Healthcare is falling behind other industries in prioritizing and attending to security concerns, according to a new report from security company ForeScout based on a survey conducted by IDG Connect. It's particularly true in the area of mobile device security, the report found.
IDG surveyed 1,596 IT decision makers across the healthcare, education, financial, retail, and manufacturing markets. Twenty-two percent of those surveyed, or about 350 individuals, came from the healthcare sector. Those surveyed came from the UK, the US, and the DACH region of Europe which includes Germany, Austria, and Switzerland.
The biggest problem in healthcare relative to other industries seems to be with mobile device security. Overall, mobile device usage was given low security ratings for poor policy definitions, poor technical controls and poor mitigation capabilities by 60 percent of respondents. In healthcare, however, 65 percent gave mobile device security a low rating in those categories. In the category of discovery and remediation of noncompliant devices, 57 percent of those in all industries gave their vertical a poor security rating compared to 62 percent in healthcare.
Other parts of the report indicated that the healthcare industry was safer than other industries from phishing and targeted attacks, but more at risk than others for unsanctioned device use and data leakage. In fact, 60 percent of healthcare respondents said data leakage had been a major problem for them in the past 12 months, compared to less than 55 percent generally. The data leak problem was exceptionally widespread among healthcare respondents from the European countries represented.
Healthcare workers were prioritizing the mitigation of mobile device-related problems, too. Just 40 percent of respondents in the large group rated mobile device management as providing significant benefits to threat mitigation, whereas 46 percent of healthcare respondents rated it that way.
Respondents were asked whether preventing security problems had become easier or more difficult in recent years. Interestingly, the healthcare sector respondents were less likely than the average respondent to say they had become more difficult -- 45 percent of healthcare respondents said it was harder now, compared to 49 percent of the whole group. Healthcare respondents in the US specifically were also more optimistic than others that the tools to combat security problems (specifically, perimeter threats) would be improved in the next 12 months. While only 20 percent of all respondents were confident of an improvement, 32 percent of US healthcare respondents were.
Though its interesting to see it juxtaposed against other industries (which you can see in the full report), the notion that mobile devices are the top data security threat in healthcare is nothing new. A report last July from the Ponemon Institute said that 69 percent of healthcare IT and data specialists thought mobile devices were the greatest data protection risk to regulated data.