HISA to conduct second healthcare cybersecurity survey
The Health Informatics Society of Australia's (HISA) cybersecurity community of practice group is holding its second survey of the current state of cybersecurity across the Australian healthcare sector.
The results will be compared to the 2017 survey which found that organisations that took cybersecurity seriously were more likely to ensure that they had a dedicated budget, a senior security leader, staff for managing cybersecurity, and a formal business plan in place.
However, it also found that 22 per cent of healthcare organisations continued to use end-of-life systems without vendor support, raising the risk of data breaches.
The survey found that 40 per cent of organisations deploy operating system patches and updates within 48 hours of availability, with another 32 per cent doing so only after extensive testing by the IT team.
However, 15.5 per cent updated them after a few weeks and 6.2 per cent did not patch at all because of legacy and end of life systems.
“While 6.2% may seem small relative to the other organisations, if the organisations within the 6.2% was a major tertiary referral hospital, the implications for patient care may be significant in the event of system failure,” the survey says.
“Should we tolerate healthcare services operating end of life systems at all?”
In other findings, the survey showed that:
- Almost two-thirds (65.5%) of organisations had a formal business or governance plan which included managing cybersecurity issues
- Less than half (46.5%) of organisations employ a senior information security leader who has responsibility for assuring cybersecurity
- More than two thirds (68.3%) of organisations employ staff that have specific responsibility for managing cybersecurity
- Less than one third (31.7%) of organisations have dedicated budget for managing cybersecurity.
The 2018 survey is available now, and will close on September 15. Click here to take part.
Posted in Australian eHealth