Skip to content
Menu
menu

Illustration by iStock; Security Management

One-Third of Healthcare Security Practitioners Are Unsatisfied with Existing Security Frameworks

By Claire Meyer
30 October 2024

Today in Security

A recent survey of more than 200 healthcare security and IT professionals found that nearly one-third of them are not satisfied with their existing security frameworks, reflecting a broad industry struggle to keep pace with evolving threats—especially cyber threats.

Although 71 percent of practitioners surveyed said their organizations have implemented basic cybersecurity measures, such as firewalls and antivirus software, these are insufficient to handle the sophisticated cyberattacks that hospital networks have seen in recent years, according to HID Global's new report, Securing the Future of Healthcare: Insights into Security and Resilience Across the Organization.

Budget constraints are by far the most significant barrier healthcare security professionals face to implementing new technologies, cited by 74 percent of people surveyed. The financial pressure is exacerbated by a lack of executive support (cited by 31 percent of respondents) and the perception that security upgrades are not a top business priority (24 percent).

“However, the cost of inaction is likely to be far greater,” the report said. “The financial and reputational damage caused by a security breach can be devastating, not to mention the potential impact on staff and patient safety. It is imperative for healthcare leaders to recognize the long-term benefits of investing in robust security measures and to advocate for the necessary resources to protect people and their institutions.”

Healthcare institutions have faced significant challenges recently, both in workplace violence and cybersecurity issues. A February 2024 ransomware attack on Change Healthcare endangered the personal, financial, and health records of approximately 100 million Americans and cost the health system billions of dollars in incident response and recovery costs.

Physical assaults and violence also threaten hospitals’ ability to provide care. Earlier this month, the American Hospital Association (AHA) partnered with the FBI’s Behavioral Analysis Unit to launch a new resource page on mitigating targeted violence in healthcare settings. The partnership will also enable the AHA to offer a suite of resources to hospitals and health systems on threat assessment and threat management principles.

The survey also studied how healthcare facilities are implementing converged security solutions that blend digital identity, physical security, and cybersecurity measures.

“Traditional methods such as visual ID badges and lanyards remain widely used in the healthcare industry, serving as a key component of many facilities’ security strategies,” the report said. “However, these methods are increasingly being supplemented or, in some cases, replaced by digital credentials like mobile and biometric authentication.”

Nearly one-third of healthcare facilities reported using biometric authentication, and 11 percent have adopted facial recognition technologies. Many facilities still rely on visual ID methods, such as badges, in high-traffic zones, sensitive areas, or other places where physical confirmation of identity is a key security measure.

For visitor management, 38 percent of healthcare facilities still rely on paper forms and badges.

When it comes to convergence, 77 percent of survey respondents said it is important for their facilities to achieve integration between cyber and physical security systems.

“The convergence of cyber and physical security, often referred to as cyber-physical systems, enables healthcare facilities to respond more effectively to a wide range of threats,” the report explained. “For example, integrating cybersecurity systems with physical access control, visitor management solutions, and real-time location systems (RTLS) can prevent unauthorized access to sensitive areas by detecting and responding to potential threats in real time. RTLS further enhances security by allowing facilities to track the precise location of assets, staff, and visitors in real time, helping to manage security risks more effectively.”

Looking to the future of healthcare security, 55 percent of respondents said they anticipate greater reliance on artificial intelligence (AI) and automation in the next five years, with an emphasis on faster, more accurate threat detection. Two-thirds of respondents say physical and cybersecurity systems will continue to integrate, and 33 percent of facilities plan to adopt these integrated solutions.

 

Focus on Incident Report Writing

Incident Reporting: Is This Cornerstone of Your Enterprise Security Risk Management Sound?

Well-Written Incident Reports Are an Essential Element of Effective Public-Private Partnerships

The 4 Sections Your Incident Reporting Form Should Include

AI Meets Incident Reports: Considerations and Cautions for Field Use

Security History: The Watergate Break-in Incident Report

Best of Security Management

Tackling Burnout in the High-Stakes World of Security

Leaderless Resistance: Understanding and Countering an Amorphous Threat

Government Security Professionals Grapple with Following Procedure Amid DOGE Demands

Parking Security: Modern Solutions for Timeless Threats

Soft Skills Pay Off for Retailers Creating Safer Workplaces

United States Designates 8 Cartels as Terrorist Organizations
arrow_upward