The State of Healthcare Cyber Defense | Redscan
Contact Us

Contact Us

Please get in touch using the form below

1000 characters left
View our privacy policy

Healthcare continues to be a major target for threat actors, remaining one of the most breached industries, having ranked first in 2022 and second in 2023, according to Kroll data.

While the top concern for healthcare cybersecurity professionals is credential access, the Kroll Threat Intelligence team finds that the healthcare industry is consistently targeted by ransomware groups using a combination of valid credential theft and the exploitation of vulnerabilities. These and other insights are discussed in the new Kroll report, The State of Cyber Defense: Diagnosing Cyber Threats in Healthcare.


Underprepared and immature

Perceived cyber maturity overall, vs. healthcare


Drawing on data from 1,000 global cybersecurity programs, Kroll found that nearly 50% of healthcare respondents rated their overall cybersecurity posture as ‘very mature’: higher than any other sector and 16 percentage points higher than the survey average. Those in the healthcare sector are also among the most likely to believe that no improvements are needed to their security.

Threat and detection response capabilities used by healthcare


When looking at the threat detection and response capabilities, the healthcare industry is more likely to employ the more basic, or immature, processes. Many organisations only leverage the most basic security capabilities such as cybersecurity monitoring, while none of the healthcare industries surveyed had all threat and detection capabilities in place.


Credential access a key concern

Threat types of most concern


The new Kroll report reveals that healthcare organisations appear to be far more concerned by credential access threats than any other industry. While credential access was cited as the most concerning threat type by only 16% of all 1,000 respondents, making it the least concerning threat across all sectors, it was chosen by over a quarter (26%) of healthcare professionals – more than ransomware, zero-day attacks and supply chain compromise.


A key target for attackers

Most breached industries in 2022 and 2023


Kroll’s last two Data Breach Outlook reports clearly demonstrate the risk profile of the sector. Not only do healthcare organisations hold sensitive data which may be at risk of poor handling but threat actors with malicious intent may also be tempted to target and expose this type of data in order to cause disruption.


Outsourcing security

Cybersecurity services securing model


Healthcare organisations are 65% less likely to fully outsource their cybersecurity services than the average organisation (17% vs 28%). They are also more likely to do everything in-house. However, this trend may be starting to shift. 62% of all the healthcare respondents that currently manage all their cybersecurity services in-house confirmed that they have plans to outsource in the next 12 months.

Download the report



Safeguarding the healthcare industry

Kroll has extensive global experience helping healthcare organisations to protect against, detect and respond to cyberattacks.

Our support to this vital sector includes penetration testing for web applications and network infrastructure and cloud, cyber risk assessments. It also includes vCISO engagements, 24×7 managed detection and response to nearly 100 healthcare organisations worldwide, monitoring close to 100,000 endpoints and terabytes of data across SIEM instances, and 300+ incident response engagements where healthcare organisations were involved, including ransomware, business email compromise, IP theft, and insider threat, among others. Our expertise covers breach notification, call centre services and identity monitoring for a population of 4M+ impacted by breaches in healthcare organisations.


Learn more about our cyber security solutions for healthcare