Always enjoy reading the HIMSS Healthcare Cybersecurity Survey ... it is still showing improvement from prior years, but significant progress on end-to-end SRAs still needed. Thought others on here would find interest in the numbers and full report:
https://www.himss.org/sites/hde/files/media/file/2020/11/16/2020_himss_cybersecurity_survey_final.pdf
From report:
"Only fifty percent (N=84) of respondents report that their organizations are conducting end-to-end (i.e., comprehensive) security risk assessments. This number has grown over the past few years. Previously, the numbers were thirty-seven percent of respondents according to the 2019 HIMSS Cybersecurity Survey and twenty-six percent of respondents according to the 2018 HIMSS Cybersecurity Survey.
While some progress is good, this is still an alarming trend. Simply put, respondents that are not doing end-to-end security risk assessments have a haphazard approach. Additionally, accurate and thorough security risk assessments are required by HIPAA. Robust cybersecurity however, goes above and beyond what HIPAA requires. Compliance often achieves the bare minimum. A healthcare organization that complies with HIPAA is not necessarily protected from being breached or infiltrated. Robust cybersecurity is vitally important for the safety and well-being of patients and the normal operations of healthcare organizations."------------------------------
A. Andrews Dean, CPHIMS, CHPS, CHDA, CPPM, CPC
Health IT Regulatory Affairs & Healthcare Compliance Consultant
------------------------------