New Trustwave Report Reveals Health Care Security Gaps

Ninety-One Percent of Health Care Workers Believe Their Organizations Are Cybercrime Targets

CHICAGO, IL--(Marketwired - October 13, 2015) - Trustwave® today released the 2015 Security Health Check Report -- based on a survey of 398 full-time health care professionals -- that quantifies the security snags and shortcomings facing the health care industry. According to the study, 91 percent of technical respondents believe criminals are increasingly targeting health care organizations; however, only 10 percent or less of their IT budget goes toward cybersecurity and protecting their patients' highly sensitive information.

The size of the global electronic healthcare record (eHR) system will grow at an annual rate of 5.5 percent and reach $22.3 billion by the end of 2015, up from $18.8 billion in 2012, according to a study by Accenture. With incentives from the federal Affordable Care Act to move away from paper records, organizations are increasingly adopting eHR systems to track patient information. As businesses make the shift, the expanding threat surface is creating a critical need for health care entities to test everything across databases, networks and applications.

"Today's health care industry is under attack. From hospitals to physicians to urgent care clinics, health care organizations are swimming in private data and must make security a priority in order to protect it," said Steve Kelley, senior vice president of product and corporate marketing at Trustwave. "Security challenges are nothing new for any business but the level of distress exponentially increases when someone's life may actually depend on the protection of sensitive data."

Key findings in the 2015 Security Health Check Report from Trustwave include:

  • Health care under fire: 91 percent of technical respondents believe criminals are increasingly targeting health care organizations, compared to 77 percent of non-technical respondents who believe similarly.
  • Patients are a virtue: 79 percent of technical respondents and 77 percent of non-technical respondents are most concerned about losing patient data, above other types of information, if their organization is breached.
  • Cognitive disconnect: 77 percent of non-technical respondents believe criminals are increasingly targeting health care organizations, but an overwhelming majority (86 percent) believe their organization has not experienced a breach.
  • No compromise over compromised data: 74 percent of technical respondents are concerned about their organization getting breached, compared to 51 percent of non-technical respondents.
  • Security expertise gap: 35 percent of technical respondents said their company does not have enough staff and security expertise dedicated to security.
  • Guessing, not testing: More than a third (34 percent) of technical respondents say their business performs vulnerability testing just once a year.
  • Under the knife: Nearly a quarter (23 percent) of technical respondents said their organization has experienced a breach, yet studies have shown the rate to be much higher.
  • Fatal budget diagnosis: Half of technical respondents said 10 percent or less of their overall IT budget goes toward cybersecurity. And 27 percent reported their annual security budget has not changed in the past year.
  • Don't blame us: 65 percent of non-technical respondents believe that external threats pose more of a concern than insider threats (35 percent).
  • Health care lacks the cure: A quarter of non-technical respondents believe their organizations don't have incident response plans.

To obtain as complete a perspective as possible, the report is organized into two sections: One features technical respondents (predominantly CIOs, CISOs, IT managers, IT directors and IT vice presidents), while the other features non-technical respondents (predominantly doctors, nurses, senior executives, board members, office managers, office administrators, and finance professionals).

To download a complimentary copy of the report, which includes a list of recommendations for health care organizations, visit:


Trustwave commissioned a third-party research firm to survey 398 full-time health care professionals. The objective of the survey was to measure the challenges facing health care organizations of all sizes and the security awareness and expectations of their employees. Survey takers consisted of 198 technical respondents and 200 non-technical respondents. The survey was deployed through emails and analyzed in September 2015. Results have a margin of error of +/- 5 percent.

About Trustwave

Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit

All trademarks used herein remain the property of their respective owners. Their use does not indicate or imply a relationship between Trustwave and the owners of such trademarks.

Contact Information:

Cas Purdy