Inside CHIME: CHIME-KLAS Report Highlights Trends in Cybersecurity Protocols


Inside CHIME - header

Although C-suites and boards are paying more attention to cybersecurity, a new CHIME-KLAS report shows that there is room to grow.

CHIME and KLAS earlier this year released an important study benchmarking how provider organizations are responding to increased cybersecurity risks. The report, “Cybersecurity 2017: Healthcare Provider Security Assessment,” not only assessed what technologies providers are using to shore up their defenses, but also highlighted how boards and executive teams are confronting the issue.

According the report, 42 percent of surveyed organizations have a vice president or C-level official in charge of cybersecurity; 62 percent report that security is discussed quarterly at board meetings. The study found that 16 percent of providers – mostly large hospitals or integrated delivery networks, reported having “fully functional” security programs. Another 41 percent reported that they’ve developed and are starting to implement a program. Smaller hospitals and physician practices lagged in their program development.

Other key findings of the study included:

  • 55 percent of respondents reported that encryption is the most common way of securing connected endpoints on their networks, followed by antivirus/malware systems at 42 percent.
  • 63 percent of respondents reported that security information and event management (SIEM) is the most common method for detecting phishing and ransomware attacks.
  • 75 percent of respondents reported that they are following the National Institute of Standards and Technology Cybersecurity Framework.

The study profiled provider adoption of and experiences regarding specific cybersecurity solutions, including data loss prevention (DLP), identity and access management (IAM), mobile device management (MDM), and security information and event management (SIEM).

KLAS conducted nearly 200 interviews of chief information security officers, chief information officers, chief technology officers and other security professionals. To cover the largest number of impacted providers and patients, the research targeted mainly larger multihospital organizations (IDNs) and hospitals, with some additional input from large physician practices (75+ physicians).

CHIME members can download a PDF of the report by logging into the CHIME site.


More Inside CHIME Volume 2, No. 8: