Healthcare organizations across the U.S. continue to be more reactive than proactive in cybersecurity, as evidenced by their adherence to the National Institute of Standards and Technology's Cybersecurity Framework and the Health Industry Cybersecurity Practices guidance, reports HealthITSecurity. Supply chain risk management, risk management, and asset management coverage as measured under the NIST CSF was low among health providers, with more than 40% of respondents not conducting response and recovery planning efforts with third-party suppliers, according to the Healthcare Cybersecurity Benchmarking Study released by KLAS, Censinet, and the American Healthcare Association. However, healthcare providers were found to have the highest average coverage in the "Respond" area of the framework. Meanwhile, only a little over 50% average coverage was observed for medical device security under HICP guidelines. "Almost all responding organizations ensure medical devices are wiped of all data when decommissioned. However, when such configuration is supported by the manufacturer, less than two-thirds configure medical devices to allow only known processes and executables to run on medical devices, and most of these organizations report doing this for only some devices," said the report.