Doctors Diagnose Organizations' Cybersecurity as Weak - eMarketer

Newsletters Sign-Up

Plans & Pricing

Does My Company Subscribe?

Doctors Diagnose Organizations' Cybersecurity as Weak

Email and messaging systems are the information technologies that pose the greatest security threat

July 15, 2015

Doctors don’t think their cybersecurity is too healthy. In a June 2015 study by MedData Group, fewer than four in 10 US physicians said their organizations’ ability to counter cybercrime was above average or excellent. Meanwhile, almost the same percentage said it was merely adequate, and more than a fifth admitted it was below average.

US Physicians' Ratings of Their Organization's Ability to Counter Cybercrime, June 2015 (% of respondents)

The study found a disparity in confidence depending on practice size. Twice as many doctors at practices with more than 16 members rated their organizations above average compared with those from smaller practices. However, doctors as a whole were far more pessimistic about the state of their cybersecurity compared with hospital professionals; nearly three times as many said their organization was below average.

Doctors and hospital professionals agreed on something else, though: the most-pressing threats to cybersecurity at their organizations. Fully 68% cited malicious outsiders as a risk, 65% compromised applications such as malware or hacked mobile apps, and 40% application, systems or network failures.

Email and messaging systems were the information technologies that posed the greatest security threat, cited by 62% of healthcare professionals—though broken down, nearly three-quarters of hospital administrators and health IT professionals said this, vs. half of physicians.

Just over half (51%) of MedData respondents pointed to electronic health records (EHRs) as a risk. This presents a good opportunity for EHR system sellers, based on Q1 2015 polling by Software Advice. Among US healthcare providers polled, 60% said they had replaced an existing EHR system, indicating that they’ve gone from simply replacing paper records to adopting more sophisticated tech—and one that emphasizes security may fare better.

While data-rich mobile health tools keep doctors and patients in sync, 46% of MedData respondents said mobile communications devices posed a security threat. One-third said the same about patient portals.

Compliance with standards and regulatory requirements was the most-cited driver for securing sensitive data in a healthcare organization, cited by 88%. Responding to new or emerging threats (44%), the ability to recover quickly from a breach incident (36%) and improving efficiency and lowering cost of operations (26%) trailed much further behind.


  • Go beyond the articles:

    eMarketer Products

    You've never experienced research like this.

  • Hear from our clients:

    Customer Stories

    Nearly all Fortune 500 companies rely on us.

  • Want to learn more?

    Contact Us

    Inquire about corporate subscriptions today.