Small Providers Still Struggling with Cybersecurity, Risk Management

Small healthcare organizations are less likely to use cybersecurity policies than their larger counterparts, such as failing to hire a dedicated chief information security officer, according to a new report from CHIME and KLAS. Released on Friday, the white paper assesses the current state of healthcare organization’s cybersecurity best practices. CHIME and KLAS researchers analyzed responses from more than 600 providers that participated in the 2018 Healthcare’s Most Wired survey. One of the biggest findings is that larger organizations have a better grasp on their cybersecurity practices, with more sophisticated and more frequent vulnerability scanning and application testing. On the other hand, small providers instead lean on penetration testing to test for vulnerabilities. Small providers were also less likely to use cybersecurity policies like a dedicated CISO, board-level committees, and governance. They're also failing to leverage risk management, compliance committees, and bring-your-own device management.