Healthcare is the industry that’s most likely to self-assess as having “very mature security,” according to a new cyber readiness report from Kroll. But it’s also one of the most-breached sectors – topping the list in 2022 and coming in second this past year.
That discrepancy can be traced to many factors – not least the fact that healthcare organizations have long been among the top targets of cybercriminals and bad actors.
But it also reflects some unique factors related to how health systems approach and assess their own cybersecurity readiness, according to the new research from the advisory firm, which looks at detection and response capabilities, threat intelligence, offensive security and other factors in healthcare.
Among the report’s other findings: Healthcare organizations need to be ready for an uptick in cyber threats where initial network access was gained through external remote services – driving a growing need for better end-point security.
Also, even as awareness and spending are both on the increase, health system C-suites should prepare for more government scrutiny and greater accountability for oversight of cyber defenses.
Closing the ‘self-diagnosis gap’
Healthcare organizations are 65% less likely to fully outsource their cybersecurity services than organizations in other sectors, Kroll researchers said in the new report, “The State of Cyber Defense: Diagnosing Cyber Threats in Healthcare.”
Their research maps out the cybersecurity threat landscape the healthcare sector currently operates in, looking at detection and response, cyber threat intelligence and offensive security.
The realities of healthcare IT’s complexities, “not to mention the extremely time-poor staff that need both maximum convenience and security from IT operations,” make it hard for the industry to protect itself, according to Devon Ackerman, Kroll’s global head of incident response and cyber risk.
“The self-diagnosis gap between healthcare’s confidence in its security and its real-world security capabilities is particularly worrying considering that a cyber