A research report sponsored by KLAS, Censinet and the American Hospital Association based on a survey of 48 organizations found that healthcare providers are more reactive than proactive when it comes to their cybersecurity posture.
The results showed that healthcare organizations have low coverage in supply chain risk management, asset management and risk management areas.
Additionally, more than 40 percent of healthcare organizations were found to be non-compliant with response and recovery planning from third-party vendors.
"A particular challenge is that conducting testing with third-party suppliers is resource intensive, requiring coordination between both the healthcare organization and the vendor," the report said. "It also demands process management that many healthcare organizations may not yet have the maturity to provide."