Inc. (NYSE AMERICAN: CTEK), a leader in healthcare cybersecurity,
privacy, and compliance, today announced findings from its first “CAPP
Conference Survey.” The survey was administered to attendees of the
company’s first inaugural CAPP
Community Conference: Cybersecurity 2019 this past May, which
focused on tackling some of the most pressing issues facing healthcare
cybersecurity and privacy, including vendor breaches and risks, new
state privacy laws, privacy and security culture, and medical device
security. The survey of approximately 60 C-level healthcare executives
revealed the greatest perceived threats and current challenges these
organizations are facing in cybersecurity and privacy.
Overall, the findings highlighted that the issues respondents were most
concerned about were the risks associated with Internet of Things (IoT),
medical devices, third-party vendors, and program
development/management. However, the data also pinpointed some of the
barriers or disconnects within the organization to solve these issues,
like executive leadership buy-in. Most notably:
40% responded that third-party risk is the threat that concerns them
Of the emerging threat areas (5G, AI, IoT, and supply chain)
discussed, over 50% responded that they were the most concerned about
Nearly one third of respondents reported that medical device security
is one of the top five risks facing healthcare according, to the Health
Industry Cybersecurity Practices, however most reported not having
an effective strategy in place to assess the risks posed by medical
devices. Even more alarming, 26% said they don’t have any process in
place at all.
Almost half of the organizations reported to have conducted an
incident response exercise only one time, or to have never done one at
‘Culture’ was listed as the leading difficulty (over compensation and
training) in retaining cybersecurity professionals.
54% of those surveyed said the biggest barrier to meeting privacy and
security challenges was due to lack of adequate resources (tools,
money, or people), and only 13% was due to senior management buy-in.
However, in a follow-up question, 40% responded that they didn’t know
if their Boards were more or less involved with cybersecurity and
privacy programs than they previously had been.
“The fact that the vast majority of respondents report a lack of
resources as a serious constraint against their cybersecurity program,
and senior management buy-in as the least concern, shows there is a huge
disconnect happening and is extremely troubling,” said David Finn,
Executive Vice President of Strategic Innovation at CynergisTek. “If
executive leadership truly understood the business risks posed by
inadequate cybersecurity and realized the major operational, financial,
and patient safety implications a security incident can have, they would
ensure any and all resources needed were available. We need to make sure
we are effectively communicating these issues to executive leadership so
they make cybersecurity a business priority.”
The “CAPP Conference Survey” findings reiterate the issues facing the
healthcare industry today and the difficulties to keep up with the ever
advancing cybersecurity world. The disparity between the severity of
these cybersecurity threats and the lack of urgency from organizations
to implement a plan or solution is creating a dangerous landscape that
many healthcare organizations have fallen victim to. The CAPP Conference
provided a platform to help bridge this gap by bringing together
industry experts and CynergisTek’s
CAPP community members to serve as resources to one another to help
address these common issues and work together to find a resolution.
For the complete “CAPP Conference Survey” data, please visit https://insights.cynergistek.com/slideshare/capp-conference-survey.
About CynergisTek, Inc.
CynergisTek is a top-ranked cybersecurity firm dedicated to serving the
information assurance needs of the healthcare industry. CynergisTek
offers specialized services and solutions to help organizations achieve
privacy, security, and compliance goals. Since 2004, the company has
served as a partner to hundreds of healthcare organizations and is
dedicated to supporting and educating the industry by contributing to
relevant industry associations. The company has been recognized by KLAS
in the 2016 and 2018 Cybersecurity reports as a top performing firm in
healthcare cybersecurity, as well as the 2017 Best in KLAS winner for
Cybersecurity Advisory Services.