CynergisTek announced the release of its annual report, “Improving Readiness: Meeting Cyber Threats.” The report focuses on a key question that many boards and executives are asking today, “How ready are we for a cyber event?” It provides a sobering analysis of how healthcare organizations measured against the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), which outlines best practices for healthcare organizations to follow to manage risks associated with cybersecurity.
CynergisTek’s 2018 report aggregated ratings from assessments performed in 2017 at hundreds of individual hospitals, clinics, ancillary facilities, payers, business associates, etc., across the nation to reveal an average 45% conformance with NIST CSF controls.
Furthermore, the report revealed that most organizations have opportunities for improvement in all five areas of the Core Elements of the framework, including the ability to identify, protect, detect, respond, and recover from a variety of cybersecurity incidents. These results highlight the growing need for healthcare organizations to make serious investments in cybersecurity readiness, as cybersecurity has become one of the top business risks facing healthcare today.
Additional findings and information from the Improving Readiness: Meeting Cyber Threats report include:
- Of all organization types, business associates scored the highest overall conformance
- Out of the five core elements of NIST CSF, organizations had the lowest ratings in detecting potential cybersecurity events
- The highest ratings were in the Core Elements of response and recovery
- Academic medical centers had the highest conformance ratings among provider organizations
- Not surprisingly, larger organizations performed significantly better, across-the-board, than smaller organizations
- Revenue is a less consistent predictor of CSF conformance across all Core Elements
- More organizations are beginning to treat cyber events as enterprise risks
- Machine learning and behavioral analytics will play a significant role in helping healthcare organizations improve incident detection
- Printers, as endpoint devices, present multiple risks to health information
- Adoption of the NIST CSF can raise the overall level of preparedness and resilience of healthcare organizations
The report also includes expertise and analysis from CynergisTek’s executive thought leaders, as well as proven best practices for strengthening privacy and security controls at healthcare organizations.
To learn more about the findings of this report, stop by booth #5060 at HIMSS18.