Healthcare organizations utilizing the National Institute of Standards and Technology Cybersecurity Framework as their primary framework experienced smaller increases in cyber insurance premiums than those not employing the NIST CSF, a Feb. 27 report from KLAS found.
This study, involving Censinet, KLAS Research, the American Hospital Association, and the Healthcare and Public Health Sector Coordinating Council, gathered insights from interviews with 54 payer and provider organizations and four healthcare vendors conducted between September and December 2023.
The study found that:
- Despite the prevalence of third-party data breaches in healthcare, supply chain risk management remained the National Institute of Standards and Technology Cybersecurity Framework category with the lowest coverage.
- Organizations with higher coverage in supply chain risk management experienced smaller increases in cyber insurance premiums.
- Organizations utilizing the National Institute of Standards and Technology Cybersecurity Framework as their primary security framework saw a 6% increase in cyber insurance premiums, contrasting with an 18% increase for those not using the National Institute of Standards and Technology Cybersecurity Framework as their primary framework.
- The study emphasized that higher coverage within the National Institute of Standards and Technology Cybersecurity Framework categories related to cyber resiliency correlated with lower increases in cybersecurity premiums, helping organizations mitigate the impact of breaches on patient care, safety and the business continuity.