Health care providers had significantly lower security ratings between 2014 and 2016, but similar ratings between 2017 and 2019, compared with Fortune 1000 firms, reports Healthcare IT News. "The reduction in the gap in security rating suggests that healthcare providers are catching up to the general cybersecurity performance of large, publicly traded firms," wrote researchers in the Journal of the American Medical Informatics. However, researchers found that health care continued to be more vulnerable to malware, botnet and spam attacks. Meanwhile, hospitals that had low security ratings had significant odds of experiencing data breaches. "Hospital executives should work to reduce risks related to both technical security controls such as updated software and security applications, along with human vulnerabilities that can be addressed through enhanced training and overall security culture," researchers said. Researchers called on hospital leaders to continuously conduct risk assessments to bolster their organizations' protections. "Policy makers should monitor the risk to the healthcare sector and provide incentives for hospitals to invest in risk management and overall information security," said researchers.