Close this search box.

Managing Healthcare Risk in a Networked World

Independently conducted by Ponemon Institute LLC  |  Sponsored by Michigan Healthcare Cybersecurity Council

Purpose and Approach

The purpose of this Study is two-fold: to more fully understand how leaders in Michigan-based healthcare view and address cybersecurity risks within their own organizations, and to help reduce risk and secure patient and business data, by recognizing and acting to resolve gaps or weaknesses in awareness, training, policies and investment.

The Study combines the science-backed data produced from an independent survey aligned with broad MiHCC program objectives, as noted in the table below.

The research survey was conducted in two phases. The first phase surveyed leaders in Michigan healthcare organizations to validate the survey instrument. The second phase surveyed 219 individuals from Michigan healthcare provider organizations. Survey results indicated that all respondents were familiar with their organizations’ efforts to reduce cybersecurity risk. Participants in the research had an average of 16 years of relevant experience in the healthcare industry.

Survey Attributes
Program Objectives
Understand the level of awareness Healthcare Community leaders have of their organizations’ cybersecurity environment.
Educate and inform Healthcare Community leaders on the value of evidence-based self-awareness and also when it may be appropriate to seek independent external advice or assessment.
Understand current cybersecurity budget levels, prioritization, and gaps/vulnerabilities.
Optimize use of cybersecurity budgets by identifying, prioritizing, and better communicating cybersecurity gaps and vulnerabilities that impact key mission goals and objectives.
Understand the current level of coordination on security issues.
Drive a “collective security” dialogue and mindset, where appropriate, to strengthen patient safety, privacy and outcomes, while protecting business brands, market position, and business opportunities.
Understand current awareness of cyber risks and potential impacts.
Improve communication (translation) of cyber risks and potential impacts to both business operations AND patient care, to non-technical business leaders.
Understand current awareness of strategic objectives.
Improve communication (translation) of strategic business AND patient care objectives to technical business leaders and their staff.