The Value of Cybersecurity Benchmarking in Healthcare



A new report was published by Ponemon Institute this month on “The Impact of Ransomware on Patient Safety and the Value of Cybersecurity Benchmarking.” In the report, researchers found that healthcare cybersecurity benchmarking data can be used to make better IT decisions, understand how security programs stack up, and help providers protect themselves against attacks. The report contained the responses of over 500 IT and IT security professionals.

What is the Latest Info on Cyberattacks?

Unsurprisingly, almost half of these respondents shared that they had experienced a ransomware attack in the last two years. Ransomware continues to be a growing threat, with a recent increase in the number of third-party ransomware attacks. About two thirds of professionals are paying the ransom, (which has increased to an average of $352,000,) and then experiencing more than a month of disruptions after the breach.

How is this affecting patients? It’s hard to measure this impact, but we can see that more patients are being transferred or diverted to other facilities following a breach. Additionally, 21% of these professionals said these attacks had a negative effect on patient mortality rates.

What Steps Can I Take to Protect My Organization and Our Patients?

The word has gotten out about the potential for harm coming from cybersecurity incidents. More providers than ever are putting together business continuity plans to make sure they are prepared to care for their patients in the event of a breach. There are clear patient safety concerns when it comes to anticipating ransomware attacks.

Most organizations don’t benchmark their cybersecurity programs against their peers, but they may want to start. Benchmarking can “provide valuable insights as healthcare organizations continue to strive to improve patient safety and reduce cyber risk.” More benchmarking data and resources are gradually becoming available to healthcare organizations, and those that use these resources agree that they’re able to implement better security processes based on the peer information. Researchers also predict that “in the next 12 to 24 months, more organizations will use standards, frameworks or industry practices as the basis for their cybersecurity program.” The most widely-used example of these standards is HIPAA.

In addition to seeing how your cybersecurity stacks up against your peers, it’s important (and required by HIPAA) for your organization to conduct a full Security Risk Assessment. The risk assessment identifies and evaluates your organization’s safeguards in each of three categories: administrative, physical, and technical. A cybersecurity analysis will fall under the technical safeguards, and is essential to help you understand what threats your electronic patient information is currently facing. As cybercriminals level up and hacks become more sophisticated, revisiting these safeguards on a regular basis will help you see where your security protections may need improvements.

Our goal is to help you avoid the care disruption as well as the financial and reputational costs of a security breach. To learn more about what kind of cybersecurity standards and resources are available to you, you can contact your team at Medcurity.