Safe & Sound with Marianne Kolbasuk McGee

A Tool for Benchmarking InfoSec Efforts

In-Depth Report on New Survey Reveals Priorities, Budgets
A Tool for Benchmarking InfoSec Efforts

What are your information security priorities and budget plans for this year? You can benchmark how your plans compare to your peers by checking out a new in-depth report that analyzes the findings of the 2014 Healthcare Information Security Today survey.

See Also: Webinar | Mythbusting MDR

The report is now available online.

The new national survey of healthcare organizations, sponsored by (ISC)², shows top information security priorities for this year include improving regulatory compliance; improving security awareness and education for physicians, staff, executives and board; and preventing and detecting breaches.

But half of survey respondents say they have to achieve their goals with a security budget that's flat with last year's; only a third expect an increase. And more than half of respondents expect their information security budgets to amount to 6 percent or less of their total IT budgets.

Our new online handbook includes in-depth analysis from a large roster of privacy and security experts.

Plus, we're also offering a free webinar that summarizes the results and offers analysis by a panel of experts, including Michael Bruemmer, vice president of Experian Data Breach Resolution at Experian Consumer Services; Bob Chaput, CEO at consulting firm Clearwater Compliance; and Brian Evans, principal at security consulting firm Tom Walsh Consulting.

And you can learn even more by listening to interviews about the survey with Kate Borten, founder and president of The Marblehead Group; Jeff Cobb, CISO at Capella Healthcare; and Andrew Hicks, director and healthcare practice lead at Coalfire.

The Healthcare Information Security Today survey handbook, plus the related webinar and interviews, provide deep insights into a long list of information security and privacy trends for this year, including technology implementations, such as encryption and multi-factor authentication; mobile security; patient Web portals; and HIPAA Omnibus compliance challenges.

Even though so many large health data breaches have involved lost or stolen unencrypted devices or media, our survey found that less than half of organizations are applying encryption for mobile devices and media.

Encryption "is as close as you can get to a 'get-out-of-jail-free' card if, in fact, you do have a data breach," Bruemmer notes, because, for example, if an encrypted device is stolen, that's not considered a breach by the Department of Health and Human Services.

What's your reaction to our survey results? I encourage you to offer your insights in the space below.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.