New Report Reveals 76% of Healthcare Systems Failed in Securing Their Supply Chains
July 28 2021 - 9:00AM
Business Wire
CynergisTek’s Annual Report Unveils Cracks in
Healthcare Systems’ Cybersecurity; Organizations Barely Passed on
Basic Cybersecurity
CynergisTek, (NYSE American: CTEK), a leading cybersecurity firm
helping more than 1,000 hospitals navigate emerging security and
privacy issues, released its fourth annual report, “Maturity
Paradox: New World, New Threats, New Focus,” which revealed that
most hospitals critically lack the ability to secure their supply
chain systems.
In this report, CynergisTek reviewed just under 100 assessments
of healthcare providers across the continuum, including hospitals,
physician practices, Accountable Care Organizations (ACOs), and
Business Associates. These assessments measure organizations’
security posture against the National Institute of Standards and
Technology’s Cybersecurity Framework (NIST CSF), a standardized
framework first published in 2014 intended to help protect American
critical infrastructure.
Assessments were categorized into two cohorts: high performers
with NIST conformance scores over 80% and low performers with
conformance scores under 80%. CynergisTek’s 2021 report focuses on
the industry’s overall status in cybersecurity preparedness, with
64% of organizations below 80% conformance. The report identified
several areas for continued improvement in planning and
preparedness, especially seeing as only 75% improved during the
coronavirus pandemic – even then only slightly. While that is
progress, it isn’t the progress the industry needs to shore up
defenses. Investing in security, in the long run, is often
ultimately more cost effective than paying the recent exorbitant
ransoms.
“The past year has been arguably the most trying on the U.S. and
global healthcare systems. We saw cybercriminals attack hospitals
and healthcare institutions when they were at their most vulnerable
– the industry made it through, granted with some bumps and
bruises,” said David Finn, EVP at CynergisTek. “It is the
responsibility now – of stakeholders, C-suite, IT managers, and
anyone involved in protecting our healthcare system – to ensure
that patient care remains resilient even in an environment with
growing cyberattacks. The report demonstrates there is work to be
done, but there are also immediate opportunities to shore up risk
management practices.”
Supply Chain Proves Biggest Health System Weakness
Overall, Supply Chain Management was the second lowest-scoring
and least mature category assessed. Even among high-performing
organizations that have significantly improved over the past four
years, scores averaged 2.7 out of 5, reflecting a universal
challenge that companies face in identifying and addressing risks
across their supply chains. With an acceptable score above a 3,
only 23% of organizations passed on supply chain security – and
barely – not even high performers achieved above a 3.
In particular, CynergisTek found that organizations struggle to
validate whether third-party partners are meeting contractual
security obligations. Given recent attacks on these critical third
parties and suppliers – ranging from SolarWinds to Microsoft
Exchange – and given the decentralized nature of global supply
chains, it is imperative for organizations to dedicate time and
resources to supply chain security before risks expand
exponentially.
You need to look no further than the U.S. Department of Defense
(DoD) for where the industry may head next from here. The DoD has
mandated, through the Cybersecurity Maturity Model Certification
(CMMC), that its suppliers demonstrate a minimum level of cyber
hygiene standards. In fact, CynergisTek’s Redspin subsidiary was
the first organization that received approval to perform audit work
to determine the cyber readiness level of contractors before they
do business with the DoD. This standard is likely to soon be
implemented across other industries, as well.
“It's clear that this is not the right time to cut back on
cybersecurity, and that smart spending will be necessary to secure
organizations against a rising tide of ransomware threats against
critical infrastructure generally, and healthcare specifically. As
we ride out the remainder of 2021, it's within your power to ensure
that the economic impacts of the digital transformation on your
organization are net positive – assuming you make the right,
proactive decisions to protect your assets, patients, and
environment now,” added Finn.
Treat Security as a Journey, Not a Destination
Cybersecurity preparedness is a long-term initiative that
requires consistent attention and proactive action to match the
latest threats. Given current trends, as well as data revealed in
CynergisTek’s 2021 report, healthcare organizations need to focus
on the following:
- Perform exercises and drills at the enterprise level,
testing all components of the business. To have an effective
response when the “boom” happens, do what the military does:
Practice, on a large scale, and then build out a playbook and
continue to iterate as needed.
- Prioritize securing the supply chain. As Cybersecurity
and Infrastructure Security Agency (CISA) puts it, the “supply
chain is only as strong as its weakest link.” As demonstrated in
this year’s findings, supply chains present a potential
vulnerability with wide-ranging and unpredictable impact. Security
leaders need to assess current investments and devise a plan of
action that aims to rapidly remediate this major vulnerability.
That should include, minimally, a risk-based assessment of critical
third-party vendors based on access, data they hold or access and
services they provide.
- The key words are ‘automate’ and ‘validate.’ Automating
security functions and validating technical controls for people and
processes are foundational in any solid security. Security
automation can detect, investigate, and even remediate cyber events
and threats in near-real-time, so it is crucial to focus on
automation that can be manually diagrammed. Then, adopt that
automation gradually and roll out training to effectively leverage
the tools so the right people can follow the appropriate
procedures.
- Double down on organizational awareness and training:
People are an organization’s first and last line of defense, and
despite the industry’s overall year-over-year improvement in
cybersecurity posture, awareness and training remain an alarmingly
unaddressed portion of companies’ strategies. CynergisTek’s 2021
report found that half of organizations are not training and
informing end users regarding security on an ongoing basis. This
trend is pervasive both within and outside of organizations.
CynergisTek found a critical lack of education and understanding
among C-Suite executives and board members, who have unique
obligations and fiduciary responsibilities. Consistent with this
year’s findings regarding the overall vulnerability of the supply
chain, CynergisTek also found that many third-party vendors and
partners lack training and understanding of their role in
cybersecurity preparedness.
About CynergisTek
CynergisTek is a top-ranked cybersecurity consulting firm
helping organizations in highly regulated industries, including
those in healthcare, government, and finance, navigate emerging
security and privacy issues. CynergisTek combines intelligence,
expertise, and a distinct methodology to validate a company’s
security posture and ensure the team is rehearsed, prepared, and
resilient against threats. Since 2004, CynergisTek has been
dedicated to hiring and retaining experts who bring real-life
experience and hold advanced certifications to support and educate
the industry by contributing to relevant industry associations. For
more information, visit www.cynergistek.com or follow us on Twitter
or Linkedin.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20210728005597/en/
CynergisTek Investor Relations Contact: CynergisTek, Inc.
Paul Anthony (512) 402-8550 x8
InvestorRelations@cynergistek.com
CynergisTek Media Contact: Allison + Partners Jaime Tero
415-755-8639 jaime.tero@allisonpr.com
CynergisTek (AMEX:CTEK)
Historical Stock Chart
From Mar 2024 to Apr 2024
CynergisTek (AMEX:CTEK)
Historical Stock Chart
From Apr 2023 to Apr 2024