Bigger health systems aren't doing a better job at cybersecurity, report finds. Here's why


Heather Landi

Only 44% of healthcare organizations, including hospitals, health systems and third-party vendors, are meeting national cybersecurity standards designed to protect against cyberattacks.

And bigger healthcare institutions with larger budgets didn't necessarily perform better when it comes to security, according to a new report from cybersecurity firm CynergisTek. In fact, big organizations sometimes performed worse than smaller organizations or those that invested less, the report found.

In some cases, this was a direct result of consolidation where systems directly connect to newly acquired hospitals without first shoring up their security posture and conducting a compromise assessment, according to CynergisTek.

Analysts at the Austin, Texas-based security firm examined nearly 300 assessments of provider facilities, including hospitals, physician practices, accountable care organizations and business associates, to determine how well they are conforming to the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF) protocols, which are considered security best practices.

Looking at historical client data, CynergisTek found...

Get the Morning Update

Thanks for subscribing!