SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
Email Security
#
IT in Healthcare
Healthcare sector's cybersecurity confidence misplaced, warns Kroll report
Tue, 23rd Apr 2024
Author image
By Catherine Knowles, Journalist
Follow us

The healthcare sector is found to be one of most targeted industries for cyber attacks, according to a new report by Kroll, a global provider of risk and financial advisory solutions.

Despite over a quarter (26%) of businesses within the sector having immature cybersecurity processes, nearly half believe their processes are 'very mature'. The State of Cyber Defense: Diagnosing Cyber Threats in Healthcare report highlights an industry-wide 'self-diagnosis' gap, with an evident disconnection between perceived cyber-security maturity and reality.

This ambiguity is coupled with an above-average confidence exhibited by healthcare organisations in their security capabilities. The majority (3%) of respondents exhibited trust in their organisation's ability to defend against most cyber attacks, despite evidence of lacklustre cybersecurity efforts. Meanwhile, data shows that the healthcare sector ranked as the most breached industry in 2022 and the second most breached in 2023.

Further insights from the report reveal that 28% of surveyed healthcare organisations possess only rudimentary security capabilities, such as cybersecurity monitoring, with none having all suggested threat and detection functionalities in place. These inadequate measures make the industry particularly susceptible to data breaches. Despite the demand for sophisticated cybersecurity measures, it appears that healthcare organisations are 65% less likely to fully outsource their cybersecurity services compared to other organisations.

Devon Ackerman, Global Head of Incident Response, Cyber Risk at Kroll, suggests that reliance on an external third-party provider could potentially close this self-diagnosis gap, which could result in improved security resilience. Devon emphasised the concerning lack of real-world cybersecurity capabilities in the face of high confidence: "This is particularly worrying considering that a cyber incident could disrupt hospital operations and have devastating outcomes for patient care and treatment, even putting human lives at risk."

Despite the current internal handling of cybersecurity services in healthcare, the research found 62% of healthcare respondents who currently manage all their cybersecurity services in-house revealed plans to outsource in the next 12 months. The top-rated cybersecurity concerns among healthcare companies were credential access, email compromise and ransomware, with phishing links being a common infiltration method into healthcare networks.

The report is a combination of data from 1,000 global senior IT security decision-makers and Kroll's front-line threat intelligence. It is a testament to the urgent need for the healthcare sector to reassess its cybersecurity approach in light of increasing cyber threats and breaches, the company states.

Related stories
CrowdStrike & TCS unite for AI-driven cybersecurity revolution
Qualys launches MSSP Portal to streamline partner management in cybersecurity
Businesses weigh up transition from best-of-breed to platform security
Halcyon introduces Ransomware Warranty Program for enhanced protection
Senetas lands record-breaking Middle Eastern encryption hardware order
Top stories
Resilience named as National Cyber Resilience Centre Group Ambassador
Cybersixgill launches third-party module to tackle cybersecurity risks
Absolute Security to reveal next-gen cyber resilience at RSA Conference 2024
Teradata expands Strategic Collaboration Agreement with AWS
New Relic integrates with Atlassian for innovative engineering solutions