Censinet, KLAS, and American Hospital Association, Publish the 2024 Healthcare Cybersecurity Benchmarking Study

LOS ANGELES, CA – FEBRUARY 27, 2024 – Censinet, the leading provider of healthcare risk management solutions, and KLAS Research, healthcare’s leading research and insights firm, today announced at ViVE 2024 the publication of the Executive Summary from the 2024 Healthcare Cybersecurity Benchmarking Study. Co-led by Censinet, KLAS Research (KLAS), the American Hospital Association (AHA), Health Information Sharing and Analysis Center (Health-ISAC), and the Healthcare and Public Health Sector Coordinating Council (HSCC), the second annual Healthcare Cybersecurity Benchmarking Study measures the current level of cybersecurity preparedness and maturity across the health sector. The 2024 Benchmarking Study Executive Summary can be downloaded now on the Censinet website here.  

“Censinet is honored to deliver results from the 2024 Healthcare Cybersecurity Benchmarking Study,” said Ed Gaudet, CEO and Founder of Censinet. “We deeply thank the 120+ organizations combined that have participated in the 2023 and 2024 Benchmarking Studies, and we applaud their dedication to our shared mission to protect patient care from escalating cyber threats – we are truly ‘stronger together’ in this fight, and the Benchmarking Study is a testament to the industry’s collaboration and commitment to strengthening cyber maturity and resiliency.” 

With 58 healthcare organizations participating in the 2024 Healthcare Cybersecurity Benchmarking Study, the findings update and expand upon the comprehensive set of peer benchmarks established in the landmark 2023 Benchmarking Study. The Benchmarking Study is the industry’s first collaborative initiative to establish robust, objective, and actionable benchmarks across the NIST Cybersecurity Framework (CSF), 405(d) Health Industry Cybersecurity Practices (HICP), and key organizational and cybersecurity program metrics. 

“KLAS is proud to co-sponsor and lead the analysis for the 2024 Healthcare Cybersecurity Benchmarking Study,” said Steve Low, President of KLAS Research. “For the second year in a row, the Benchmarking Study sets the highest standard for collaborative, impartial, and transparent insight into the current state of the health sector’s cyber maturity, and, more importantly, enables providers and payers to make more informed investment decisions to close critical gaps in controls and elevate overall cybersecurity program preparedness.”

Key findings from the 2024 Benchmarking Study include:

• Healthcare cybersecurity is still better positioned to be reactive rather than proactive, as Identify ranked last and Respond ranked highest in NIST CSF Function coverage 
• Supply Chain Risk Management still ranks last in coverage across all 23 NIST CSF Categories, a worrying trend in light of the record-breaking number of third-party breaches across 2023
• Organizations using NIST CSF as their primary framework report one-third lower cyber insurance premium cost growth
• Higher CISO program ownership continues to be significantly correlated with higher NIST and HICP coverage

“The 2024 Benchmarking Study is a vital resource to AHA members and a critical resource in our collective response to escalating cyberattacks on our nation’s healthcare system,” said John Riggi, National Advisor for Cybersecurity and Risk at the American Hospital Association. “When criminal and nation state-supported ransomware attacks target hospitals, health systems, and our mission-critical third parties, patient safety is directly placed in their crosshairs. U.S. hospitals and health systems need urgent support from initiatives like the Benchmarking Study to swiftly strengthen cyber resiliency and protect patients from these malicious attacks.”

“Health-ISAC is delighted to sponsor the 2024 Healthcare Cybersecurity Benchmarking Study,” said Errol Weiss, Chief Security Officer of Health-ISAC. “With comprehensive benchmarks across ‘recognized security practices’ like NIST CSF and HICP, the Benchmarking Study will drive greater, more enduring cybersecurity maturity and resilience across both our Health-ISAC member community and the broader health sector.”  

Participating organizations in the 2024 Benchmarking Study can view their benchmarking results in the Censinet RiskOps^TM platform on March 4, 2024, including their organization’s coverage for NIST CSF and HICP compared to industry averages. Enhanced features and functionality are available in the Censinet Benchmarking Module, including:

• Advanced peer group filtering and comparison
• Actionable guidance to identify and prioritize investment, resource allocation 
• Automatic mapping of NIST/HICP enterprise assessments to coverage of HHS Healthcare and Public Health Cybersecurity Performance Goals (HPH CPGs)

Healthcare organizations interested in learning more about the 2024 Benchmarking Study or the Censinet Benchmarking Module should contact Sean Lara at Censinet at slara@censinet.com. In addition, meet with Censinet executives at ViVE 2024 at booth #2219 to learn more. 

‍

About Censinet

Censinet®, based in Boston, MA, takes the risk out of healthcare with Censinet RiskOps, the industry’s first and only cloud-based risk exchange of healthcare organizations working together to manage and mitigate cyber risk. Purpose-built for healthcare, Censinet RiskOps^TM delivers total automation across all third party and enterprise risk management workflows and best practices. Censinet transforms cyber risk management by leveraging network scale and efficiencies, providing actionable insight, and improving overall operational effectiveness while eliminating risks to patient safety, data, and care delivery. Censinet is an American Hospital Association (AHA) Preferred Cybersecurity Provider. Find out more about Censinet and its RiskOps platform at censinet.com.

‍

About KLAS

KLAS is a research and insights firm on a global mission to improve healthcare delivery by amplifying the provider's voice. Working with thousands of healthcare professionals and clinicians, KLAS gathers data and insights on software, services and medical equipment to deliver timely reports, trends and statistical overviews. The research directly represents the provider voice and acts as a catalyst for improving vendor performance. Follow KLAS on X and LinkedIn. Learn more at: klasresearch.com.

‍