On April 10, 2019, CynergisTek, Inc. released its annual report, “Measuring Progress: Expanding the Horizon.” According to CynergisTek’s press release, “The 2019 report provides a sobering analysis of how healthcare provider organizations measured against the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) and the Health Insurance Portability and Accountability Act (HIPAA) Security and Privacy Rules, which outlines best practices for healthcare organizations to adopt to manage cybersecurity risks.”
CynergisTek’s 2019 report, which “aggregates ratings from privacy and security assessments performed in 2018 at nearly 600 healthcare provider organizations and business associates across the nation,” finds that “an average 47% conformance with NIST CSF controls and an average 72% conformance with the HIPAA Security Rule.”
Other findings include:
The most common gaps among third-party vendors included risk assessment, access management, and governance.
In terms of the Five Core Functions, there was a surprising .4% decline in Awareness and Training this year.