Healthcare Cybersecurity Budgets are Still Falling Short

By Scott Mace

Cybersecurity budgets in healthcare are expected to continue to fall short of actual needs in the next year, according to a new survey by Healthcare Information and Management Systems Society (HIMSS) Market Intelligence.

Research for the 2021 State of Cybersecurity Report: The COVID-19 Evolution was conducted in January by surveying 131 security or cybersecurity decision-makers employed at U.S. hospitals, health systems, and ambulatory care organizations.

Three out of four respondents said changes due to the COVID-19 pandemic have resulted in a larger or more complex computing edge, akin to the cybersecurity concept of attack surfaces.

On average, these decision-makers believe they need to be spending 24% more on cybersecurity in the next two to three years than they currently do.

Of those surveyed, 73% say their organization needs to increase funding to continue to be secure, effective, and compliant. Unfortunately, only 40% expect their organizations will be able to make the necessary financial investment in cybersecurity.

The new IT security challenges presented by the pandemic have driven greater adoption of two-factor authentication. Total adoption of those surveyed is 67%, with 12% of adoption due to COVID-19.

Email and Telehealth Perceived as High-Security Risks

Two most common technologies—email and telehealth—are perceived to be high-security risks by those surveyed. Some 44% of organizations surveyed adopted telehealth in the past year as a response to the pandemic. At this point, 96% of organizations use email, and 95% use telehealth.

But these technologies are also rated as critical risk vectors. Of those surveyed, 84% perceive email and 70% perceive telehealth as introducing risk.

Three out of four respondents said their organization had added at least one computing element to their tech stack as a direct response to COVID-19. Among the leading components added due to the pandemic were telehealth, integration of tablets and smart phones into clinical workflow, smart or digitally connected medical devices, remote patient monitoring, and chatbots or other AI-assisted communication.

Scott Mace is a contributing writer for HealthLeaders.