Across all major industries, data breaches and other security threats are increasing in frequency and magnitude, making cybersecurity an important and unavoidable priority. The healthcare industry is especially vulnerable, and the inherent fragility of using interconnected solutions makes organizations especially susceptible to breaches. The cyberattack on Change Healthcare in early 2024 has made the threat of danger even more tangible, demonstrating how such an attack can negatively impact organizations’ finances, operations, patient data, and patient and staff safety.
While cybersecurity attacks are to some degree inevitable, healthcare organizations can also prevent breaches by utilizing cybersecurity solutions and services to create strong security programs. To help organizations in these efforts, KLAS recently published two reports focused on cybersecurity. The first, Security & Privacy Consulting/Managed Services 2024, focuses on client satisfaction with firms providing these services. The second, Cybersecurity 2025, evaluates perceptions from 70 healthcare organizations about cybersecurity priorities and challenges, as well as the solutions and services used.
Points to Know
- Firms in the security and privacy consulting and managed services markets deliver high-quality engagements, leading to very satisfied clients.
- Fortified Health Security and Clearwater are noted for their extensive consulting work, with other firms like tw-Security and Meditology Services also performing broad work for various healthcare organizations.
- Many organizations are looking to expand their use of managed services, particularly for SOC monitoring and third-party risk management, to proactively address security threats.
- The new Cybersecurity 2025 report examines how interviewed organizations are investing cybersecurity programs; top priorities include incident prevention and incident preparedness, though many feel they lack sufficient resources.
Read on to dive deeper into the data.
Security & Privacy Consulting/Managed Services 2024
KLAS measures two security and privacy services markets—consulting services and managed services. (While the recently published report discusses both markets, it mainly focuses on security and privacy consulting services.) Across both markets, firms generally deliver high-quality engagements, leading to very satisfied clients. In such high-performing markets, there are myriad choices for organizations looking to engage a firm.
To provide further differentiation, the section on security and privacy consulting services examines not only client satisfaction but also the breadth of measured firms’ consulting engagements—meaning, the average number of services used per client organization. In this regard, Fortified Health Security and Clearwater are noted for doing the broadest work per client and have validated engagements across all security and privacy consulting offerings. tw-Security, First Health Advisory, Intraprise Health, and Meditology Services are also validated for doing broad work for clients, with the first two working primarily with clinics/small hospitals and the latter two with midsize/large hospitals.
KLAS also asked interviewed organizations using consulting security and privacy services whether they are looking to begin using or expand use of managed services, and two-thirds said that they are either somewhat or very likely to do so. In particular, organizations are looking to managed services for SOC (security operations center) monitoring and third-party risk management. Respondents that are already using managed services report that their firm’s expertise helps them proactively respond to ongoing security threats.
For more insights into client satisfaction with individual firms for both consulting and managed services, please see the full report.
Cybersecurity 2025
Instead of focusing on a particular area of cybersecurity software or services, this report examined how interviewed organizations are approaching and investing in their cybersecurity programs. The cybersecurity market is very fragmented with a high number of vendors and firms, and organizations need to determine which companies can best support their cybersecurity strategies. A top priority for many respondents is incident prevention, as proactive strategies can help protect their data, devices, and other assets. One-third of interviewed organizations are also investing in incident preparedness strategies to improve recovery when breaches happen. Despite the importance of cybersecurity, the majority feel they don’t have sufficient cybersecurity resources, especially regarding staffing and budget.
In order to get the most out of their vendor or firm, many healthcare organizations look to invest in cross-industry companies (e.g., Microsoft, CrowdStrike, Cisco) with broad cybersecurity platforms or offerings that can fulfill many needs. Regarding AI, some interviewed organizations feel hopeful about its potential cybersecurity benefits, though many are wary of the inevitable threat AI poses to security.
For more information on where and how healthcare organizations are investing in cybersecurity, please see the full report. Additionally, the report includes an at-a-glance section featuring all cybersecurity vendors and firms known to KLAS.
What’s Next?
KLAS will continue to monitor the cybersecurity market and provide insights to aid healthcare organizations as they navigate the challenges of data breaches. Our next cybersecurity report—a collaboration with Censinet—will provide an update on the status of healthcare cybersecurity preparedness. Further, we encourage any organizations already using a cybersecurity solution or service to share their experiences through the KLAS survey.
© KaiTong / Adobe Stock
