2022 HIMSS Cybersecurity Survey Collecting Responses from Healthcare Professionals

HIMSS has launched the 2022 HIMSS Cybersecurity Survey to gather responses from healthcare cybersecurity professionals to help the industry understand critical security issues.

Healthcare cybersecurity professionals are invited to take the survey: 2022 HIMSS Cybersecurity Survey

Since 2008, HIMSS has conducted this annual survey to track trends in healthcare cybersecurity, record existing and emerging cybersecurity threats, and develop best practices to keep data secure within the healthcare ecosystem.

Individual survey responses remain confidential, and the results are published in aggregate.

Results of the survey will be available in early 2023 in a report outlining benchmarks, critical needs, progress and actionable insights for healthcare professionals. Findings will also be used to educate policymakers on Capitol Hill.

For example, the 2021 HIMSS Healthcare Cybersecurity Survey found that phishing and ransomware were the most significant security incidents for healthcare organizations of all types.

A majority of respondents (57%) reported that the most significant security incident typically involved phishing. Specifically, the types of phishing reported included the following: general email phishing (71% of respondents), spear-phishing (67%), voice phishing/vishing (27%), whaling (27%), business e-mail compromise (23%), SMS phishing (21%), phishing websites (20%) and social media phishing (16%). 

The initial points of compromise in cybersecurity incidents were typically phishing (71% of respondents) as well as human error (19%), social engineering (15%) and legacy software (15%). Accordingly, greater emphasis needs to be placed on security awareness programs (e.g., phishing and other types of social engineering), insider threat detection and mitigation and replacing or upgrading legacy (unsupported) software, if feasible.

Results also showed cyber-attackers often targeted financial information. Moves toward robust healthcare cybersecurity was stymied by tight budgets, growing legacy technology footprints and a haphazard patchwork of security controls.