Assessing Healthcare IT Security Risks 2019

Question Title

* 1. Indicate how your healthcare organization most often determines what to prioritize in your security program.

We use a risk-based approach

We occasionally look at changes to our business strategy

We regularly look at the parts of the program that need to mature

Our budget allocations determine our security priorities

Other (please specify)

Question Title

* 2. Who handles operational security at your hospital/healthcare facility?

IT Security Department

Exclusively other teams. Rely on partners to implement security controls

Shared

Other (please specify)

Question Title

* 3. How is your hospital/healthcare organization's security function organized?

Centrally aligned security teams

Purely decentralized security

Hybrid. Some form of blended accountability.

Other (please specify)

Question Title

* 4. How far out does your healthcare organization's security team build its strategic roadmap?

less than 6 months

6 months to 1 year

1 - 2 years

2 - 3 years

3 years and longer

Question Title

* 5. Which of these most affects your hospital/healthcare organization's security program?

Agile/DevOps

BYOD

Consumerization of IT/Shaow ID

Increased regs or compliance

Mobile / IoT

IT Automation/API-level integrations

Mobility (Smartphones and Tablets)

Cloud Saas

Cloud IaaS

Ubiquitous Internet Access

Weaponization of the Internet/State-sponsored espionage

Work / Life Integration

Other (please specify)

Question Title

* 6. Which of these least affects your hospital/healthcare organization's security program?

Agile/DevOps

BYOD

Consumerization of IT/Shaow ID

Increased regs or compliance

Mobile / IoT

IT Automation/API-level integrations

Mobility (Smartphones and Tablets)

Cloud Saas

Cloud IaaS

Ubiquitous Internet Access

Weaponization of the Internet/State-sponsored espionage

Work / Life Integration

Other (please specify)

Question Title

* 7. What are your top three security risks?

Malware Outbreak

Breach of sensitive patient information

Breach of sensitive hospital (non-patient) information

Malicious outsider threat

Malicious insider threat

Advanced persistent threats

BYOD management and security

Privacy, regulatory, HIPAA compliance

Identity Management

Third party/supply chain security

End user training

Asset management

Cloud security

IT continuity

People security

Server security

Cyber threats intelligence

Governance

Insider unintentional threat

Other (please specify)

Question Title

* 8. Which endpoint-targeted security controls will be your hospital/healthcare organization's top priorities in the next 3-5 years? (Multiple Selections Allowed).

Health information protection and control

Anti-malware

Server security

Enterprise endpoint management (proactive, reactive)

Sandboxing / containerization (enterprise / patient)

Consumer/patient patching, field upgrades

Incident response automation, orchestration

Other (please specify)

Question Title

* 9. Which mobility /IoT security control will be most important to your healthcare organization in the next 3-5 years?

Information protection and control (DLP, tracking, masking, encryption)

Enterprise endpoint/ app / security posture management

Threat management

Vulnerability management

Other (please specify)

Question Title

* 10. Which of these Messaging, File/Doc Sharing controls will be a top priority for your hospital/healthcare organization in the next 3-5 years?

Information protection and control (DLP, masking, encryption)

Antivirus / antimalware

Antispam/ antiphishing / brand reputation

Encryption / encryption key management

Social media / social networks content filtering

Other (please specify)

Question Title

* 11. Which of these Infrastructure controls will be a top priority for your hospital/healthcare organization in the next 3-5 years?

Health information protection (DLP, masking, encryption)

Web application firewall

Encryption / encryption key management

Database firewall / activity monitoring

Sandboxing / process isolation lightweight containers

Other (please specify)