Healthcare continues to be a major target for threat actors, remaining one of the most breached industries, having ranked first in 2022 and second in 2023, according to Kroll data.
While the top concern for healthcare cybersecurity professionals is credential access, the Kroll Threat Intelligence team finds that the healthcare industry is consistently targeted by ransomware groups using a combination of valid credential theft and the exploitation of vulnerabilities. These and other insights are discussed in the new Kroll report, The State of Cyber Defense: Diagnosing Cyber Threats in Healthcare.
Underprepared and immature
Perceived cyber maturity overall, vs. healthcare
Drawing on data from 1,000 global cybersecurity programs, Kroll found that nearly 50% of healthcare respondents rated their overall cybersecurity posture as ‘very mature’: higher than any other sector and 16 percentage points higher than the survey average. Those in the healthcare sector are also among the most likely to believe that no improvements are needed to their security.
Threat and detection response capabilities used by healthcare
When looking at the threat detection and response capabilities, the healthcare industry is more likely to employ the more basic, or immature, processes. Many organisations only leverage the most basic security capabilities such as cybersecurity monitoring, while none of the healthcare industries surveyed had all threat and detection capabilities in place.
Credential access a key concern
Threat types of most concern
The new Kroll report reveals that healthcare organisations appear to be far more concerned by credential access threats than any other industry. While credential access was cited as the most concerning threat type by only 16% of all 1,000 respondents, making it the least concerning threat across all sectors, it was chosen by over a quarter (26%) of healthcare professionals – more than ransomware, zero-day attacks and supply chain compromise.
A key target for attackers
Most breached industries in 2022 and 2023
Kroll’s last two Data Breach Outlook reports clearly demonstrate the risk profile of the sector. Not only do healthcare organisations hold sensitive data which may be at risk of poor handling but threat actors with malicious intent may also be tempted to target and expose this type of data in order to cause disruption.
Outsourcing security
Cybersecurity services securing model
Healthcare organisations are 65% less likely to fully outsource their cybersecurity services than the average organisation (17% vs 28%). They are also more likely to do everything in-house. However, this trend may be starting to shift. 62% of all the healthcare respondents that currently manage all their cybersecurity services in-house confirmed that they have plans to outsource in the next 12 months.
Kroll has extensive global experience helping healthcare organisations to protect against, detect and respond to cyberattacks.
Our support to this vital sector includes penetration testing for web applications and network infrastructure and cloud, cyber risk assessments. It also includes vCISO engagements, 24×7 managed detection and response to nearly 100 healthcare organisations worldwide, monitoring close to 100,000 endpoints and terabytes of data across SIEM instances, and 300+ incident response engagements where healthcare organisations were involved, including ransomware, business email compromise, IP theft, and insider threat, among others. Our expertise covers breach notification, call centre services and identity monitoring for a population of 4M+ impacted by breaches in healthcare organisations.
We use cookies to analyse site traffic and optimise your browsing experience. Accepting necessary cookies is required to provide you with a minimum level of service.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
__cf_bm
1 hour
This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_ok
session
The cookie is set by Olark live chat software and is used to store most recent Olark site for security purposes.
_okdetect
session
This cookie is set by Olark live chat software. The cookie is used for detecting when storage contexts have changed due to things like ssl or host transitions.
_oklv
session
The cookie is set by Olark live chat software. According to Olark documentation, the cookie is the Olark Loader version used for improved caching.
cookielawinfo-checkbox-advertisement
1 year
Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent
1 year
CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
hblid
1 year 1 month 4 days
The cookie is set by Olark live chat software and is used as a visitor identifier to remember a visitor between visits.
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Cookie
Duration
Description
lang
session
LinkedIn sets this cookie to remember a user's language setting.
li_gc
6 months
Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc
1 day
LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory
1 month
LinkedIn sets this cookie for LinkedIn Ads ID syncing.
yt-player-headers-readable
never
The yt-player-headers-readable cookie is used by YouTube to store user preferences related to video playback and interface, enhancing the user's viewing experience.
yt-remote-cast-available
session
The yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player.
yt-remote-cast-installed
session
The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-connected-devices
never
YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id
never
YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-fast-check-period
session
The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app
session
The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name
session
The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY
never
The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Cookie
Duration
Description
_okbk
session
The cookie is set by Olark live chat software and is used to store extra state information of the chat box.
olfsk
1 year 1 month 4 days
This cookie is set by Olark live chat software. This cookies is a storage identifier used to maintain chat state across pages.
SRM_B
1 year 24 days
Used by Microsoft Advertising as a unique ID for visitors.
wcsid
session
This cookie is set by Olark live chat software. The cookie is a session identifier that is used to keep track of a single at session.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
_ce.gtld
session
Crazyegg sets this cookie to identify the top-level domain.
_clck
1 year
Microsoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID.
_clsk
1 day
Microsoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording.
_ga
1 year 1 month 4 days
Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*
1 year 1 month 4 days
Google Analytics sets this cookie to store and count page views.
_gat_UA-*
1 minute
Google Analytics sets this cookie for user behaviour tracking.
_gid
1 day
Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
AnalyticsSyncHistory
1 month
Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
cebs
session
Crazyegg sets this cookie to trace the current user session internally.
CLID
1 year
Microsoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited.
MR
7 days
This cookie, set by Bing, is used to collect user information for analytics purposes.
SM
session
Microsoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains.
vuid
1 year 1 month 4 days
Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
ANONCHK
10 minutes
The ANONCHK cookie, set by Bing, is used to store a user's session ID and verify ads' clicks on the Bing search engine. The cookie helps in reporting and personalization as well.
bcookie
1 year
LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
bscookie
1 year
LinkedIn sets this cookie to store performed actions on the website.
li_sugr
3 months
LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
MUID
1 year 24 days
Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
NID
6 months
Google sets the cookie for advertising purposes; to limit the number of times the user sees an ad, to unwanted mute ads, and to measure the effectiveness of ads.
test_cookie
15 minutes
doubleclick.net sets this cookie to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE
6 months
YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA
6 months
YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC
session
Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt.innertube::nextId
never
YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests
never
YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.