Censinet Launches Wave 3 of The Healthcare Cybersecurity Benchmarking Study
BOSTON, MA – SEPTEMBER 18, 2023 – Censinet, the leading provider of healthcare risk management solutions, today announced The Healthcare Cybersecurity Benchmarking Study is now enrolling participants for Wave 3 of the Study, co-sponsored by KLAS Research, the American Hospital Association (AHA) and two new co-sponsors Health Information Sharing and Analysis Center (Health-ISAC) and the Healthcare and Public Health Sector Coordinating Council (HSCC). The Healthcare Cybersecurity Benchmarking Study is the industry’s first and only collaborative initiative to establish robust, objective, and actionable peer benchmarks to strengthen cybersecurity resiliency across the healthcare sector. Healthcare organizations interested in participating in Wave 3 of the Study should contact benchmarks@censinet.com.
“Censinet is proud to launch Wave 3 of The Healthcare Cybersecurity Benchmarking Study at this critical time in our industry,” said Ed Gaudet, CEO and Founder of Censinet. “As cyberattacks intensify, this Study is a testament to the enduring commitment of so many healthcare organizations to come together and elevate the industry’s cybersecurity resiliency and maturity — we salute their determination and their participation in this important initiative.”
Participation in Wave 3 of The Healthcare Cybersecurity Benchmarking Study is open to an expanded set of organizational types across the health sector, including: Healthcare Delivery Organizations, Health Plans and Payers, Health Information Technology, Pharmaceutical and Laboratory, Public Health, Medical Devices and Materials, Mass Fatality Management Services, and Federal Response & Program Offices.
“Health-ISAC is delighted to sponsor The Healthcare Cybersecurity Benchmarking Study,” said Errol Weiss, Chief Security Officer of Health-ISAC. “With comprehensive benchmarks across recognized security practices like the Health Industry Cybersecurity Practices (HICP) and NIST, and expanded participation to both public and private organizations, the Study goes a long way toward strengthening the long-term cyber resiliency of both our community and the broader healthcare sector.”
Participating organizations in Wave 3 of the Benchmarking Study are entitled to exclusive benefits, including:
- Censinet enterprise self-assessments for HHS 405(d) Health Industry Cybersecurity Practices 2023 (HICP) and NIST Cybersecurity Framework 1.1 (CSF) to evaluate coverage against industry recognized security practices
- Access to the Summary and Final Summary Reports with aggregate findings across all participants – to be published in early 2024
- Aggregate peer group comparison of organizational coverage for HICP and NIST as well as cybersecurity program investment and performance
There is no cost for qualified health industry organizations to participate in the study; participation is limited to those organizations that complete the required assessments by November 1, 2023.
"This landmark initiative continues to set a new standard for collaboration across the industry and provides healthcare organizations with a measurable, objective path forward toward increased cyber protection and maturity,” said Steve Low, President of KLAS Research. “KLAS Research is looking forward to our continued partnership with Censinet and the other sponsors of The Healthcare Cybersecurity Benchmarking Study.”
Key findings and insights from the first two Waves of The Healthcare Cybersecurity Benchmarking Study include:
- Healthcare cybersecurity is better positioned to be reactive rather than proactive as “Identify” ranks lowest in coverage among all five NIST CSF Functions.
- “Supply Chain Risk Management” is still highly immature, ranking lowest in coverage across all 23 NIST CSF Categories.
- Higher third-party risk assessment coverage is positively correlated with lower annual growth in cyber insurance premiums.
- “Medical Device Security” ranks lowest in coverage across all ten HICP Practice areas.
- Higher CISO program ownership is positively correlated with higher HICP Practice coverage for “Medical Device Security.”
The Executive Summary whitepaper from Wave 1 of the Study is available publicly at no charge and can be found on the KLAS Research website here. In addition, data and analysis from the first two waves of The Healthcare Cybersecurity Benchmarking Study served as a primary input into the Hospital Cyber Resiliency Initiative Landscape Analysis, a key report published by the U.S. Department of Health and Human Services in May 2023.
“The Healthcare Cybersecurity Benchmarking Study is a critical resource for AHA member hospitals and health systems facing ransomware attacks that threaten both care operations and patient’s lives,” said John Riggi, National Advisor for Cybersecurity and Risk, American Hospital Association. “With the FBI declaring ransomware a ‘threat-to-life’ crime, the Study is an important tool for U.S. hospitals to help improve cybersecurity resiliency and fight back against the bad actors that threaten our industry and patients every day.”
If interested in participating in Wave 3 of The Healthcare Cybersecurity Benchmarking Study, please email benchmarks@censinet.com.
About Censinet
Censinet®, based in Boston, MA, takes the risk out of healthcare with Censinet RiskOps, the industry’s first and only cloud-based risk exchange of healthcare organizations working together to manage and mitigate cyber risk. Purpose-built for healthcare, Censinet RiskOpsTM delivers total automation across all third party and enterprise risk management workflows and best practices. Censinet transforms cyber risk management by leveraging network scale and efficiencies, providing actionable insight, and improving overall operational effectiveness while eliminating risks to patient safety, data, and care delivery. Censinet is an American Hospital Association (AHA) Preferred Cybersecurity Provider. Find out more about Censinet and its RiskOps platform at censinet.com.
About Health Information Sharing and Analysis Center (Health-ISAC)
Health-ISAC — a non-profit, private sector, member-driven organization — plays an essential role in providing situational awareness around cyber and physical security threats to the Healthcare Sector so that companies can detect, mitigate, and respond to ensure operational resilience. Health-ISAC connects thousands of healthcare security professionals worldwide to share peer insights, real-time alerts, and best practices in a trusted, collaborative environment. As the go-to source for timely, actionable, and relevant information, Health-ISAC is a force-multiplier that enables healthcare organizations of all sizes to enhance situation awareness, develop effective mitigation strategies and proactively defend against threats every single day. Website: h-isac.org
About KLAS Research
KLAS Research has been providing accurate, honest, and impartial insights for the healthcare IT (HIT) industry since 1996. The KLAS mission is to improve the world’s healthcare by amplifying the voice of providers and payers. The scope of our research is constantly expanding to best fit market needs as technology becomes increasingly sophisticated. KLAS finds the hard-to-get HIT data by building strong relationships with our payer and provider friends in the industry. Learn more at https://klasresearch.com/.
About the American Hospital Association
The American Hospital Association (AHA) is a not-for-profit association of health care provider organizations and individuals that are committed to the health improvement of their communities. The AHA advocates on behalf of our nearly 5,000 member hospitals, health systems and other health care organizations, our clinician partners – including more than 270,000 affiliated physicians, 2 million nurses and other caregivers – and the 43,000 health care leaders who belong to our professional membership groups. Founded in 1898, the AHA provides insight and education for health care leaders and is a source of information on health care issues and trends. For more information, visit the AHA website at https://www.aha.org.
Health Sector Coordinating Council Cybersecurity Working Group
The Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) is a government-recognized critical infrastructure industry council of more than 400 healthcare providers, pharmaceutical and medtech companies, payers and health IT entities partnering with government to identify and mitigate cyber threats to health data and research, systems, manufacturing and patient care. The CWG membership collaboratively develops and publishes freely-available healthcare cybersecurity best practices and policy recommendations, and produces outreach and communications programs emphasizing the imperative that cyber safety is patient safety. For more information on the HSCC, see https://HealthSectorCouncil.org.
Contacts:
Censinet
Briana McGann
Health-ISAC
Julia Annaloro
