14 DAY TRIAL // The Ponemon Institute has conducted a study on behalf of Tripwire regarding risk-based security management in the pharmaceutical and healthcare industries. The report reveals that these industries are falling behind compared to others when it comes to implementing critical security controls.
70% of the 1,320 respondents noted that security communications with their organizations’ senior executives are not efficient, mainly because these communications are contained in one department.
Furthermore, only 58% of those who took part in the survey had fully or partially implemented control and security configuration management. Just over half of respondents say they identify security risks by using formal assessments.
The study highlights the fact that the size and the number of Health Insurance Portability and Accountability Act (HIPAA) fines have increased over the past period.
At the beginning of 2013, the US Department of Health and Human Services (HHS) issued a new rule to enhance the security and privacy protections for health information.
However, the healthcare and pharmaceutical industry are still a long way from where they should be. For instance, this summer, Affinity Health Plan and WellPoint were both fined with over $1 million (€750,000) each for HIPAA violations.
“It is true that healthcare organizations rank better than average in some areas of this survey, but there is still a lot of room for improvement,” noted Dwayne Melancon, chief technology officer for Tripwire.
“About half of healthcare and pharmaceutical organizations are not using any kind of formal risk assessments, and they are also far less open to challenging current assumptions. Both of these factors could cause them to be blindsided by the increasing number of cybersecurity threats to their businesses.”
The State of Risk-Based Security Management report is available on Tripwire’s website.