Cybersecurity a Central Concern for Healthcare Providers, KLAS-CHIME Study Finds

Cybersecurity Programs More Advanced at Larger Hospitals and IDNs

SALT LAKE CITY, UT and ANN ARBOR, MI, February 19, 2017 – Cybersecurity has been elevated to a central concern for healthcare providers, with more attention at the board level and the C-suite, according to a new survey by KLAS Research and the College of Healthcare Information Management Executives (CHIME). The study found that 42 percent of organizations have a vice president or C-level official in charge of cybersecurity; 62 percent report that security is discussed quarterly at board meetings.

The study found that 16 percent of providers – mostly large hospitals or integrated delivery networks, reported having “fully functional” security programs. Another 41 percent reported that they’ve developed and are starting to implement a program. Smaller hospitals and physician practices lagged behind in their program development.

“Healthcare organizations take their responsibility for protecting patient information and their data networks very seriously,” said CHIME President and CEO Russell Branzell, FCHIME, CHCIO. “As healthcare continues to march toward greater integration and information sharing across the continuum, we must become more vigilant in protecting data networks. Security has to be seen as an organizational priority. It is encouraging to see more C-level executives and boards taking greater responsibility for the issue.”

“Providers are embracing cybersecurity and report that vendor solutions are becoming more robust and responsive to provider’s needs,” said Garrett Hall, Director of Cybersecurity for KLAS. “However, cybersecurity remains a significant challenge for many providers, and the healthcare industry as a whole.”

Other key findings of the study included:

  • 55 percent of respondents reported that encryption is the most common way of securing connected
    endpoints on their networks, followed by antivirus/malware systems at 42 percent.
  • 63 percent of respondents reported that security information and event management (SIEM) is the
    most common method for detecting phishing and ransomware attacks.
  • 75 percent of respondents reported that they are following the National Institute of Standards and
    Technology Cybersecurity Framework.

The study profiled provider adoption of and experiences regarding specific cybersecurity solutions, including data loss prevention (DLP), identity and access management (IAM), mobile device management (MDM), and security information and event management (SIEM).

KLAS conducted nearly 200 interviews of chief information security officers, chief information officers, chief technology officers and other security professionals. To cover the largest number of impacted providers and patients, the research targeted mainly larger multihospital organizations (IDNs) and hospitals, with some additional input from large physician practices (75+ physicians).

Providers may access a free copy of the report (registration required) at

The College of Healthcare Information Management Executives (CHIME) is an executive organization dedicated to serving chief information officers and other senior healthcare IT leaders. With more than 2,300 CIO members and over 150 healthcare IT vendors and professional services firms, CHIME provides a highly interactive, trusted environment enabling senior professional and industry leaders to collaborate; exchange best practices; address professional development needs; and advocate the effective use of information management to improve the health and healthcare in the communities they serve. For more information, please visit

About KLAS
KLAS is a research and insights firm on a global mission to improve healthcare delivery. Working with thousands of healthcare professionals and clinicians, KLAS gathers data and insights on software, services and medical equipment to deliver timely, actionable reports and consulting services. KLAS represents the provider voice and acts as a catalyst for improving vendor performance, highlighting healthcare industry challenges and opportunities, and helping build understanding and consensus for best practices. More information at

CHIME Contact
Matthew Weinstock
[email protected]
KLAS Contact
Joshua Schneck
[email protected]