HIPAA Firewall Trends

2020 HIPAA Firewall Trends

How Is Healthcare Doing With Firewalls?

Over the past three years, we interviewed over 150 healthcare professionals responsible for HIPAA compliance (i.e., 61 professionals in 2019, 40 in 2018, and 51 in 2017) about their firewall practices, policies, and procedures. This infographic is an analysis of their collected responses.

2019 SUMMARY

• 25% don’t know what firewall(s) their organization uses.
• 59% review their firewall rules at least annually.
• 56% use a third party to manage their network’s firewall(s).
• 27% segment their network (through firewall segmentation, VLANs, SDN).
  

Types of Firewalls Organizations Use

All networks (whether small or large) need both a hardware and software firewall, as well as a web-application firewall for all public-facing web applications.

2019 Data

• Hardware firewall: 41%
• Software firewall: 31%
• Web application firewalls: 15%
• Don't know: 25%
• We don't use firewalls: 5%

2018 Data

• Hardware firewall: 78%
• Software firewall: 35%
• Web application firewalls: 13%

2017 Data

• Hardware firewall: 20%
• Software firewall: 18%
• Both: 31%
• Don't know: 31%

2016 Data

• Hardware firewall: 31%
• Software firewall: 24%
• Both: 18%
• Don't know: 27%
  

How often firewall rules are reviewed

A security professional should regularly review your firewall rules (e.g., at least quarterly).

2019 Data

• Never: 10%
• Don’t know: 31%
• Annually: 22%
• Semiannually: 12%
• Quarterly: 7%
• Monthly: 15%
• Weekly: 3%

2018 Data

• Hardware firewall: 41%
• Never: 10%
• Don’t know: 50%
• Annually: 18%
• Semiannually: 7%
• Quarterly: 8%
• Monthly: 5%
• Weekly: 2%

2017 Data

• Never: 0%
• Don’t know: 45%
• Annually: 10%
• Semiannually: 0%
• Quarterly: 16%
• Monthly: 16%
• Weekly: 13%

2016 Data

• Hardware firewall: 41%
• Never: 7%
• Don’t know: 41%
• Annually: 13%
• Semiannually: 0%
• Quarterly: 17%
• Monthly: 13%
• Weekly: 9%

Network firewalls managed by a security professional or third party

Though not required, managed firewalls can help organizations with complex firewall rules and firewall management.

2019 Data

• Don’t use firewalls: 5%
• Don’t know: 18%
• In-house security professional: 21%
• Third-party vendor: 44%
• Both: 12%

2018 Data

• Don’t use firewalls: 2%
• Don’t know: 7%
• In-house security professional: 18%
• Third-party vendor: 60%
• Both: 13%

2017 Data

• Don’t use firewalls: 0%
• Don’t know: 16%
• In-house security professional: 10%
• Third-party vendor: 74%
• Both: 0%

Organizations segment their network

Though not required, firewalls can be used to implement network segmentation within an organization’s network.

2019 Data

• 27% Yes
• 42% No
• 31% Don’t know

HIPAA TAKEAWAYS SINCE 2018

• 47% decrease in organizations that use hardware firewalls.
• 11% decrease in organizations that use software firewalls.
• 48% increase in organizations that review firewall rules at least annually.
• 8% decrease in organizations that use both a third party and an in-house professional to manage their firewall(s).
  

Click Here to Download: Guide to HIPAA Compliance

2017 HIPAA Firewall Trends

http://info.securitymetrics.com/how-is-healthcare-doing-with-firewalls