Healthcare Information and Management Systems Society 2022 Survey
The Healthcare Information and Management Systems Society (HIMSS) has launched the 2022 HIMSS Cybersecurity Survey. HIMSS is seeking input from healthcare cybersecurity professionals. The results of the survey will be used “to track trends in healthcare cybersecurity, record existing and emerging cybersecurity threats, and develop best practices to keep data secure within the healthcare ecosystem.”
The 2021 HIMSS survey showed phishing was by far the most common vector for successful attacks and only 34% in healthcare had MFA in use. Phishing and exploitation of reusable passwords will likely still be #1 in this year’s survey, making the top goal for 2023 a large increase in use of standards-based MFA.
As the industry has been working to address gaps resulting from rapid adoption of technology and increasing services which are customer facing, identifying the current attack paths/risks would help update assumptions on issues in Healthcare security. Past responses identified the most successful attacks used social engineering techniques - beyond merely phishing (spear phishing, vishing, whaling, business email compromise, SMS phishing) If you're in the industry please participate.
There exist ample public data over the past two years on cyber breaches that were successful against the healthcare sector. There also exist cybersecurity best practices that work for all critical infrastructure sectors, including the healthcare sector. Leverage those data sources as part of the survey.
I know there are cyber security professionals in the health care industry, please complete this survey if you are one of those!
We already know what to do. The number of successful ransomware attacks against the sector suggests that we are not doing it. Perhaps this survey will provide some visibility into the underlying reasons that we are not doing the essential and possible remedies for those.