The study aims to provide benchmarks to help organizations prioritize investments and strengthen resilience against cyberattacks.
Enrollment is now open for the 2026 Healthcare Cybersecurity Benchmarking Study, an annual initiative from Censinet, the American Hospital Association (AHA), and the Scottsdale Institute designed to help healthcare organizations assess their cybersecurity posture. The study aims to provide benchmarks to help organizations prioritize investments and strengthen resilience against cyberattacks.
The program is co-sponsored by several industry groups, including Health-ISAC, the Healthcare and Public Health Sector Coordinating Council (HSCC), and The University of Texas at Austin. Participation is free and offers healthcare organizations access to enterprise assessments and peer comparisons, including NIST Cybersecurity Framework 2.0 (CSF 2.0) , HHS Healthcare & Public Health Cybersecurity Performance Goals (HPH CPGs), the NIST AI Risk Management Framework, and 405(d) Health Industry Cybersecurity Practices (HICP 2023).
“The 2026 Healthcare Cybersecurity Benchmarking Study is a vital resource for AHA members and a shared commitment to strengthening the entire health sector,” says John Riggi, national advisor for cybersecurity and risk at the American Hospital Association, in a release. “Criminal and nation state-supported bad actors are becoming increasingly aggressive, targeting third-party mission- and life-critical systems and putting patient safety in the crosshairs. Hospitals and health systems will benefit from the important and urgent actionable insights from the Benchmarking Study to harden defenses, strengthen resilience, and build the sector’s collective capacity to withstand and recover from such attacks.”
According to the organizers, anonymized data from previous studies served as a primary input for the Hospital Cyber Resiliency Initiative Landscape Analysis, a report published by the US Department of Health and Human Services in May 2023. That report helped inform the HPH CPGs, which were issued by HHS in January 2024.
“By benchmarking against recognized security practices like NIST CSF 2.0 and HICP, and integrating emerging frameworks such as the NIST AI RMF for stronger AI governance, the study delivers timely, actionable intelligence,” says Errol Weiss, chief security officer of Health-ISAC, in a release. “These insights help members adapt to evolving threats, including those accelerated by AI, and strengthen their ability to detect, respond to, and recover from incidents that could disrupt patient care.”
The study is open to a range of organizations across the health sector, including healthcare delivery organizations, payers, healthcare technology vendors, and medical device manufacturers. Organizations can enroll by contacting [email protected].
The 2025 Cybersecurity Benchmarking Study summary report can be found here.
ID 150817709 © Adam121 | Dreamstime.com
