Censinet, the leading provider of healthcare risk management solutions, today announced The Healthcare Cybersecurity Benchmarking Study is now enrolling participants for Wave 3 of the Study, co-sponsored by KLAS Research, the American Hospital Association (AHA) and two new co-sponsors Health Information Sharing and Analysis Center (Health-ISAC) and the Healthcare and Public Health Sector Coordinating Council (HSCC). The Healthcare Cybersecurity Benchmarking Study is the industry’s first and only collaborative initiative to establish robust, objective, and actionable peer benchmarks to strengthen cybersecurity resiliency across the healthcare sector. Healthcare organizations interested in participating in Wave 3 of the Study should contact benchmarks@censinet.com.
“Censinet is proud to launch Wave 3 of The Healthcare Cybersecurity Benchmarking Study at this critical time in our industry,” said Ed Gaudet, CEO and Founder of Censinet. “As cyberattacks intensify, this Study is a testament to the enduring commitment of so many healthcare organizations to come together and elevate the industry’s cybersecurity resiliency and maturity — we salute their determination and their participation in this important initiative.”
Participation in Wave 3 of The Healthcare Cybersecurity Benchmarking Study is open to an expanded set of organizational types across the health sector, including: Healthcare Delivery Organizations, Health Plans and Payers, Health Information Technology, Pharmaceutical and Laboratory, Public Health, Medical Devices and Materials, Mass Fatality Management Services, and Federal Response & Program Offices.
“Health-ISAC is delighted to sponsor The Healthcare Cybersecurity Benchmarking Study,” said Errol Weiss, Chief Security Officer of Health-ISAC. “With comprehensive benchmarks across recognized security practices like the Health Industry Cybersecurity Practices (HICP) and NIST, and expanded participation to both public and private organizations, the Study goes a long way toward strengthening the long-term cyber resiliency of both our community and the broader healthcare sector.”
Participating organizations in Wave 3 of the Benchmarking Study are entitled to exclusive benefits, including:
- Censinet enterprise self-assessments for HHS 405(d) Health Industry Cybersecurity Practices 2023 (HICP) and NIST Cybersecurity Framework 1.1 (CSF) to evaluate coverage against industry recognized security practices
- Access to the Summary and Final Summary Reports with aggregate findings across all participants – to be published in early 2024
- Aggregate peer group comparison of organizational coverage for HICP and NIST as well as cybersecurity program investment and performance
There is no cost for qualified health industry organizations to participate in the study; participation is limited to those organizations that complete the required assessments by November 1, 2023.
“This landmark initiative continues to set a new standard for collaboration across the industry and provides healthcare organizations with a measurable, objective path forward toward increased cyber protection and maturity,” said Steve Low, President of KLAS Research. “KLAS Research is looking forward to our continued partnership with Censinet and the other sponsors of The Healthcare Cybersecurity Benchmarking Study.”
Key findings and insights from the first two Waves of The Healthcare Cybersecurity Benchmarking Study include:
- Healthcare cybersecurity is better positioned to be reactive rather than proactive as “Identify” ranks lowest in coverage among all five NIST CSF Functions.
- “Supply Chain Risk Management” is still highly immature, ranking lowest in coverage across all 23 NIST CSF Categories.
- Higher third-party risk assessment coverage is positively correlated with lower annual growth in cyber insurance premiums.
- “Medical Device Security” ranks lowest in coverage across all ten HICP Practice areas.
- Higher CISO program ownership is positively correlated with higher HICP Practice coverage for “Medical Device Security.”
The Executive Summary whitepaper from Wave 1 of the Study is available publicly at no charge and can be found on the KLAS Research website here. In addition, data and analysis from the first two waves of The Healthcare Cybersecurity Benchmarking Study served as a primary input into the Hospital Cyber Resiliency Initiative Landscape Analysis, a key report published by the U.S. Department of Health and Human Services in May 2023.
“The Healthcare Cybersecurity Benchmarking Study is a critical resource for AHA member hospitals and health systems facing ransomware attacks that threaten both care operations and patient’s lives,” said John Riggi, National Advisor for Cybersecurity and Risk, American Hospital Association. “With the FBI declaring ransomware a ‘threat-to-life’ crime, the Study is an important tool for U.S. hospitals to help improve cybersecurity resiliency and fight back against the bad actors that threaten our industry and patients every day.”
