Lack of Employee Awareness and Education are Greatest Threats to Healthcare Security
According to Level 3 Study Conducted by HIMSS Analytics
BROOMFIELD, Colo., April 18, 2017 – Lack of employee awareness and education present the greatest security threat exposure according to responses from 125 health IT executives and professionals participating in the 2017 Level 3 Healthcare Security Study. The study, conducted by HIMSS Analytics and sponsored by Level 3 Communications, Inc. (NYSE: LVLT), was designed to identify and understand high-level IT security concerns in the healthcare industry as the threat landscape continues to evolve, placing the industry’s valuable healthcare data and critical care infrastructure at risk.
Humans are the weakest link in healthcare security.
Nearly 80 percent of participants said employee security awareness is their greatest concern regarding threat exposure, despite 85 percent indicating they have existing security awareness programs in place.
Network uptime is imperative to critical care infrastructure.
Ninety-five percent of respondents list EHR systems as having the greatest reliance on network uptime. HIS ranks second – ahead of remote monitoring, communications and PACS storage.
Most healthcare organizations mitigate risk in multiple ways.
Most organizations employ the following practices: remote access/secure access controls, employee security awareness programs and security consulting services like vulnerability assessments and penetration testing.
- Nearly 80 percent of survey participants identified employee security awareness as the source of their greatest concern regarding threat exposure.
- Ninety-five percent of respondents list EHR systems as having the greatest importance for network uptime. Hospital interface systems ranks as the second most important (51 percent) – ahead of remote monitoring for patients (39 percent), communications systems (37 percent) and PACS storage (36 percent).
- The majority of organizations employ multiple risk mitigation practices: 87 percent leverage remote access/secure access controls, 85 percent rely on employee security awareness programs and 75 percent incorporate security consulting services like vulnerability assessments and penetration testing.
- A little over half of respondents have practices such as DDoS mitigation (56 percent) and/or threat intelligence (55 percent) in place today.
Bryan Fiekers, Senior Director Research Services for HIMSS Analytics
“While the research uncovered only a ‘modest’ concern around the prospect of a security breach within hospital organizations over the next 12 months, providers are looking for closer partnerships with their network providers. My interpretation of the findings is that healthcare organizations must remain vigilant against cyber security threats and leverage all of their resources effectively to ensure every individual knows their role. Security cannot become an out-of-sight, out-of-mind problem.”
Chris Richter, SVP, Global Security Services for Level 3
“The security threats the healthcare industry is facing are real and they’re only increasing in volume and sophistication as bad actors continue to seek out coveted protected health information. Aside from fostering and maintaining a culture of security, which includes regular employee security training, healthcare organizations should implement a security governance framework and appropriate technology controls. These include threat intelligence, DDoS mitigation and next generation firewalling and sandboxing – all critical next steps for healthcare providers to secure their networks.”
- Watch the 2017 Healthcare Security Study video with Chris Richter
- Review the 2017 Level 3 Healthcare Security Study
- Read Predicting the Next Cyberattack
For more information on Level 3’s advanced network and service offerings, visit www.level3.com.
About Level 3 Communications
Level 3 Communications, Inc. (NYSE: LVLT) is a Fortune 500 company that provides local, national and global communications services to enterprise, government and carrier customers. Level 3’s comprehensive portfolio of secure, managed solutions includes fiber and infrastructure solutions; IP-based voice and data communications; wide-area Ethernet services; video and content distribution; data center and cloud-based solutions. Level 3 serves customers in more than 500 markets in over 60 countries across a global services platform anchored by owned fiber networks on three continents and connected by extensive undersea facilities. For more information, please visit www.level3.com or get to know us on Twitter, Facebook and LinkedIn.
© Level 3 Communications, LLC. All Rights Reserved. Level 3, Vyvx, Level 3 Communications, Level (3) and the Level 3 Logo are either registered service marks or service marks of Level 3 Communications, LLC and/or one of its Affiliates in the United States and elsewhere. Any other service names, product names, company names or logos included herein are the trademarks or service marks of their respective owners. Level 3 services are provided by subsidiaries of Level 3 Communications, Inc.
Some statements made in this press release are forward-looking in nature and are based on management's current expectations or beliefs. These forward-looking statements are not a guarantee of performance and are subject to a number of uncertainties and other factors, many of which are outside Level 3's control, which could cause actual events to differ materially from those expressed or implied by the statements. Important factors that could prevent Level 3 from achieving its stated goals include, but are not limited to, the company's ability to: increase revenue from its services to realize its targets for financial and operating performance; develop and maintain effective business support systems; manage system and network failures or disruptions; avert the breach of its network and computer system security measures; develop new services that meet customer demands and generate acceptable margins; manage the future expansion or adaptation of its network to remain competitive; defend intellectual property and proprietary rights; manage risks associated with continued uncertainty in the global economy; manage continued or accelerated decreases in market pricing for communications services; obtain capacity for its network from other providers and interconnect its network with other networks on favorable terms; successfully integrate future acquisitions; effectively manage political, legal, regulatory, foreign currency and other risks it is exposed to due to its substantial international operations; mitigate its exposure to contingent liabilities; and meet all of the terms and conditions of its debt obligations. Additional information concerning these and other important factors can be found within Level 3's filings with the Securities and Exchange Commission. Statements in this press release should be evaluated in light of these important factors. Level 3 is under no obligation to, and expressly disclaims any such obligation to, update or alter its forward-looking statements, whether as a result of new information, future events, or otherwise.
+ 1 720-888-2518