Wed, Apr 17, 2024

The State of Cyber Defense: Diagnosing Cyber Threats in Healthcare

The State of Cyber Defense healthcare edition provides a holistic overview of the healthcare sector including insights from threat intelligence, data breach statistics, offensive security considerations and insight into the maturity of healthcare organizations’ cybersecurity programs.
Download the Report

The State of Cyber Defense: Diagnosing Cyber Threats in Healthcare maps out the cybersecurity threat landscape the healthcare sector currently operates in, looking at three key areas: 

Detection and Response
Cyber Threat Intelligence
Offensive Security (OffSec)

The cyber maturity of healthcare organization’s detection and response capabilities using data analyzed from 1,000 global cybersecurity programs.

Using Kroll’s frontline threat intelligence from over 3,000 incidents a year, this report details the threats the healthcare sector is facing, and how threat actors are infiltrating their networks.

Kroll experts detail the key considerations for the healthcare sector based on pen testing their networks, including how hackers are able to find vulnerabilities and what the industry can do to protect itself.

The Healthcare Sector is Underprepared

Perceived Cyber Maturity Overall, vs. Healthcare
Perceived Cyber Maturity Overall, vs. Healthcare

Kroll discovered in the State of Cyber Defense: Detection and Response Maturity Model that there is a worrying disconnect in how mature organizations believe they are, and how mature they are in reality.

This self-diagnosis gap is heightened in healthcare organizations and their confidence in their security and real-world security capabilities which can lead to inadequate security solution provisioning, inaccurate risk assessments, and the impact of an attack can have far-reaching consequences.

Nearly 50% of healthcare respondents rated their overall cybersecurity as ‘very mature’, more than any other sector and 16 percentage points higher than the survey average.

Those in the healthcare sector are also among the most likely to believe that absolutely zero improvements are needed to their security.

Healthcare Organizations Need More Mature Capabilities

Threat and Detection Response Capabilities Used by Healthcare
Threat and Detection Response Capabilities Used by Healthcare
When looking at the threat detection and response capabilities, the healthcare industry is more likely to employ the more basic, or immature, processes. Indeed, many only employ the most basic security capabilities such as cybersecurity monitoring, and none of the healthcare industries surveyed had all threat and detection capabilities in place.

The Biggest Concerns for the Healthcare Industry

Three Types of Most Concern
Threat Types of Most Concern

Healthcare organizations appear to be far more concerned by credential access threats than any other industry. Credential access was cited as most concerning threat type by only 16% of all 1,000 respondents, making it the least concerning threat across all sectors. However, it was chosen by more than a quarter (26%) of healthcare professionals – more than ransomware, zero-day attacks and supply chain compromise.

The Threats the Healthcare Industry Faces

Kroll’s Cyber Threat Intelligence team has seen the healthcare industry consistently targeted by ransomware groups using a combination of valid credentials theft and exploiting vulnerabilities.

Most Common Threat Incident Type Targeting the Healthcare Industry in 2023

Most Common Threat Incident Type Targeting the Healthcare Industry in 2023

Most Common Initial Access Method for the Healthcare Industry in 2023

Most Common Initial Access Method for the Healthcare Industry in 2023

The Healthcare Sector is a Consistently Popular Target

Most Breached Industries in 2022 and 2023
Most Breached Industries in 2022 and 2023

Kroll’s last two Data Breach Outlook reports clearly demonstrate the vulnerability of the sector. Not only does it hold sensitive data which may be at risk of poor handling but threat actors with malicious intent may also be tempted to target and expose such data to cause disruption.

Is Outsourcing the Answer?

The State of Cyber Defense: Diagnosing Cyber Threats in Healthcare
Cybersecurity Services Securing Model

Healthcare organizations are 65% less likely to fully outsource their cybersecurity services than the average organization (17% vs 28%). They are also more likely to do everything in-house.

However, this trend may be starting to shift. 62% of all the healthcare respondents that currently manage all their cybersecurity services in house confirmed that they have plans to outsource in the next 12 months.

Much, Much More In the Report

Download the Report

We will use this information to respond to your inquiry and process your data in accordance with our privacy policy.

The full report also covers: 

  • How to overcome challenges stemming from discrepancies between perceived and actual maturity 
  • Further insights into the cyber maturity of healthcare organizations 
  • What the healthcare sector needs to prioritize in its cybersecurity strategy 
  • The levels of engagement within the industry post data breach
  • Key considerations learnt from Kroll’s cyber penetration experts
  • How regulation and legacy systems are affecting the healthcare industry’s ability to protect itself 
  • How organizations can begin to progress their detection and response maturity

For access to the full results, complete the form to download the report. 


Kroll Responder MDR

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.

Cyber Risk Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.


Penetration Testing Services

Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.

Red Team Security Services

Red team security services from Kroll go beyond traditional penetration testing, leveraging our frontline threat intelligence and the adversarial mindset used by threat actors to push the limits of your information security controls.

Ransomware Preparedness Assessment

Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.


Cyber Threat Intelligence

Threat intelligence are fueled by frontline incident response intel and elite analysts to effectively hunt and respond to threats.