Fewer than half of healthcare institutions met national cybersecurity standards last year
Topic: Fewer than half of healthcare institutions met national cybersecurity standards last year
Dive Brief:
- Only 44% of healthcare institutions met national cybersecurity standards in 2019, according to an annual report from consulting firm CynergisTek. That’s a slight drop from 45% compliance in 2017 and 47% in 2018.
- Looking at historical client data, CynergisTek found declines in four of the five core functions outlined in the National Institute of Standards and Technology’s framework for companies to protect themselves against cyber attacks: identify, protect, respond and recover. The last core function, detect, remained flat across three years.
- CynergisTek said cybersecurity is more important than ever as telehealth and remote work have become the norm. “It has already been made crystal clear that due to COVID-19, care delivery and IT delivery models are transforming drastically,” according to the report.
Dive Insight:
The COVID-19 pandemic forced providers and patients to rapidly move care to virtual settings this year. Providers had just weeks to convert visits online and adopt the technology needed to do so, though temporarily loosened restrictions from CMS helped.
But the report shows even before the public health crisis, healthcare institutions’ compliance with cybersecurity standards were sliding.
“In cybersecurity, if you are not improving, you are falling behind in managing your risks,” the report’s authors said. “The bad guys keep getting better, the technology more complex, and more of it is being deployed.”
Among the healthcare organization clients CynergisTek analyzed, assisted living facilities had the highest NIST compliance at 96%, though it noted they don’t typically have highly automated systems, frequently don’t have EMRs, and only have minimal, “core systems.”
Insurers and accountable care organizations had the next highest compliance, then business associates and hospitals and health systems. Physicians groups had the lowest compliance at 20%.
Looking at hospital type, academic medical centers had the highest compliance, followed by critical access hospitals, health systems and short-term acute care hospitals.
Surprisingly, critical access hospitals, typically underfunded and understaffed, improved their compliance significantly over the years, from 18% in 2017 to 47% in 2019.
Going forward, CynergisTek said remote work and telehealth will likely persist, requiring added technologies and an enhanced focus on existing ones. Organizations may have to invest in more endpoint protection tools, such as multi-factor authentication, virtual private networks, identity access management and data loss prevention, the report said.
Topic Discussed: Fewer than half of healthcare institutions met national cybersecurity standards last year
STATES WE SERVE
Alabama | Alaska | Arizona | Arkansas | California | Colorado | Connecticut | Delaware | Florida | Georgia | Hawaii | Idaho | Illinois | Indiana | Iowa | Kansas | Kentucky | Louisiana | Maine | Maryland | Massachusetts | Michigan | Minnesota | Mississippi | Missouri | Montana | Nebraska | Nevada | New Hampshire | New Jersey | New Mexico | New York | North Carolina | North Dakota | Ohio | Oklahoma | Oregon | Pennsylvania | Rhode Island | South Carolina | South Dakota | Tennessee | Texas | Utah | Vermont | Virginia | Washington | West Virginia | Wisconsin | Wyoming
NAVIGATE OUR WEBSITE
About Us | In The Media | Resources | Testimonials | Upcoming Events | Benefits of Verified Reviews | Blog | Contact Us | How It Works | How Our Marketing Tools Work | The Value We Deliver | Who We Are | Who We Serve | Why Choose Us | Explore our Analytics | Increase Conversions | Our Services | ReviewMultiplier™ | Social Media Marketing | Search Engine Optimization | Pay-Per-Click Advertising | Website Design & Development | Cybersecurity | RealPatientRatings.com®