Solutions

Solutions powered by
Learn More.
Frame 586 (1)

Quality Manager formerly known as abaqis®

Mitigate risk and elevate your quality of care. Improving both clinical and business outcomes starts with a smarter, more integrated approach to regulatory training, continuing education and quality management.

Learn More

NEW TO THE STORE

hStream Content Marketplace

Connecting you to the Best Content. Access to 75 Partners and 35,000+ Courses in our Industry-Leading Marketplace. Streamline content purchasing, updates, hosting and connectivity for your organizational needs.

NurseGrid Learn

Online store for Clinical Learners. Individual CE Credit and industry products for Clinical Learners are now available through NurseGrid Learn (Beta). Explore our robust collection of courses that provides an unparalleled level of flexibility and choice.

Practitioner Courses

Meet the DEA's new requirement under the Medication Access and Training Expansion (MATE) Act in an online, high-quality and self-paced 8-hour DEA MATE Act course specifically designed for practitioners, including Physicians, PAs, NPs, Pharmacists, Dentists and others.

LATEST & POPULAR

BLOG

Join Us at Thrive24: The Ultimate HealthStream Credentialing User Group Conference!
BLOG

Gen Z Enters the Workforce: How Healthcare Can Adapt Training Programs for the Next Generation
BLOG

Telehealth: From Pandemic Tool to Preferred Option
On-Demand Webinar

State of the Industry: What’s Next for Healthcare Quality & Safety in 2024?
CUSTOMER STORY

Quantifiable results highlight switch to jane®
ARTICLE

10 Trends for 2024: Absorbing New Technology, Facing New Realities, and Solving Old Problems

< HealthStream Resources

HIMSS Blog 02. Blog Image (1)

What the HIMSS 2022 Cybersecurity Survey Means for Your Organization

July 27, 2023
July 27, 2023

The Healthcare Information and Management Systems Society (HIMSS) is a non-profit organization dedicated to reforming the global health ecosystem through the power of information and technology – two things that are essential to healthcare, but also create vulnerabilities in the healthcare delivery system. HIMSS recently published the results of their 2022 HIMSS Healthcare Cybersecurity Survey. The survey results provided insight into current issues in healthcare cybersecurity.

Survey Background

In 2022, HIMSS surveyed 159 cybersecurity professionals working in healthcare. The majority (67%) of the respondents had primary responsibility for the cybersecurity programs at their organizations. The majority of them worked for healthcare provider organizations (60%) with the remaining respondents reporting that they worked for vendors, consulting firms or government entities. About 35% reported being in executive roles; while 41% reported being in non-executive management roles and 24% reported being in non-management roles. Some of the survey’s key findings are summarized below.

Survey Findings – There are Significant Recruitment, Retention and Training Issues

Workforce challenges in healthcare are the norm and those challenges extend to cybersecurity professionals. Most respondents (61%) agreed that the main barrier to achieving a robust cybersecurity program is a lack of cybersecurity staff. Challenges such as difficulties in recruiting qualified staff, insufficient budget, lack of qualified candidates and non-competitive compensation were cited as barriers to hiring. The majority (67%) also agreed that retention was a serious concern. 

While the nature of cybersecurity threats continues to evolve, training remains less frequent than what would be considered optimal. The majority (61%) cite a lack of time for training as a significant barrier to receiving training from an external cybersecurity training provider. Employers not subsidizing the costs of training (23%) or not subsidizing a sufficient amount of the training costs (20%) round out the list of the top three barriers.

Survey Findings – Challenges and Processes

While it may not be a fulsome solution, a larger budget and more staff is important in cybersecurity. When asked about changes to their budgets from 2021 to 2022, nearly 52% reported that their budgets had increased and 47% reported that their budgets would increase from 2022 to 2023.

When asked about the barriers to achieving better cybersecurity, the top two answers were a lack of cybersecurity staff (61%) and a lack of budget (50%). In addition, cybersecurity professionals cited the following as barriers to achieving better cybersecurity:

 

  • Lack of data inventory (45%)
  • Lack of data classification (38%)
  • Lack of specialized skills amongst cybersecurity staff (38%)
  • Lack of organizational cooperation (31%)
  • Lack of policies and procedures reflecting current practice (31%)
  • Lack of awareness about policies and procedures (30%)

While passwordless multi-factor identification is a growing and safer trend, it has not yet gotten traction in healthcare organizations. In 2016, just 39% of healthcare organizations were using multi-factor identification such as a password and an authenticator app or SMS code. The 2022 results showed that 80% were currently using multi-factor authentication with a password and authenticator app and 58% reported using passwords and SMS codes. (Multiple responses were allowed meaning that responses to this question would not add up to 100%.)

Respondents also reported a decrease in information sharing. In 2018, 69% of respondents reported sharing threat information with peers. In the 2022 study, just 53% of respondents reported sharing threat information with their healthcare cybersecurity peers. The decrease in information sharing could potentially result in a lack of awareness of new and emerging threats.

Survey Findings – Ransomware Issues

The good news is that a significant majority (78%) of respondents reported that their organizations had not experienced a ransomware attack within the past year. This appears to be part of a larger trend across all industry sectors of a decrease in ransomware attacks.

While there are still active ransomware strains impacting the healthcare sector, the report cited law enforcement’s successful actions against cybercriminals, regulations prohibiting payments to sanctioned groups, the economic downturn in cryptocurrency and a decrease in ransomware victims paying ransom as contributing to the decrease in attacks.

Survey Findings – Improving Cybersecurity in Healthcare

The report concluded with some recommendations about how to further protect healthcare organizations from cyberattacks.

The healthcare workforce is the first line of defense against cybercrime and the report recommended more frequent and practical cybersecurity training for staff and for cybersecurity professionals, providing broader awareness training for all staff to help them recognize the scope and breadth of these threats, and hiring and training more cybersecurity professionals.

On the technical side, the report recommended moving to passwordless, multifactor identification, more robust incident response teams, post-incident digital forensics, leveraging third-party vendor expertise, peer-to-peer information sharing about emerging threats, and insider threat detection.


Employees represent your organization’s first line of defense against cyber-attacks. HealthStream’s Security Awareness Solution can help protect your organization by equipping employees to recognize potential security threats.