The state of cyber defense in healthcare: Kroll summary

The State of Cyber Defense by Kroll, a leader in financial and risk advisory, maps out the current cybersecurity threat landscape in the healthcare sector. It provides a holistic overview of the sector, including insights from threat intelligence, data breach statistics, offensive security considerations, and insight into the maturity of healthcare organizations’ cybersecurity programs.

Perceived cyber maturity vs. reality

Kroll’s research shows the disconnect between how healthcare organizations perceive their cybersecurity maturity and their actual capabilities. According to their State of Cyber Defense: Detection and Response Maturity Model, nearly 50% of healthcare respondents rated their overall cybersecurity as "very mature" – a figure that is higher than any other industry and 16 percentage points above the survey average.

This self-diagnosis gap is particularly troubling in the healthcare sector, where overconfidence in security capabilities can lead to inadequate security solution provisioning, inaccurate risk assessments, and the potential for catastrophic consequences in the event of a successful attack. Furthermore, healthcare organizations are among the most likely to believe that absolutely zero improvements are needed to their security, further exacerbating the problem.

Read more: Your cybersecurity strategy is probably lacking 

The need for more mature capabilities

When examining the specific threat detection and response capabilities employed by healthcare organizations, the research reveals that the industry is more inclined to rely on the most basic, or immature, security processes, such as cybersecurity monitoring. None of the healthcare organizations surveyed had all the necessary threat and detection capabilities in place, shedding light on the urgent need for more advanced and comprehensive security measures.

The biggest concerns

Another finding from Kroll’s research is the healthcare industry's heightened concern over credential access threats. While credential access was cited as the least concerning threat type across all sectors, with only 16% of respondents identifying it as a top concern, it was chosen by more than a quarter (26%) of healthcare professionals – surpassing even ransomware, zero-day attacks, and supply chain compromise.

This laser focus on credential access threats reflects the industry's recognition of the role that privileged accounts and user credentials play in the overall security posture. Threat actors often use stolen or compromised credentials to infiltrate healthcare networks, making this a primary area of concern for cybersecurity professionals in the sector.

Related: How credential stuffing influences healthcare

The relentless targeting of the healthcare sector

Kroll's Cyber Threat Intelligence team observed the healthcare industry is consistently targeted by ransomware groups, who often employ a combination of valid credentials theft and the exploitation of vulnerabilities to gain initial access. This trend is further corroborated by Data Breach Outlook reports, which have consistently ranked the healthcare sector among the most breached industries, with it holding the top spot in 2022 and the second position in 2023.

The healthcare industry's vulnerability stems from the sensitivity of the data it handles, as well as the potential for threat actors to cause major disruption by targeting healthcare infrastructure. As the sector continues to grapple with these persistent threats, the need for a detailed and proactive cybersecurity strategy has never been more pressing.

The outsourcing dilemma

One aspect of the healthcare industry's cybersecurity area is its reluctance to fully outsource its security services. The research revealed that healthcare organizations are 65% less likely to outsource their cybersecurity functions than the average organization, with a greater tendency to manage everything in-house.

However, this trend may be starting to shift, as 62% of healthcare respondents who currently manage their cybersecurity services internally have confirmed plans to outsource in the next 12 months. This potential shift towards a more balanced approach, using both in-house and outsourced capabilities, could be a beneficial step in addressing the industry's cybersecurity challenges.

Overcoming the challenges

A strategic approach is needed to overcome the discrepancies between perceived and actual cybersecurity maturity and the other challenges facing the healthcare sector. This includes:

Bridging the maturity gap

Healthcare organizations must examine their security capabilities, objectively assess their strengths and weaknesses, and develop a roadmap to address the gaps. This may involve seeking external guidance, using maturity frameworks, and implementing monitoring and incident response processes.

Prioritizing credential access threats

Given the industry's heightened concerns around credential access, healthcare organizations should make this a top priority in their cybersecurity strategy. This may involve implementing identity and access management controls, enhancing user awareness and training, and deploying advanced threat detection and response capabilities.

Embracing a balanced cybersecurity model

As healthcare organizations consider the merits of outsourcing, a balanced approach that combines in-house expertise with external support can be highly beneficial. This hybrid model allows organizations to use cybersecurity service providers' specialized skills and resources while maintaining a strong internal security team.

Leveraging threat intelligence and offensive security

Healthcare organizations can better understand and mitigate the changing cyber risks they face, by staying abreast of the latest threat trends and tactics through threat intelligence, and by proactively testing their defenses through penetration testing and red team exercises.

In the news

A new report from Software Advice, a business software review service, recently released some surprising information regarding healthcare data. The company conducted an online survey of 296 respondents working in healthcare organizations. It excluded organizations that outsource 100% of their IT management or cybersecurity. 

Collectively, the report determined that 87% of healthcare data is now stored digitally. While that’s not surprising, the bigger question is regarding its safety–especially as massive data breaches continue to be reported regularly.

The report found nearly half (42%) of the medical practices surveyed have experienced a ransomware attack at some point. 48% of those attacks directly impacted patient data. 27% of attacks directly impacted patient care, meaning they led to diversions, delays, or downtime. 

Considering the serious nature of medical care, these issues can have lasting impacts on patients and the communities served. The report added, “For most businesses, downtime resulting from a cyberattack impacts production, profits, and even reputation–but when systems go down at a healthcare facility, medical records become inaccessible, devices malfunction, and critical procedures are delayed.” 

See more: New report reveals 87% of medical data is digital, but may not be secure 

FAQs

What is cybersecurity in healthcare?

Cybersecurity in healthcare involves the protection of electronic information and assets from unauthorized access, use, and disclosure.  

What are the policies of cybersecurity?

Cybersecurity policies focus on defining and protecting confidential data, ensuring secure data transfer through encryption and access controls, and establishing clear reporting mechanisms for scams, privacy breaches, and security threats to ensure timely response and resolution. 

How can individuals and organizations protect themselves from cyberattacks?

• Strong passwords: Use complex and unique passwords for different accounts.
• Security software: Install and regularly update antivirus and antimalware software.
• Employee training: Educate employees about cybersecurity best practices.
• Regular backups: Regularly back up necessary data to a secure location.
  
  

How do cyber attacks impact healthcare operations and patient care?

• On average, cyberattacks take healthcare organizations offline for six hours, with smaller hospitals commonly being offline for 9 hours or more.
  
  

What are the consequences of cyberattacks on healthcare organizations?

• 20% of hospitals that experienced a cyberattack reported an increase in patient mortality.
• 90% of healthcare organizations reported a loss in revenue after a cyberattack.
• 95% of identity theft happens because of stolen healthcare records.

See also: HIPAA Compliant Email: The Definitive Guide