Peer benchmarking in healthcare cybersecurity has revealed significant insights. When CISOs take charge of medical device security, HICP application increases by 18%. The Healthcare Cybersecurity Benchmarking Study, a collaboration between Censinet, KLAS Research, and the American Hospital Association, aims to strengthen cybersecurity in healthcare. Early findings show a reactive industry response to cyber threats. Supply chain risk management and medical device security are highlighted areas. Ownership by CISOs significantly boosts HICP adoption. Collaboration against rising cybercrime is advocated, with a proposal called Meaningful Protection. This helps improve patient safety and data protection through targeted cybersecurity investments.
Here are five key insights on healthcare cybersecurity drawn from peer benchmarking:
1. Increased Responsibility, Enhanced Application: Peer benchmarking research indicates that when Chief Information Security Officers (CISOs) take ownership of medical device security, healthcare organizations see an impressive 18% boost in the application of the Health Industry Cybersecurity Practices (HICP) guidelines.
2. Valuable Findings: A recent study on healthcare cybersecurity examined best practices and key performance indicators, including the use of the NIST Cybersecurity Framework and the 405(d) Health Industry Cybersecurity Practices. This research uncovered crucial insights.
3. Collaborative Initiative: The Healthcare Cybersecurity Benchmarking Study, a collaboration between Censinet, KLAS Research, and the American Hospital Association, aims to establish reliable peer benchmarks to help healthcare organizations bolster their cybersecurity maturity and resilience.
4. Reactive vs. Proactive: The study’s early findings indicate that the healthcare industry is more reactive than proactive in responding to cyber threats. It is better prepared to respond to security incidents than to identify and mitigate cyber threats before they escalate into incidents.
5. Supply Chain Risk and Medical Device Security: The study highlights two critical areas for healthcare delivery organizations to focus on. Firstly, supply chain risk management is an area where healthcare maturity ranks lowest across all 23 NIST CSF categories. Secondly, the adoption of HICP varies significantly across the 10 best practice areas, with medical device security lagging behind. Given the increasing prevalence of network-connected medical devices and the growing Internet-of-Medical-Things market, this is a concerning trend.
Moreover, the study shows a strong correlation between CISO program ownership and HICP adoption for medical device security. When the CISO’s office takes responsibility for medical device security, HICP coverage increases significantly, rising from 45% with no ownership to 63% with complete ownership.
In light of the growing threat of cybercrime, there is a call for collaboration across the industry, and a legislative proposal known as Meaningful Protection is being advocated. This proposal suggests modeling a federal cybersecurity investment program after the successful model used to increase the adoption of electronic health records.
In conclusion, peer benchmarking in healthcare cybersecurity is a valuable tool for organizations to identify and address security gaps, allocate resources efficiently, and justify future investments in cybersecurity, ultimately enhancing patient safety and data protection.
