Skip to main content


Survey: 71% of Organizations Have Allocated Cybersecurity Budget

By Alexandra Wilson Pecci  
   August 25, 2017

The 2017 HIMSS Cybersecurity Survey indicates healthcare organizations are preparing for cyberattacks and data breaches to a greater degree than anticipated.

Healthcare organizations are taking cybersecurity seriously and are doing more than ever before to shore up their organizations against attack.

That’s a conclusion of 2017 HIMSS Cybersecurity Survey, which found that 71% of the organizations included in the survey allocate specific budget toward cybersecurity. Additionally, 80% of IT leaders said their organization employs dedicated cybersecurity staff.

The new HIMSS survey focuses on the responses from 126 IT leaders who report having some responsibility for information security in a U.S.-based healthcare provider organization.

It’s been a tough year for healthcare cybersecurity: In June, the pharmaceutical company Merck, health records service Nuance Communications, and the Pennsylvania-based Heritage Valley Health System were among the many entities affected by a global ransomware attack.

And in May, the United Kingdom's National Health Service was crippled when a global ransomware attack—dubbed "WannaCry"—forced appointments and operations to be cancelled, hospitals to disconnect from email, IT systems to be shut off, and some facilities to turn patients away.

According to HIMSS, the survey indicates healthcare organizations are preparing for such attacks to a greater degree than anticipated.

“Quality, stress-tested cybersecurity programs are imperative to protecting provider organizations and the patients they care for,” Rod Piechowski, senior director of health information systems for HIMSS, said in a statement.

“This data is encouraging because it shows that many organizations are making security programs a priority; however, there is room for continued improvement. Our hope is that the new research will be an important resource for organizations navigating the complex security landscape.”

The survey aimed to find out how healthcare organizations are protecting their information and assets from cyber-attacks and other data compromises. For instance, it found that 60% of respondents said their organizations employ a senior information security leader, such as a chief information security officer.

That’s good news, HIMSS says, since organizations with a CISO or other senior security leader tend to adopt holistic cybersecurity practices and perspectives in areas like procurement, education and training, and adopting the NIST Cybersecurity Framework.

In addition, security professionals are focusing on medical device security, with patient safety, data breaches, and malware as the top three concerns. In fact, last year, one CIO called unsecured devices "a big, big, big problem."

The survey also finds that:

·         60% of organizations with specific cybersecurity budgets allocate 3% or more of overall budget

·         75% say that they have some type of insider threat management program at their organization

·         85% that they conduct a risk assessment at least once a year

·         75% regularly conduct penetration testing

Alexandra Wilson Pecci is an editor for HealthLeaders.

Get the latest on healthcare leadership in your inbox.