The research, conducted by IDC's Health Insights operation, found that half of the organisations polled do not know the number and nature of security events that have occurred in their business operation in the past 12 months.
In its report – titled "Business Strategy: How Secure is your Information Security Strategy? 10+1 Recommendations on Cyber Security for EMEA Healthcare Organisations" – the research firm came up with a series of recommendations that it says will help IT executives in healthcare organisations maximise the benefits of their investments in information security.
At the same time, IDC says its recommendations will help to minimise the risk of security breaches and other events, while embracing new opportunities, such as cloud, social networking, and mobile devices.
According to IDC, healthcare is a highly "information-dependent" environment: patient clinical data are the key asset in the healthcare organisation and, as a result, data protection is a strategic issue.
Against this backdrop, the report notes that patient data protection became a stringent problem as healthcare providers' adoption of solutions aimed at enabling collaboration and information sharing, such as electronic health records, is increasing.
Silvia Piai, EMEA research manager with IDC Health Insights, said that, as healthcare organisations are only now entering the digital era, an extreme makeover of their information systems is mandatory.
"The extended and collaborative work environment enabled by eHealth solutions is a potential threat for security; in turn, security is a condition determining success in the uptake of these solutions", she said.
"Even though the industry seems to be positively adopting electronic healthcare management, just 50% of respondents believe that the budget and commitment is in place to address security requirements necessitated by regulation", she added.
Piai went on to say that, despite organisations' low commitment and budget, for 46% of EMEA health security executives, legal and regulatory requirements exposure is the greatest driver in justifying spend on information security.
Fear of potential liability or exposure follows, she explained, noting that, because of these issues, organisations must bring in the processes, commitment, and sufficient budget to ensure strong organisational security.
Delving into the report reveals that the top security threat perceived by healthcare organisations is employee error or accidental loss of sensitive information.
IDC reports that around 20% of EMEA healthcare organisations considered human error or accidents to be the biggest threat to information security, followed by malware.
As healthcare organisations learn more about potential security threats, IDC says that one security initiative that is being taken by the majority of organisations is data protection/data loss prevention.