CynergisTek has released a new report that suggests that the majority of medical providers are falling behind when it comes to cybersecurity. The company’s third annual Moving Forward report specifically found that only 44 percent of all medical organizations meet the security standards laid out in the NIST’s Cybersecurity Framework.
If anything, many healthcare organizations have regressed since 2017, although that is not entirely due to lack of effort. CynergisTek indicated that most organizations have taken steps to bolster their security, but are not implementing improvements fast enough to keep pace with cybercriminals. The use of electronic health records and the rise of telehealth and remote work during the COVID-19 pandemic has made those gaps even more apparent.
“Investments need to be made now to shore up America’s health system,” said CynergisTek President and CEO Caleb Barlow. “Organizations that have invested in their programs and had regular risk assessments, prioritized issues from assessments and leveraged proven strategies have seen significant improvements to their NIST CSF conformance scores.”
According to CynergisTek, the size and budget of an organization did not correlate with its security score. The organizations that did well were instead those with a strong organizational focus, good reporting infrastructure, and clear (and accurate) security priorities. CynergisTek also noted that supply chain companies tended to perform worse than the rest of the industry, which is doubly concerning given the difficulty of acquiring Personal Protective Equipment during the pandemic.
“What our report has uncovered over recent years is that healthcare is still behind the curve on security,” concluded CynergisTek Strategic Innovation EVP David Finn. “The good news is that issues emerging in our assessments are largely addressable. The bad news is that it is going to require investment in an industry still struggling with financial losses from COVID-19.”
CynergisTek advised healthcare companies to move to the cloud to improve their security posture. It also warned that money alone will not fix the problem, and that organizations should rely on proven strategies like multifactor authentication.
September 18, 2020 – by Eric Weiss