Report Shows Healthcare Organizations Across the Nation Fell Short in All Core Elements of NIST Cybersecurity Framework
Mission Viejo, CA – March 1, 2018 — CynergisTek, Inc. (NYSE AMERICAN: CTEK), a leader in healthcare cybersecurity and information management, today announced the release of its annual report, Improving Readiness: Meeting Cyber Threats. The report focuses on a key question that many boards and executives are asking today, “How ready are we for a cyber event?” It provides a sobering analysis of how healthcare organizations measured against the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), which outlines best practices for healthcare organizations to follow to manage risks associated with cybersecurity.
CynergisTek’s 2018 report aggregated ratings from assessments performed in 2017 at hundreds of individual hospitals, clinics, ancillary facilities, payers, business associates, etc. across the nation to reveal an average 45 percent conformance with NIST CSF controls. Furthermore, the report revealed that most organizations have opportunities for improvement in all five areas of the Core Elements of the framework including the ability to identify, protect, detect, respond and recover from a variety of cybersecurity incidents. These results highlight the growing need for healthcare organizations to make serious investments in cybersecurity readiness, as cybersecurity has become one of the top business risks facing healthcare today.
Additional findings and information from the Improving Readiness: Meeting Cyber Threats report include:
- Of all organization types, business associates scored the highest overall conformance
- Out of the five core elements of NIST CSF, organizations had the lowest ratings in detecting potential cybersecurity events
- The highest ratings were in the Core Elements of response and recovery
- Academic medical centers had the highest conformance ratings among provider organizations
- Not surprisingly, larger organizations performed significantly better across the board than smaller organizations
- Revenue is a less consistent predictor of CSF conformance across all Core Elements
- More organizations are beginning to treat cyber events as enterprise risk
- Machine learning and behavioral analytics will play a significant role in helping healthcare organizations improve incident detection
- Printers, as endpoint devices, present multiple risks to health information
- Adoption of the NIST CSF can raise the overall level of preparedness and resilience of healthcare organizations
“Hopefully this report can provide a vehicle for the industry to become more aware of the need for greater emphasis and investment in cybersecurity readiness,” said Mac McMillan, CEO of CynergisTek. “Hackers are becoming more sophisticated and we expect to see greater frequency and intensity of cyberattacks in healthcare. The NIST CSF gives healthcare organizations the framework they need to build the resilience that 21st-century healthcare is going to require.”
The report also includes expertise and analysis from CynergisTek’s executive thought leaders, as well as proven best practices for strengthening privacy and security controls at healthcare organizations. The full report can be downloaded here.
To learn more about the findings of this report, stop by booth #5060 at HIMSS18 in Las Vegas from March 6 to 8. To schedule a meeting with a CynergisTek executive at the conference, please contact Danielle Johns at email@example.com.
About CynergisTek, Inc.
CynergisTek is a top-ranked cybersecurity and information management consulting firm dedicated to serving the healthcare industry. CynergisTek offers specialized services and solutions to help organizations achieve privacy, security, compliance, and document output management goals. Since 2004, the company has served as a partner to hundreds of healthcare organizations and is dedicated to supporting and educating the industry by contributing to relevant industry associations. The company has been named in numerous research reports as one of the top firms that provider organizations turn to for privacy and security, and won the 2017 Best in KLAS award for Cyber Security Advisory Services.
Forward Looking Statements
This release contains certain forward-looking statements relating to the business of CynergisTek that can be identified by the use of forward-looking terminology such as “believes,” “expects,” “anticipates,” “may” or similar expressions. Such forward-looking statements involve known and unknown risks and uncertainties, including uncertainties relating to product/services development, long and uncertain sales cycles, the ability to obtain or maintain patent or other proprietary intellectual property protection, market acceptance, future capital requirements, competition from other providers, the ability of our vendors to continue supplying the company with equipment, parts, supplies and services at comparable terms and prices and other factors that may cause actual results to be materially different from those described herein as anticipated, believed, estimated or expected. Certain of these risks and uncertainties are or will be described in greater detail in our Form 10-K and Form 10-Q filings with the Securities and Exchange Commission, which are available at http://www.sec.gov. CynergisTek is under no obligation (and expressly disclaims any such obligation) to update or alter its forward-looking statements whether as a result of new information, future events or otherwise.
Investor Relations Contact:
(617) 332-9999 x241