New Report Looks at Cybersecurity Preparedness

Feb. 29, 2024
A new report published by a collaborative of organizations looks at current levels of cybersecurity preparedness

How far have patient care organizations really gotten in terms of evolving forward their cybersecurity strategies? A report collectively produced by Censinet, KLAS Research, the American Hospital Association, Health-IASAC, and the Healthcare and Public Health Sector Coordinating Council, is providing a snapshot.

“Current and Emerging Healthcare Cyber Threat Landscape: Executive Summary for CISOs,” was published on Feb. 29. The report begins thus: “With cyberattacks on the rise, having a strong cybersecurity strategy is a must for healthcare organizations, especially as they face post-pandemic resource constraints and staffing shortages. Many are protecting their data by adopting and implementing cybersecurity frameworks and best practices, such as the NIST Cybersecurity Framework (NIST CSF) and the Health Industry Cybersecurity Practices (HICP). NIST CSF and HICP are accessible resources for healthcare organizations, and high NIST CSF and HICP coverage is a strong indication of cybersecurity preparedness. This report—a collaboration between Censinet, KLAS, the American Hospital Association, Health-ISAC, and the Healthcare and Public Health Sector Coordinating Council—provides an update to previous research on the status of healthcare cybersecurity preparedness. It also examines the effect of governance and resource investment on cybersecurity preparedness and insurance premiums. Data for this report comes from 58 respondents (54 payer or provider organizations and 4 healthcare vendors) who were interviewed September–December 2023.”

An absolutely key question: which cybersecurity frameworks and guidelines have patient care organizations implemented? They are as follows (most have implemented more than one)? NIST CSF, 57 percent; CIS Controls, 29 percent; HICP, 29 percent; HITRUST, 14 percent; NIST CSF (not used as the primary cybersecurity framework): 14 percent; ISO/IEC 27001, 10 percent; SOC 2, 9 percent; ISO/IEC 27002, 5 percent; CMMC, 3 percent; other frameworks/guidelines, 22 percent; no frameworks/guidelines, 10 percent.

Asked about their coverage across their organizations along various dimensions, the following were the results with regard to maturity with NIST CSF functions: “identify,” 65 percent; “protect,” 70 percent; “detect,” 70 percent; “respond,” 75 percent; “recover,” 69 percent;

When it comes to maturity with HICP functions, the survey found the following results: “email protection systems,” 84 percent; “cybersecurity oversight and governance,” 83 percent; “access management,” 79 percent; “vulnerability management,” 77 percent; ‘Incident response,” 71 percent; “asset management,” 70 percent; “endpoint protection systems,” 69 percent; “network management,” 67 percent; “data protection and loss prevention,” 60 percent; and “medical device security,” 50 percent.

Importantly, the report notes, “On average, respondent organizations who adopt NIST CSF have lower year-over-year increases to their cybersecurity insurance premiums. In particular, those using NIST CSF as their primary cybersecurity framework report premium increases one-third the percentage reported by non-NIST CSF organizations. Higher coverage within the NIST CSF categories related to cyber resiliency is especially correlated with lower increases in cybersecurity premiums. Focusing on these areas helps organizations mitigate the impact of breaches on patient care and safety and maintain business continuity.”

The full report can be found here.

Sponsored Recommendations

Care Access Made Easy: A Guide to Digital Self-Service for MEDITECH Hospitals

Today’s consumers expect access to digital self-service capabilities at multiple points during their journey to accessing care. While oftentimes organizations view digital transformatio...

Going Beyond the Smart Room: Empowering Nursing & Clinical Staff with Ambient Technology, Observation, and Documentation

Discover how ambient AI technology is revolutionizing nursing workflows and empowering clinical staff at scale. Learn about how Orlando Health implemented innovative strategies...

Enabling efficiencies in patient care and healthcare operations

Labor shortages. Burnout. Gaps in access to care. The healthcare industry has rising patient, caregiver and stakeholder expectations around customer experiences, increasing the...

Findings on the Healthcare Industry’s Lag to Adopt Technologies to Improve Data Management and Patient Care

Join us for this April 30th webinar to learn about 2024's State of the Market Report: New Challenges in Health Data Management.