What gives health execs the most anxiety? Ransomware and social engineering, among others

Research conducted by CHIME and AEHIS uncovers the need for new cybersecurity tools, help from federal agencies and incentives for information sharing.
By Bernie Monegain

Malware and ramsomware are top of mind for healthcare executives, according to a new survey from the College of Healthcare Information Management Executives and the Association for Executives in Healthcare Information Security.


Responses cited social engineering, data theft and internal threats as the most common cybersecurity dangers facing their organizations. Malware and ransomware ranked as the topmost ways cyber criminals are exploiting security weaknesses in hospitals and health systems today.


CHIME vice president for federal affairs Mari Savickis presented survey findings to the Health and Human Services Cybersecurity Task Force on October 26.


Mandated by the Cybersecurity Information Sharing Act of 2015, the task force is charged with analyzing the challenges and barriers to cybersecurity in healthcare. The group is also studying how other industries are protecting data.


The survey showed healthcare organizations need help from federal agencies to improve information sharing and threat assessments. Nearly 65 percent of respondents said that they were somewhat confident or not confident at all that federal legislators understand the importance of security enough to support key policy initiatives healthcare organizations need.


Survey respondents said the federal government should develop tools for providers of different sizes and resources. Smaller organizations with limited resources often have a different set of needs than large health systems, respondents agreed.


They also called on lawmakers to adopt incentives to encourage greater information sharing, including protecting organizations that voluntarily work to improve security across the delivery system from punitive government audits.


CHIME and AEHIS canvassed nearly 200 of their members for their research.


The HHS task force is expected to deliver its report on cybersecurity in healthcare early next year.