Survey results from Level 3’s study on healthcare security shows that most healthcare companies use multiple methods to protect against breaches.

Level 3 study shows health-care companies’ growing concerns for cybersecurity

BROOMFIELD — Level 3 Communications Inc. (NYSE: LVLT) has a new study that shows the biggest threats to cybersecurity in health care are lack of employee awareness and education.

The study, conducted by HIMSS Analytics and sponsored by Level 3 Communications, was designed to identify IT security concerns in the health-care industry.

The study found that 80 percent of the 125 survey participants were most concerned about employees’ security awareness and how that could expose them to threats.

Most organizations, however, employ multiple methods of mitigating risk. About 87 percent leverage remote access and secure access controls, 85 percent use employee security awareness programs and 75 percent use security consulting services.

About 95 percent of participants said the most important IT thing to have working at all times. There is still mostly modest concern regarding security breaches within hospitals, said Bryan Fiekers, HIMSS Analytics’ senior director for research services. However, providers are looking at closer relationships with network providers to maintain cybersecurity.

“The security threats the healthcare industry is facing are real and they’re only increasing in volume and sophistication as bad actors continue to seek out coveted protected health information,” Chris Richter, senior vice president for global security services at Level 3, said in a prepared statement. “Aside from fostering and maintaining a culture of security, which includes regular employee security training, healthcare organizations should implement a security governance framework and appropriate technology controls. These include threat intelligence, [distributed denial of service] mitigation and next generation firewalling and sandboxing — all critical next steps for healthcare providers to secure their networks.”

To conduct the Web-based study, IT leaders, C-Suite Executives and IT professionals in U.S. hospitals, healthcare companies and facilities were contacted between Jan. 17 and Feb. 10.