Censinet, KLAS Research, and American Hospital Association Publish Results of Industry’s First Healthcare Cybersecurity Benchmarking Study
Sponsored by Leading Health Systems, Landmark Study Sets New Standard for Cybersecurity Coverage, Maturity and Resiliency in Healthcare; Next Study Wave Now Open for Participation
BOSTON, MA – APRIL 25, 2023 – Censinet, the leading provider of healthcare risk management solutions, announced today the release of results from the first wave of the Healthcare Cybersecurity Benchmarking Study. Co-led by KLAS Research and the American Hospital Association (AHA), and sponsored by leading health systems, the Study establishes collaborative, trusted, and actionable peer benchmarks to help all U.S. hospitals and health systems strengthen their cybersecurity program coverage, maturity, and resiliency. Full analysis and results from the Study are available exclusively to participants, while the Executive Summary whitepaper from the Study is available publicly here.
“Censinet is proud to present results from the industry’s first Healthcare Cybersecurity Benchmarking Study, and we thank KLAS Research, AHA, our provider sponsors, and study participants for their dedication, collaboration, and insight,” said Ed Gaudet, CEO and Founder of Censinet. “This Study is a testament to the power of community response to bad actors that seek to threaten patient safety every day, further affirming our ‘Stronger Together’ shared vision across healthcare.”
“KLAS Research is proud to have worked with Censinet and the American Hospital Association to publish this whitepaper as well as the full Healthcare Cybersecurity Benchmarking Study analysis and results,” said Adam Gale, Chief Executive Officer at KLAS Research. “This landmark initiative represents a giant leap forward to shine a light on the state of cybersecurity in the industry and, at the same time, to help elevate cybersecurity resiliency and maturity across all organizations.”
The Healthcare Cybersecurity Benchmarking Study establishes peer benchmarks across a combination of key organizational metrics, NIST Cybersecurity Framework (CSF), and HHS 405(d) Health Industry Cybersecurity Practices (HICP) – ensuring comprehensive visibility and peer comparison into cybersecurity maturity and performance. Conducted across November 2022 to March 2023, the first wave of the Study includes 48 healthcare delivery organizations, and is by co-sponsored by 8 leading health systems, including: Intermountain Health, Mass General Brigham, Cedars-Sinai, Marshfield Clinic Health System, Fairview Health Services, Baptist Health, Hartford HealthCare, and Dayton Children’s. The Company is currently enrolling participants for the next wave of the Study.
Key findings in the Executive Summary whitepaper from the Study include:
- Healthcare cybersecurity is better positioned to be reactive rather than proactive as Identify ranks lowest in coverage among all five NIST CSF Functions.
- Supply Chain Risk is still highly pervasive, ranking lowest in coverage across all 23 NIST CSF Categories.
- Higher third-party risk assessment coverage is positively correlated with lower annual growth in cyber insurance premiums.
- While Email Protections are largely in place, Medical Device Security still lags behind, ranking lowest in coverage across all ten HICP Practice areas.
- Higher CISO program ownership is positively correlated with higher HICP Practice coverage for Medical Device Security and Network Management.
“The Healthcare Cybersecurity Benchmarking Study initiative provides critical intelligence to help guide our fight against those who directly threaten hospital operations and patient care,” said John Riggi, National Advisor for Cybersecurity and Risk, American Hospital Association. “Peer benchmarking delivers immediate, actionable insights into cybersecurity performance and provides a targeted roadmap for improvement, driving much-needed investment in cyber resiliency across our entire field.”
Data and analysis from The Healthcare Cybersecurity Benchmarking Study serves as one of the primary inputs into the Hospital Cyber Resiliency Initiative Landscape Analysis, a recently published report published by the U.S. Department of Health and Human Services 405(d) Program focusing on the cybersecurity resiliency of participating U.S. hospitals and health systems benchmarked against best practice guidelines such as HICP and NIST CSF.
“As patient safety is put at risk by an increasingly-malicious threat landscape, U.S. hospitals and health systems must stay ahead of bad actors the best they can,” said Erik Decker, VP and Chief Information Security Officer at Intermountain Health and chair of the Health Sector Coordinating Council’s Cybersecurity Working Group. “Drawn from the unique insights in the Healthcare Cybersecurity Benchmarking Study, the Landscape Analysis is a significant asset for healthcare organizations – especially those under-served – to make the right investment decisions to bolster their cybersecurity maturity and resiliency for the long run.”
To inquire about participating in the next wave of the Benchmarking Study, please contact Cormac Miller, President and Chief Commercial Officer at Censinet, at firstname.lastname@example.org.
Censinet®, based in Boston, MA, takes the risk out of healthcare with Censinet RiskOps, the industry’s first and only cloud-based risk exchange of healthcare organizations working together to manage and mitigate cyber risk. Purpose-built for healthcare, Censinet RiskOpsTM delivers total automation across all third party and enterprise risk management workflows and best practices. Censinet transforms cyber risk management by leveraging network scale and efficiencies, providing actionable insight, and improving overall operational effectiveness while eliminating risks to patient safety, data, and care delivery. Censinet is an American Hospital Association (AHA) Preferred Cybersecurity Provider. Find out more about Censinet and its RiskOps platform at censinet.com.
About KLAS Research
KLAS Research has been providing accurate, honest, and impartial insights for the healthcare IT (HIT) industry since 1996. The KLAS mission is to improve the world’s healthcare by amplifying the voice of providers and payers. The scope of our research is constantly expanding to best fit market needs as technology becomes increasingly sophisticated. KLAS finds the hard-to-get HIT data by building strong relationships with our payer and provider friends in the industry. Learn more at https://klasresearch.com.
About the American Hospital Association
The American Hospital Association (AHA) is a not-for-profit association of health care provider organizations and individuals that are committed to the health improvement of their communities. The AHA advocates on behalf of our nearly 5,000 member hospitals, health systems and other health care organizations, our clinician partners – including more than 270,000 affiliated physicians, 2 million nurses and other caregivers – and the 43,000 health care leaders who belong to our professional membership groups. Founded in 1898, the AHA provides insight and education for health care leaders and is a source of information on health care issues and trends. For more information, visit the AHA website at https://www.aha.org.
# # #