Health care orgs fall short on software security
A recent study confirmed what security professionals have long suspected: The health care sector lags behind other high-visibility industry sectors regarding software security. The number of health care breaches, including Anthem and Premera Health this year alone, hint at underlying issues in software security practices.
Health care organizations tended to score lower than their counterparts in financial services, independent software vendors, and consumer electronics, according to Cigital’s latest Building Security in Maturity Model (BSIMM) released Monday. In its sixth iteration, the BSIMM is based on findings obtained through in-depth interviews with the most senior person in charge of software security at 104 participating organizations, as well as with all the individuals who reported to the executive. This is the first time information obtained from health care organizations was included in the model.