Healthcare organizations are welcome to participate in the latest wave of the Healthcare Cybersecurity Benchmarking Study, co-sponsored by Censinet, KLAS, Health-ISAC, AHA, and HSCC.
Wave three of the Healthcare Cybersecurity Benchmarking Study is now open for participation, Censinet announced alongside co-sponsors KLAS Research, the American Hospital Association (AHA), the Health Information Sharing and Analysis Center (Health-ISAC), and the Healthcare and Public Health Sector Coordinating Council (HSCC).
The third wave is open to an expanded range of organization types, including healthcare delivery organizations, health plans and payers, pharmaceutical and medical device companies, and federal response and program offices. Participants must complete the survey assessments by November 1, 2023 to be included in the study.
The study and its associated survey were established in 2022 with the goal of assessing healthcare cyber maturity and coverage of the NIST Cybersecurity Framework (NIST CSF), and Health Industry Cybersecurity Practices (HICP) in order to develop reliable peer benchmarks.
The first edition of the study, released in April 2023, aggregated findings from 48 healthcare organization respondents. In terms of maturity with the NIST CSF’s five core functions, the survey results showed that many healthcare organizations were still operating reactively rather than proactively when it came to cybersecurity. Specifically, the results showed low coverage in the areas of supply chain risk management, asset management, and risk management.
Essentially, the study showed that while healthcare organizations were making significant progress in implementing policies and strategies that protect them from cyber risk, there was still lots of room for improvement when it came to security program maturity.
The latest wave of the study will ideally shed more light on the systemic cybersecurity issues faced by the healthcare sector.
“Health-ISAC is delighted to sponsor The Healthcare Cybersecurity Benchmarking Study,” said Errol Weiss, chief security officer of Health-ISAC, in a press release.
“With comprehensive benchmarks across recognized security practices like the Health Industry Cybersecurity Practices (HICP) and NIST, and expanded participation to both public and private organizations, the Study goes a long way toward strengthening the long-term cyber resiliency of both our community and the broader healthcare sector.”
In addition to contributing to crucial research on the state of healthcare cybersecurity, participating organizations will be entitled to Censinet enterprise self-assessments for HICP and NIST CSF to evaluate coverage against industry-recognized security practices.
What’s more, participating organizations will gain access to the final report, to be released in early 2024, as well as aggregate peer group comparison data.
“The Healthcare Cybersecurity Benchmarking Study is a critical resource for AHA member hospitals and health systems facing ransomware attacks that threaten both care operations and patient’s lives,” said John Riggi, national advisor for cybersecurity and risk, at the AHA.
“With the FBI declaring ransomware a ‘threat-to-life’ crime, the Study is an important tool for U.S. hospitals to help improve cybersecurity resiliency and fight back against the bad actors that threaten our industry and patients every day.”
