50% of EMEA Healthcare Organizations Surveyed Lack Awareness of Security Threats in Their Organizations, says IDC Health Insights

London, — In a recent survey conducted across major healthcare organizations in Europe and Russia, IDC Health Insights found that half of the respondent organizations don’t know the number and nature of security events that have occurred in their organization in the past 12 months. More insights are revealed in the report, Business Strategy: How Secure is your Information Security Strategy? 10+1 Recommendations on Cyber Security for EMEA Healthcare Organizations (Doc # HIOH02T), which sheds light on the fundamental issues around core security initiatives in healthcare organizations across Europe and Russia.

The survey report outlines recommendations that will help IT executives in healthcare organizations to maximize the benefits of their investments in information security, helping to minimize the risk of security breaches and other events, while embracing new opportunities, such as cloud, social networking, and mobile devices.

Healthcare is a highly “information-dependent” environment: patient clinical data are the key asset in the healthcare organization and therefore data protection is a strategic issue. Patient data protection became a stringent problem as healthcare providers’ adoption of solutions aimed at enabling collaboration and information sharing such as electronic health records is increasing. The advent of new and expanded information technology in healthcare has created both concern and liberation for healthcare organizations. Topping the list of these concerns are security, confidentiality, accessibility, and integrity of information.

“As healthcare organizations are only now entering the digital era, an extreme makeover of their information systems is mandatory. The extended and collaborative work environment enabled by eHealth solutions is a potential threat for security; in turn, security is a condition determining success in the uptake of these solutions. Even though the industry seems to be positively adopting electronic healthcare management, just 50% of respondents believe that the budget and commitment is in place to address security requirements necessitated by regulation,” said Silvia Piai, EMEA research manager, IDC Health Insights.

She adds “Despite organizations’ low commitment and budget, for 46% of EMEA health security executives, legal and regulatory requirements exposure is the greatest driver in justifying spend on information security. Fear of potential liability or exposure follows. IDC Health Insights advises that accepting vulnerabilities as a cost-saving measure would not be acceptable. Organizations must bring in the processes, commitment, and sufficient budget to ensure strong organizational security.”

The survey further reveals the top security threat perceived by healthcare organizations is employee error or accidental loss of sensitive information. Around 20% of EMEA healthcare organizations considered human error or accidents to be the biggest threat to information security, followed with malware. As healthcare organizations learn more about potential security threats, a security initiative taken by the majority of organizations is data protection/data loss prevention.

“Traditionally, healthcare providers have a siloed ICT infrastructure, and this has led organizations to add applications without evaluating what the feasibility of integration will be. This scattered and disjointed portfolio of applications obviously has information security implications, but healthcare system reforms are now driving toward a more integrated approach for healthcare services delivery. ICT has an enabling role in this transformation as it makes patients’ information available at the point of care. We recommend an IT risk assessment should be used not only to obtain a clear understanding of the IT risk profile of an organization, but additionally to address IT and security risks and provide assurance to senior management that the IT risks are being managed” concludes Silvia Piai.

The IDC Health Insights report, Business Strategy: How Secure is your Information Security Strategy? 10+1 Recommendations on Cyber Security for EMEA Healthcare Organizations” (Doc #HIOH02T), covers the fundamental issues around the evolving role of the chief information security officer, healthcare organizations’ commitment towards information security, and core information technology security initiatives. Also addressed in the document are security risk concerns pertaining to transformational innovation (including the emergence of mobile devices, cloud computing, and the embrace of social networking) and how healthcare providers are dealing with the perennial threat of security. Finally, it gauges respondents’ expectations around changes in IT security budgets over the next 12 months.