The Health Information Trust Alliance conducted a three-month review of healthcare organizations' cyber risk management and found significant gaps and inefficiencies in the overall approach to cybersecurity.
"The analysis uncovered a constant theme: that today's approach to cybersecurity is predominantly reactive and, for the vast majority of organizations, inefficient and labor-intensive," according to HITRUST.
The study found organizations identified a lack of awareness of emerging cyber threats as a key concern and almost all organizations indicating having "minimal understanding" of the impact of cyber threats on unique applications and systems.
Having such minimal awareness of cyber threats causes organizations to rely on "indicators of compromise" to determine if a breach or other suspicious activity has occurred, which the report says is retrospective and inefficient.
HITRUST recommends the industry adopt a fundamental shift in cybersecurity defenses that uses a proactive model to identify real-time situational awareness of emerging cyber threats as well as helps organizations understand the impact of threats on an organization's specific environment.
"This new approach allows organizations to assess the cyber threats relevant to their unique environment down to the applications and system level, so they can use their resources to mitigate the 1 to 2 percent of the cyber threats that are relevant rather than chasing the 98 percent that aren't," the review concluded.
More articles on cybersecurity:
Technology company CFOs increasing cybersecurity spending
Hillary Clinton's email snafu highlights insider threats to cybersecurity
China linked to Anthem cyberattack