"Curious to See How Healthcare Cybersecurity Fared This Year?"

In a new report, CynergisTek reviewed just under 100 assessments of healthcare providers across hospitals, physician practices, Accountable Care Organizations (ACOs), and Business Associates. These assessments measure organizations’ security posture against the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF), a standardized framework first published in 2014 intended to help protect American critical infrastructure.  Assessments were categorized into two cohorts: high performers with NIST conformance scores over 80% and low performers with conformance scores under 80%.  The researchers focused on the industry’s overall status in cybersecurity preparedness and found that 64% of organizations obtained below 80% conformance. The researchers identified several areas for continued improvement in planning and preparedness, especially seeing only 75% improved during the coronavirus pandemic and only slightly. The researchers stated that while that is progress, it isn’t the progress the industry needs to shore up defenses. The researchers also noted that investing in security is often more cost-effective than paying the recent exorbitant ransoms in the long run.  The researchers found that overall, supply chain management was the second lowest-scoring and least mature category assessed. Even among high-performing organizations that have significantly improved over the past four years, scores averaged 2.7 out of 5, reflecting a universal challenge that companies face in identifying and addressing risks across their supply chains. With an acceptable score above a 3, only 23% of organizations barely passed on supply chain security.  In particular, researchers found that organizations struggle to validate whether third-party partners are meeting contractual security obligations.

Help Net Security reports: "Curious to See How Healthcare Cybersecurity Fared This Year?"