By Chris Miller, Assistant Editor, Facility Market

Cybersecurity seems to still be an issue for many healthcare systems across the country, if the results of a new report are any indication.

A new CynergisTek report found that most hospitals critically lack the ability to secure their supply chain systems, according to Health IT Security. CynergisTek examined about 100 different healthcare providers, including hospitals, physician practices, and accountable care organizations. The examination measured an organization’s security strength against the National Institute of Standards and Technology’s Cybersecurity Framework.

About 23 percent of organizations passed on supply chain security, according to the report. Regarding cyber attacks, CynergisTek noted that the past year has been one of the toughest on U.S and global healthcare systems. It also noted that healthcare organizations should focus on several primary methods to strengthen cybersecurity.

The first method revolves around practicing exercises and drills. Facilities need to periodically test their own systems to make sure they can stand up to cyberattacks.

Second, facilities need to secure their supply chains by assessing whether third-party vendors are meeting contractual security requirements. A risk-based assessment of critical third-party vendors should be done based on access, data they hold or access and services they provide.

Third, facilities should concentrate on automating and validating security functions and technical controls. Good automation can act as a remedy to cyber attacks in near-real-time.

The fourth method is to improve awareness and training in the entire health organization. The report found that one-half of the organizations assessed were not training employees on an ongoing basis.