Poll Finds Healthcare Cybersecurity Needs Managed In-House

Larger organizations look to in-house healthcare cybersecurity approach, poll finds.

Source: Thinkstock

By Elizabeth Snell

July 25, 2017 – Nearly half of healthcare professionals – 47 percent – said that their organization utilizes a mix of in-house and outsourced healthcare cybersecurity needs, according to the latest Medical Group Management Association (MGMA) Stat poll.

Thirty-one percent of respondents said that they manage their cybersecurity in-house, with 21 percent reporting they outsource healthcare cybersecurity requirements.

Internal staff not having the capability to do everything was the main reason why an organization would use a combination of in-house and outsourced cybersecurity needs, poll participants explained.

A healthcare organization’s size may also have an effect on the cybersecurity approach, the poll indicated. For example, larger organizations were more likely to manage their cybersecurity entirely in-house. Many respondents who cited in-house cybersecurity were part of a hospital system or other large organization.

The MGMA Stat poll also found that 55 percent of healthcare professionals feel that their organization’s IT infrastructure is secure against potential attacks. Just 15 percent of those polled said that their entity was not secure, while 15 percent reported that their organization was “working on it.”

The MGMA Cost and Revenue Survey also indicated that overall profitability is impacted by rising IT and drug costs.

Adopting non-physician providers and support staff were also found to be key factors driving more profitable and productive healthcare groups, according to MGMA. This affected organization revenue, but could also have a potential impact on cybersecurity.

Practices with a higher non-physician provider (NPP) to physician ratio earn more in revenue after operating cost than practices with fewer NPPs, regardless of specialty.

“Our annual Cost Survey continues to show the importance of NPPs and support staff in physician practices and hospitals, as well as other factors that impact practices’ bottom line” said MGMA President and CEO Dr. Halee Fischer-Wright, MD, MMM, FAAP, CMPE. “Contrary to what some may believe, with increased staffing come much larger gains in revenue after operating cost, as well as productivity.”

More organizations are looking into hiring cybersecurity staff to increase healthcare data security approaches.

Research published in the Journal of AHIMA found that there was a large increase in healthcare privacy and security job postings, indicating that the health information management (HIM) profession is continuing to evolve.

For example, positions requiring the Certified in Healthcare Privacy and Security (CHPS) or Healthcare Information Security and Privacy Practitioner (HCISPP) credentials have increased by more than 1,400 percent since 2014.

“Both the CHPS and HCISPP levels have remained high as 2017 began,” the researchers wrote. “The authors interpret these numbers to indicate a sharp increase in industry demand for healthcare professionals with credentials in privacy and security.”

Researchers added that hat both data analytics and privacy and security HIM specialty areas are likely to continue to increase in demand over the next few years.

“The changes in HIM have been happening rapidly in this age of technological development. Implementation of the electronic health record (EHR) has been the largest contributor to the changes,” the team stated. “The EHR has changed the way health information is managed, resulting in the need to train future HIM professionals in new educational competencies that align with evolving career opportunities.”

Healthcare cybersecurity training is becoming an increasingly necessary aspect to maintaining data security.

The Global Information Security Workforce Study (GISW) found that healthcare organizations plan to expand staff by 20 percent or more – higher than any other industry surveyed. Specifically, 9 percent of healthcare respondents said they needed to increase their staff between 16 and 20 percent. One-third said it needed to increase by more than 20 percent.

(ISC)² Director of the North America Region Dan Waddell explained in a previous interview with HealthITSecurity.com that healthcare is a popular target because it holds troves of sensitive information. This can be particularly troublesome for organizations with the rise of ransomware.

“Today what we are seeing is there are a lot of small and medium-sized healthcare offices, doctors, ‘mom-and-pop shops,’ that just do not have the expertise on staff to be able to prevent or respond to the attacks that are happening,” Waddell said.

“What you’re seeing is, these small and medium-sized healthcare offices, since they do not have the qualified cybersecurity staff on hand, their first knee-jerk reaction is to simply pay the ransom,” he added. “And that is not the first response people should be taking.”