The College of Healthcare Information Management Executives released its 2021 Digital Health Most Wired Trends Report, which examines the core components of security programs at hospitals nationwide.
The survey represents 36,674 healthcare organizations across several countries, according to a Nov. 17 news release. The report is based on aggregated survey data from U.S. respondents.
Five study insights:
- Training their security workforce was the most common practice, with 99 percent of organizations including it in their cybersecurity program, and 96 percent of organizations used risk assessments to identify compliance gaps and cybersecurity vulnerabilities at least once a year.
- Ninety-five percent of organizations have a dedicated cybersecurity committee and 89 percent have security progress reported to it at least quarterly.
- Seventy-eight percent of organizations have a dedicated cybersecurity operations center. This is the largest area of growth CHIME reported, which increased percentage points since 2020.
- Six in 10 organizations have a dedicated chief information security officer.
- At organizations with comprehensive cybersecurity programs, secure system baseline images, inventory of authorized medical devices and endpoint protection systems were those most often adopted. At these organizations, testing a recovery plan at least annually, Purple team exercise and quarterly social engineering risk assessments were the least cybersecurity protocols adopted.