Hospital web security survey shows 'troubling' efforts in place

Despite the prevalence of health data breaches and cybersecurity threats, many hospitals have surprisingly weak web security programs.

That's the finding of a survey conducted by HIMSS Analytics and Akamai, a content delivery network.

More than one-third (39 percent) of hospitals surveyed don't have a web application firewell on their premises. This is considered the most traditional line of defense against web application attacks.

Only 42 percent have have implemented distributed denial of service (DDoS) protection solutions, with another 13 percent planning to implement such a solution. "This leaves 35 percent of healthcare organizations vulnerable to a type of cyberattack that is increasing in frequency and size across all industries, including healthcare, and is a significant threat to network availability," according to the survey. Only 21 percent respondents use a cloud web application firewall solution and 17 percent plan to implement one. But, those with plans to implement are very large hospitals even though hospitals of all sizes have the same level of vulnerability to cyberattack. Almost one-quarter (23 percent) said they have no web security programs in place at all. Nearly half of those respondents are from hospitals with 200 beds or more. Healthcare organizations seem to understand part of the cause of their vulnerability, with 57 percent saying that they “Somewhat Agree,” “Agree” or “Strongly Agree” with the statement “Requirements for interoperability with entities and systems outside of my organization’s network is a security issue my organization faces.” But, 61 percednt of respondents said that they “Somewhat Agree,” “Agree” or “Strongly Agree” with the statement “My organization is adequately protected against web application attacks.” The survey "indicates a troubling reality relating to cybersecurity in healthcare: Since web-based attack methods become more pervasive as the healthcare industry becomes more connected, healthcare organizations need to increase their sense of urgency and their investment in implementing fundamental web security solutions," according to Akamai and HIMSS Analytics.