According to the Kaseya 2018 State of IT Operations survey report, improving IT security, reducing IT costs and delivering higher service levels are among the top IT priorities for the healthcare industry.
Data security has become critical to the healthcare industry as patient privacy hinges on HIPAA compliance and the secure adoption of electronic health records. This is indicated in the survey, with 78% of the respondents naming HIPAA as the most critical compliance requirement adopted by the industry, and 19% of the respondents seeing cybersecurity and data protection as the top technological challenge in 2019.
However, are the right measures being taken by the industry to secure this data?
Carrying out regular IT audits can help identify security gaps and issues that can be addressed before a breach occurs. In the survey, 84% of respondents regularly engaged in audit processes, with 72% auditing OS information, 62% auditing the installed software, and 55% auditing computing information such as CPU, RAM, and disk.
Confidential patient information is usually stored in emails, files, print servers, document libraries (e.g. SharePoint), and access databases. These are all generally backed up. But while 63% of the respondents mentioned Office 365 as the most used SaaS application, 54% did not protect their SaaS data with any backup and recovery solution.
Backup and data recovery in healthcare is critical for recovering data during cyberattacks or natural disasters. To ensure an organization can quickly come online after a network outage (50% of the respondents stated to have 2-4 outages in the past year which have lasted longer than 5 minutes), a seamless recovery plan compliant with HIPAA is essential.
While 93% of the respondents in the survey back up their servers, and 71% back up their data locally and off-site, only 43% can automatically recover to a separate site.
Optimizing IT Efficiency
When it comes to optimizing IT efficiency, centralized anti-virus/antimalware scanning, data storage, remote device access/control, server monitoring and network monitoring are the top five approaches.
Cybercriminals recognize hospitals and healthcare as large and potentially vulnerable targets. Ransomware attacks can lock-up patient-electronic medical records, and even backup files.
With ransomware attacks such as WannaCry, which infected more than 230,000 computers across 150 countries and incurred damages in the billions, it is a good thing healthcare companies are so keen on anti-virus and antimalware solutions.
Ransomware also reminds us of the criticality of patch management. Like with most cyberattacks, ransomware can be largely avoided through the proper use of software patches. The good news — 67% of the respondents apply critical OS patches within 30 days of release,
To read the complete 2018 IT Ops Benchmark survey, click here.