http://www.fda.gov/RegulatoryInformation/Guidances/ucm070634.htm

www.himssmedia.com | ©2016

Produced by

IT security budgetCybersecurityBudget

Total ITBudget

COMPLIANCE ISNOT ASSURANCE.

These 5 steps can help your organization move from a reactive to a sustainable, business-driven approach:

$50$50 $1

$1SSN

123-45-6789 125%growthin 5 yrs

1 COMPLY with key mandates; base security controls 2 STAY AHEAD of threats

3 Let risk assessment DRIVE priorities 4 IMPLEMENT a sustainable risk-management program

5 Let business priorities ADVANCE the security strategy

Find out how you can build a proactive cybersecurity strategy at www.symantec.com/healthcare

&

The Healthcare IoT: Rewards and Risks (Infographic)

The Healthcare IoT: Rewards and Risks (Infographic)

Technology
Executive Perspective on the Healthcare IT Landscape Infographic

Executive Perspective on the Healthcare IT Landscape Infographic

Technology
2014 Security Predictions from Symantec - Infographic

2014 Security Predictions from Symantec - Infographic

Technology
Why Healthcare Brands Must Create Exceptional Content [Infographic]

Why Healthcare Brands Must Create Exceptional Content [Infographic]

Healthcare
Healthcare Almanac 2017 Infographic

Healthcare Almanac 2017 Infographic

Health & Medicine
WhitePaper - EPIC Healthcare protection by Symantec ...cdn.localon.com/upload-6811366812738561508.pdf · EPIC Healthcare protection by Symantec NetBackup ... EPIC Healthcare protection

WhitePaper - EPIC Healthcare protection by Symantec ...cdn.localon.com/upload-6811366812738561508.pdf · EPIC Healthcare protection by Symantec NetBackup ... EPIC Healthcare protection

Documents
Symantec Infographic - The State of Cyber Security

Symantec Infographic - The State of Cyber Security

Technology
Importance of Mobile Applications in Healthcare Industry [INFOGRAPHIC]

Importance of Mobile Applications in Healthcare Industry [INFOGRAPHIC]

Health & Medicine
The Shifting Landscape of Healthcare in Asia-Pacific Infographic

The Shifting Landscape of Healthcare in Asia-Pacific Infographic

Healthcare
Accenture Healthcare Technology Vision 2015 Infographic

Accenture Healthcare Technology Vision 2015 Infographic

Documents
Digital Healthcare - Global Electronic Health Records Market | An Aranca Infographic

Digital Healthcare - Global Electronic Health Records Market | An Aranca Infographic

Healthcare
Infographic: South-east Asia Healthcare 2016

Infographic: South-east Asia Healthcare 2016

Healthcare
Healthcare Transparency Index (HCTI) Infographic - Change Healthcare February 2014

Healthcare Transparency Index (HCTI) Infographic - Change Healthcare February 2014

Health & Medicine
Top 7 2015 Healthcare Trends infographic

Top 7 2015 Healthcare Trends infographic

Healthcare
Breast Cancer Awareness Infographic - SR Healthcare

Breast Cancer Awareness Infographic - SR Healthcare

Health & Medicine
IBM social technologies for healthcare-infographic

IBM social technologies for healthcare-infographic

Health & Medicine
Infographic: The Healthcare Quality Game

Infographic: The Healthcare Quality Game

Healthcare
Toxic Employees in Healthcare Infographic

Toxic Employees in Healthcare Infographic

Documents
Symantec Infographic: The psychology of trust in websites

Symantec Infographic: The psychology of trust in websites

Technology
Healthcare B2B Integration Infographic

Healthcare B2B Integration Infographic

Technology
Will Connected Health Save the Healthcare Industry? [Infographic]

Will Connected Health Save the Healthcare Industry? [Infographic]

Healthcare
Cloud based models in healthcare analytics (infographic) (pdf)

Cloud based models in healthcare analytics (infographic) (pdf)

Data & Analytics
SYMANTEC Backup Exec 2014 - infographic

SYMANTEC Backup Exec 2014 - infographic

Technology
Post breachdownload.microsoft.com/documents/pt-pt/Post_Breach...3 Symantec report: 2016 Symantec Internet Security Threat Report 4 promisec Blog: Endpoint Security Infographic Windows

Post breachdownload.microsoft.com/documents/pt-pt/Post_Breach...3 Symantec report: 2016 Symantec Internet Security Threat Report 4 promisec Blog: Endpoint Security Infographic Windows

Documents
GS1 UK Healthcare Conference 2016 infographic

GS1 UK Healthcare Conference 2016 infographic

Government & Nonprofit
Wisconsin Healthcare Coalition Model-bParati infoGraphic

Wisconsin Healthcare Coalition Model-bParati infoGraphic

Health & Medicine
Healthcare IT: Security Risks & Regulations (Infographic)

Healthcare IT: Security Risks & Regulations (Infographic)

Business
Clinical Mobile Workspaces: Changing Healthcare with Mobile IT [Infographic]

Clinical Mobile Workspaces: Changing Healthcare with Mobile IT [Infographic]

Health & Medicine
Q1 2016 - Healthcare IT services in review (infographic)

Q1 2016 - Healthcare IT services in review (infographic)

Technology
Healthcare administration infographic

Healthcare administration infographic

Business