• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

Healthcare Cybersecurity Benchmarking Study 2025: Key Findings

by Fred Pennic 04/11/2025 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

What You Should Know: 

– A recent report KLAS report has shed light on the ongoing cybersecurity challenges facing the healthcare industry, emphasizing the ripple effects of breaches like the 2024 Change Healthcare incident.

– The new KLAS study, the “Healthcare Cybersecurity Benchmarking Study 2025,” has analyzed the self-reported cybersecurity practices of 69 healthcare and payer organizations, revealing both progress and persistent vulnerabilities in the industry. 

– The study was a collaborative effort involving several organizations, including KLAS Research, Censinet, the American Hospital Association, Health-ISAC, the Healthcare & Public Health Sector Coordinating Councils, and the Scottsdale Institute.

Strengthening Healthcare Cybersecurity Resiliency Through Industry Best Practices & Cybersecurity Frameworks

Conducted from September to December 2024, the study emphasizes the significant impact of events like the Change Healthcare breach, which exposed the fragility of connections within the healthcare ecosystem. The findings of the study highlight the ongoing challenges healthcare organizations face in maintaining strong cybersecurity posture. The increasing reliance on third-party vendors and the adoption of new technologies like AI introduce new vulnerabilities that must be addressed proactively. 

Here are six key findings from the report: 

1. Reactive vs. Proactive Cybersecurity: Healthcare organizations continue to prioritize reactive measures, with strong coverage in “Respond” and “Recover” functions of the NIST Cybersecurity Framework (CSF) 2.0, indicating a focus on incident response and recovery. However, proactive measures, particularly in Supply Chain Risk Management and Asset Management, remain weak.  

2. Third-Party Risk: A Major Concern: The report highlights the increasing number of third-party breaches in healthcare, emphasizing the urgent need for better Supply Chain Risk Management. Effective asset management is crucial to mitigate these risks, requiring organizations to have a comprehensive understanding of their assets, including those provided by third parties.  

3. NIST CSF 2.0 Adoption Benefits: Organizations using NIST CSF 2.0 as their primary framework reported lower increases in cybersecurity insurance premiums, demonstrating a tangible financial benefit to strong cybersecurity preparedness.  

4. HPH CPGs Analysis: Similar to the NIST CSF 2.0 findings, the study reveals that third-party risk management and asset management are areas needing improvement within the Healthcare and Public Health Cybersecurity Performance Goals (HPH CPGs).  

5. AI Risk Management: As healthcare organizations increasingly adopt AI, the study emphasizes the importance of establishing robust AI governance. Unlike traditional cybersecurity programs with strong CISO ownership, AI risk management requires a cross-departmental approach to address risks related to data bias, transparency, clinical workflows, privacy, and ethics.  

6. HICP Gaps: While healthcare organizations generally have strong email protection systems, significant gaps persist in medical device security. This aligns with the broader challenges in asset management and third-party risk management identified in the report. 

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: Cybersecurity

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

2025 EMR Software Pricing Guide

2025 EMR Software Pricing Guide

Featured Interview

Virta Health CEO: GLP-1s Didn’t Kill Weight Watchers, Its Broken Model Did

Most-Read

Lessons Learned from The Change Healthcare Cyberattack, One Year Later

Lessons Learned from The Change Healthcare Cyberattack, One Year Later

Blue Cross Blue Shield of Massachusetts Launches "CloseKnit" Virtual-First Primary Care Option

Blue Cross Blue Shield of Massachusetts Launches “CloseKnit” Virtual-First Primary Care Option

Omada Health Launches "Nutritional Intelligence" with AI Agent OmadaSpark

Omada Health Soars in NASDAQ Debut, Signaling Digital Health IPO Rebound

Medtronic to Separate Diabetes Business into New Standalone Company

Medtronic to Separate Diabetes Business into New Standalone Company

White House, IBM Partner to Fight COVID-19 Using Supercomputers

HHS Sets Pricing Targets for Trump’s EO on Most-Favored-Nation Drug Pricing

23andMe to Mine Genetic Data for Drug Discovery

Regeneron to Acquire Key 23andMe Assets for $256M, Pledges Continuity of Consumer Genome Services

CureIS Healthcare Sues Epic: Alleges Anti-Competitive Practices & Trade Secret Theft

The Evolving Role of Physician Advisors: Bridging the Gap Between Clinicians and Administrators

The Evolving Physician Advisor: From UM to Value-Based Care & AI

UnitedHealth Group Names Stephen Hemsley CEO as Andrew Witty Steps Down

UnitedHealth CEO Andrew Witty Steps Down, Stephen Hemsley Returns as CEO

Omada Health Files for IPO

Omada Health Files for IPO

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |