Healthcare Industry Faces Cybersecurity Mismatch, According to Kroll's Latest Report

Kroll, a global leader in risk and financial advisory solutions, has unveiled findings from its recent "State of Cyber Defense: Diagnosing Cyber Threats in Healthcare" report. This study highlights a significant disparity between perceived and actual cybersecurity maturity within the healthcare sector. The report finds that while nearly half of the healthcare businesses surveyed consider their cybersecurity processes to be "very mature," in reality, only 3% possess truly mature cyber processes.

The survey, involving 1,000 global senior IT security decision-makers, reveals that 26% of healthcare organizations are operating with low cyber maturity, despite their high confidence levels. Basic security measures like cybersecurity monitoring are the only defense for 28% of these organizations. Notably, none of the respondents had implemented a complete set of recommended threat detection and prevention capabilities, underscoring a critical vulnerability.

Healthcare continues to be a prime target for cyberattacks, with Kroll's threat intelligence indicating it as one of the most attacked industries. Historical data corroborates this, with healthcare topping the list of most breached industries in 2022 and coming in second in 2023. These breaches are facilitated by common cyber threats like phishing links, which were responsible for a third of the infiltration incidents, and prevalent issues such as email compromise and ransomware.

Interestingly, the report also discusses the healthcare industry's reluctance to outsource cybersecurity. Healthcare entities are 65% less likely to outsource their cybersecurity services compared to other sectors. However, there is a shift in this trend, with 62% of those managing cybersecurity in-house planning to outsource within the next year. This move could potentially bridge the gap between their perceived security readiness and the actual capabilities.

Devon Ackerman, Global Head of Incident Response, Cyber Risk at Kroll, emphasized the dire consequences of this gap, noting that cybersecurity incidents could severely disrupt hospital operations and endanger patient care. He advocates for leveraging external cybersecurity expertise, which could offer a more robust defense against the evolving threat landscape.

The findings underscore the need for the healthcare industry to reassess its cybersecurity posture seriously and consider external solutions to enhance its defenses against increasingly sophisticated cyber threats.