HISA to conduct second healthcare cybersecurity survey

The Health Informatics Society of Australia's (HISA) cybersecurity community of practice group is holding its second survey of the current state of cybersecurity across the Australian healthcare sector.

The results will be compared to the 2017 survey which found that organisations that took cybersecurity seriously were more likely to ensure that they had a dedicated budget, a senior security leader, staff for managing cybersecurity, and a formal business plan in place.

However, it also found that 22 per cent of healthcare organisations continued to use end-of-life systems without vendor support, raising the risk of data breaches.

The survey found that 40 per cent of organisations deploy operating system patches and updates within 48 hours of availability, with another 32 per cent doing so only after extensive testing by the IT team.

However, 15.5 per cent updated them after a few weeks and 6.2 per cent did not patch at all because of legacy and end of life systems.

“While 6.2% may seem small relative to the other organisations, if the organisations within the 6.2% was a major tertiary referral hospital, the implications for patient care may be significant in the event of system failure,” the survey says.

“Should we tolerate healthcare services operating end of life systems at all?”

In other findings, the survey showed that:

  • Almost two-thirds (65.5%) of organisations had a formal business or governance plan which included managing cybersecurity issues
  • Less than half (46.5%) of organisations employ a senior information security leader who has responsibility for assuring cybersecurity
  • More than two thirds (68.3%) of organisations employ staff that have specific responsibility for managing cybersecurity
  • Less than one third (31.7%) of organisations have dedicated budget for managing cybersecurity.

The 2018 survey is available now, and will close on September 15. Click here to take part.

Posted in Australian eHealth

Tags: HISA

You need to log in to post comments. If you don't have a Pulse+IT website account, click here to subscribe.

Sign up for Pulse+IT eNewsletters

Sign up for Pulse+IT website access

For more information, click here.

Copyright © 2018 Pulse+IT Magazine
No content published on this website can be reproduced by any person for any reason without the prior written permission of the publisher.