Health Care Still in Hacker Cross-Hairs, but Defenses Improving

There is both good news and bad news in health-care security trends: The bad news is that 74 percent of health care organizations were hit by "significant" security incidents in the past year, of which 56 percent were conducted by so-called bad actors targeting specific organizations with sophisticated, targeted, financially motivated attacks. The numbers were flat over last year, according to the 2019 HIMSS Cybersecurity Survey, released this week at the HIMSS 2019 health IT conference. The good news is that there are signs that health-care organizations are better prepared for such incidents and are spending more money on security and staff training, according to Rod Piechowski, Senior Director of Health Information Systems for the HIMSS. Organizations are doing a better job of making "everyone believe they are part of the solution," he told eWEEK. "Too often security is viewed as an IT-only responsibility." More good news is found in the work of the Food & Drug Administration, vendors, provider networks and volunteer groups who are working to establish standards for securing medical devices as well as developing plans for mediating the next big cyberattack along the lines of WannaCry, which decimated businesses and health-care organizations across Europe in 2017.