KLAS: Top Healthcare Security, Privacy Consulting Firms

July 01, 2021 - In a new KLAS report, researchers aimed to separate perceptions from reality by determining what makes a healthcare security and privacy consulting firm a true partner. Researchers spoke to over 70 healthcare security and IT leaders to decipher how perceptions differ from client experiences and how the COVID-19 pandemic has impacted security programs.

Meditology Services, CynergisTek, and Clearwater are the most likely security and privacy consulting firms to be seen as true partners by healthcare organizations, the report found.

Midsize and large organizations appreciated the expertise, staff, and response times of Meditology Services, while smaller organizations were more likely to find a partnership in Clearwater. CynergisTek clients were mostly from large organizations and valued the firm’s broader areas of expertise outside of healthcare.

Most leaders considered expertise, firm responsiveness, and quality of consultants as top reasons for considering the firms true partners. Meanwhile, project flexibility, monetary value, and quality of work were low on the list of priorities.

KLAS asked the security leaders to share their perceptions of ten security and privacy consulting firms, and whether they would engage each firm’s services in the future. Next, they compared the perceptions with actual client feedback. They found that “In general, healthcare-focused firms are viewed as offering stronger security services than cross-industry firms.”

While Impact Advisors received high satisfaction rates from current clients, most surveyed security leaders said they would not engage their services, most likely because they are not as well-known as other firms.

Meanwhile, Meditology Services had an extremely positive reputation among the security leaders, which contrasted with low ratings from some existing clients. Despite historically high satisfaction rates in the past, the report stated that some clients felt that “Meditology is more concerned with profit than project quality or client relationships.”

Firms such as Deloitte, PwC, and EY were the least likely to be engaged by healthcare organizations, mostly because they are cross-industry firms and do not focus on healthcare alone.

KLAS found that COVID-19 was not a significant factor in security challenges, and most healthcare organizations were able to use pre-existing structures to transition to remote work when necessary. For the organizations without prepared security policies in place, the beginning of the pandemic was more challenging

Additionally, most organizations did not see notable changes in their security budgets. Smaller healthcare organizations reported increased budgets, while larger organizations decreased security budgets to offset pandemic-related financial losses.

Some leaders pointed out that “security spending is not optional and is now simply a cost of doing business given that ransomware attacks and data breaches continue to increase.”

As the industry continues to face ransomware attacks, healthcare organizations are more likely to lean on security and privacy consulting firms to guide them in assessing risk and implementing safeguards.

Another recent report found that 63 percent of healthcare organizations that were not impacted by ransomware last year expect to be a target in the future. In 2020 alone, 560 healthcare providers were victims of a ransomware attack.