Improving Cybersecurity Preparedness through NIST CSF & HICP Best Practices
February 2024
The 2024 Healthcare Cybersecurity Benchmarking Study is co-sponsored by Censinet, KLAS Research, the American Hospital Association, the Health Information Sharing and Analysis Center (Health-ISAC), and the Healthcare and Public Health Sector Coordinating Council.
This study is the industry’s first and only collaborative initiative to establish robust, objective, and actionable peer benchmarks to strengthen cybersecurity maturity and resiliency across the healthcare sector. Research for the 2024 study included 58 participating organizations—including healthcare delivery organizations and healthcare vendors—and analyzes coverage across the NIST Cybersecurity Framework and the Health Industry Cybersecurity Practices as well as key organizational and cybersecurity program performance metrics.
With cyberattacks on the rise, having a strong cybersecurity strategy is a must for healthcare organizations, especially as they face post-pandemic resource constraints and staffing shortages. Many are protecting their data by adopting and implementing cybersecurity frameworks and best practices, such as the NIST Cybersecurity Framework (NIST CSF) and the Health Industry Cybersecurity Practices (HICP). NIST CSF and HICP are accessible resources for healthcare organizations, and high NIST CSF and HICP coverage is a strong indication of cybersecurity preparedness. This report—a collaboration between Censinet, KLAS, the American Hospital Association, Health-ISAC, and the Healthcare and Public Health Sector Coordinating Council—provides an update to previous research on the status of healthcare cybersecurity preparedness. It also examines the effect of governance and resource investment on cybersecurity preparedness and insurance premiums. Data for this report comes from 58 respondents (54 payer or provider organizations and 4 healthcare vendors) who were interviewed September–December 2023.
