Healthcare cybersecurity plans affected by equipment shortages, according to the latest CDW report

Healthcare cybersecurity plans affected by equipment shortages, according to the latest CDW report

In the whirlwind of the digitized healthcare landscape, IT teams have got their hands full. From keeping up with security best practices and evolving threats, all whilst juggling other initiatives, staff turnover, and skill shortages, they certainly have a lot on their plates. And it's not just limited to the usual suspects; with an influx of phishing and ransomware attacks on the rise, cybercriminals are now adding AI-powered cyberattack methods to their arsenal.

As per recent research conducted by CDW, only 14% of healthcare IT leaders declared their organizations' IT security teams as fully staffed. Most organizations (57%) discussed occasional staffing needs with a desire for more help. But, nearly 30% of IT leaders voiced concerns over understaffing, with some declaring their health IT teams to be severely understaffed.

Stephanie Hagopian, Vice President of Security for CDW, expressed, "A lot of organizations are experiencing pain because the security workforce is not large enough. Staffing issues tend to pervade, and automation is definitely an effective way to contend with those staffing challenges."

Automation tools supporting health IT teams can be a game-changer, particularly in managing routine maintenance tasks, one of the leading stressors reported by health IT leaders. Unfortunately, many organizations lack the budget to invest in such security initiatives. More than a quarter of those surveyed indicated that their organizations lack sufficient budgetary resources for cybersecurity.

The report delves into the state of healthcare security teams, outlining effective solutions, and providing strategies for healthcare organizations to overcome challenges related to staff and budget shortages.

Navigating the Maze of Healthcare Cybersecurity

Gaining a clear picture of an organization's IT ecosystem is crucial for detecting and responding to cyberattacks. However, only 47% of health IT leaders surveyed are very confident they have sufficient visibility into their organizations' cybersecurity landscapes. This leaves more than a third of leaders feeling somewhat confident, with nearly 8% citing that they are somewhat or very unconfident.

When it comes to improving visibility into healthcare environments, IT leaders find network monitoring, identity and access management, security information and event management (SIEM), and endpoint security tools to be the most effective.

Buck Bell, leader of CDW’s Global Security Strategy Office, stresses, "Cybersecurity problems can affect every aspect of an organization’s operations, not just IT functions. The more holistic your view of the enterprise as a whole - not only the specific cyber risk itself but also the business impacts that are associated with it - typically, the more successful you're going to be in your cyber resilience aims."

Bites and Stings: Budget and Training Challenges for Healthcare Cybersecurity

Roughly a quarter of respondents indicated that their organizations lack sufficient budgetary resources, making the upper echelons' reporting an additional source of stress for IT leaders.

Justifying increased security investments can be a hurdle, yet highlighting its positive impact on operational efficiencies or simplifying logins with single sign-on is a proven method. Other effective tactics include outlining the cost of a data breach to the organization, explaining the cost of regulatory fines, supporting brand trust, and tying the security budget to larger initiatives like digital transformation projects or a modern workplace initiative.

According to the report, retaining IT security staff is most effectively achieved by ensuring proper resource coverage, providing certification and education opportunities, and equipping the team with a robust tool budget. Health IT leaders have also reported that security training is seen as helpful in more than three-quarters of organizations, though approximately 34% of healthcare leaders say their organizations lack sufficient or effective employee training for cybersecurity.

Buck Bell explained, "Developing your workforce is really essential so that your team is better equipped to handle the dynamic threat landscape. As a byproduct of comprehensive people development that's focused not only on technology operations but also on methodologies, processes, and frameworks, it will make your people feel more valued within your organization."

Having better enablement and training for the people was cited as a desired improvement by many respondents. The report recommends employing strategies that facilitate comprehensive people development—focusing on technology operations, methodologies, processes, and frameworks—to empower the team. Additionally, taking a holistic approach to approaching cyber risk as business risk will further strengthen cyber resilience aims.

1. In the digital healthcare landscape, automation tools can be a game-changer for understaffed health IT teams, especially in managing routine maintenance tasks, which are leading stressors for health IT leaders.
2. With budget shortages being a common issue for healthcare organizations, justifying increased security investments by highlighting its positive impact on operational efficiencies or simplifying logins with single sign-on can be an effective strategy.

Read also: