New Report Looks at Cybersecurity Preparedness

Feb. 29, 2024
A new report published by a collaborative of organizations looks at current levels of cybersecurity preparedness

How far have patient care organizations really gotten in terms of evolving forward their cybersecurity strategies? A report collectively produced by Censinet, KLAS Research, the American Hospital Association, Health-IASAC, and the Healthcare and Public Health Sector Coordinating Council, is providing a snapshot.

“Current and Emerging Healthcare Cyber Threat Landscape: Executive Summary for CISOs,” was published on Feb. 29. The report begins thus: “With cyberattacks on the rise, having a strong cybersecurity strategy is a must for healthcare organizations, especially as they face post-pandemic resource constraints and staffing shortages. Many are protecting their data by adopting and implementing cybersecurity frameworks and best practices, such as the NIST Cybersecurity Framework (NIST CSF) and the Health Industry Cybersecurity Practices (HICP). NIST CSF and HICP are accessible resources for healthcare organizations, and high NIST CSF and HICP coverage is a strong indication of cybersecurity preparedness. This report—a collaboration between Censinet, KLAS, the American Hospital Association, Health-ISAC, and the Healthcare and Public Health Sector Coordinating Council—provides an update to previous research on the status of healthcare cybersecurity preparedness. It also examines the effect of governance and resource investment on cybersecurity preparedness and insurance premiums. Data for this report comes from 58 respondents (54 payer or provider organizations and 4 healthcare vendors) who were interviewed September–December 2023.”

An absolutely key question: which cybersecurity frameworks and guidelines have patient care organizations implemented? They are as follows (most have implemented more than one)? NIST CSF, 57 percent; CIS Controls, 29 percent; HICP, 29 percent; HITRUST, 14 percent; NIST CSF (not used as the primary cybersecurity framework): 14 percent; ISO/IEC 27001, 10 percent; SOC 2, 9 percent; ISO/IEC 27002, 5 percent; CMMC, 3 percent; other frameworks/guidelines, 22 percent; no frameworks/guidelines, 10 percent.

Asked about their coverage across their organizations along various dimensions, the following were the results with regard to maturity with NIST CSF functions: “identify,” 65 percent; “protect,” 70 percent; “detect,” 70 percent; “respond,” 75 percent; “recover,” 69 percent;

When it comes to maturity with HICP functions, the survey found the following results: “email protection systems,” 84 percent; “cybersecurity oversight and governance,” 83 percent; “access management,” 79 percent; “vulnerability management,” 77 percent; ‘Incident response,” 71 percent; “asset management,” 70 percent; “endpoint protection systems,” 69 percent; “network management,” 67 percent; “data protection and loss prevention,” 60 percent; and “medical device security,” 50 percent.

Importantly, the report notes, “On average, respondent organizations who adopt NIST CSF have lower year-over-year increases to their cybersecurity insurance premiums. In particular, those using NIST CSF as their primary cybersecurity framework report premium increases one-third the percentage reported by non-NIST CSF organizations. Higher coverage within the NIST CSF categories related to cyber resiliency is especially correlated with lower increases in cybersecurity premiums. Focusing on these areas helps organizations mitigate the impact of breaches on patient care and safety and maintain business continuity.”

The full report can be found here.

Sponsored Recommendations

Improving Workplace Safety and Patient Care in Behavioral Health

In 2023, Vail Health enhanced safety in their behavioral health clinic, but the impact went beyond their expectations. Read their case study to see how prioritizing workplace ...

Transforming Hospital Capacity Through Smarter Patient Progression Strategies

Helping patients move seamlessly through every stage of their care, from admission to discharge, is critical to ensuring patient safety, improving outcomes, and optimizing capacity...

Beyond the AI Buzz: How Clinicians Can Leverage AI for Value-Based Success

Watch on-demand to explore the impact of implementing AI in primary care settings to reduce burnout and thrive in value-based care. Including practical takeaways on driving clinician...

Building the Connected Hospital: Bridging Operational Gaps Through Technology

Join industry leaders to explore how advanced technologies like RFID, AI, EMR, and ERP systems are transforming hospitals into connected ecosystems that enhance efficiency, streamline...