Health

Kroll report says the healthcare industry remains ill-prepared to deal with the scope of cyber threats

Photo of news7g news7g2 weeks ago
3 4 minutes read
Kroll report says the healthcare industry remains ill-prepared to deal with the scope of cyber threats



Healthcare is the industry most likely to rate itself as having “very mature security,” according to a new cyber readiness report from Kroll. But it is also one of the most breached sectors – topping the list in 2022 and second last year.

That difference can be traced to many factors – not least the fact that healthcare organizations have long been among the top targets of cybercriminals and bad actors.

But it also reflects some unique factors related to how health systems approach and assess their own cybersecurity readiness, according to new research from the consulting firm, which looks at the possibility detection and response capabilities, threat intelligence, offensive security and other elements of healthcare.

Among the report’s other findings: Healthcare organizations need to be ready to respond to the rise in cyber threats where initial network access is gained through external remote services. out – driving growing demand for better endpoint security.

Additionally, even as awareness and spending both increase, health system C-suites should prepare for closer government oversight and greater accountability in overseeing measures network defense.

Closing the ‘self-diagnosis gap’

Kroll researchers say in the new report, “The State of Cyber ​​Defense: Diagnosing Cyber ​​Threats in Healthcare,” that healthcare organizations are likely to completely outsource their operations. Their cybersecurity services are 65% lower than organizations in other sectors.

Their research outlines the cybersecurity threat landscape in which the healthcare industry currently operates, looking at detection and response capabilities, cyber threat intelligence, and offensive security.

According to Devon Ackerman, Kroll’s head of global incident response, the reality of the complexity of healthcare IT, “not to mention the extremely time-strapped staff that needs both convenience and maximum security from IT operations” makes it difficult for the industry to protect itself. and cyber risks.

“The self-diagnostic gap between a healthcare agency’s confidence in its security and its real-world security is especially worrying when a cyber incident can disrupt hospital operations and cause serious consequences for patient care and treatment, even putting human lives in danger,” he said. said in a statement accompanying the new report.

The independent survey of senior IT security decision-makers globally, combined with Kroll’s data from handling 3,000 cyber incidents annually for the report, found that more than a quarter of Healthcare respondents – 26% – have incomplete cybersecurity processes, while nearly 50% believe their processes are “very mature.”

Despite this level of confidence, only 3% of healthcare organizations surveyed had mature network processes, the researchers said.

Remote access a weakness

Previously, Kroll said that the fourth quarter of 2023 sets the stage for a challenging 2024, requiring companies across sectors to adopt a consistent approach to enhancing their security and preparing for known threats as well as emerging threats.

According to the Q4 analysis, Kroll believes that remote access is a vulnerable path. Ransomware groups increasingly gain initial access through external remote services, while other threats, such as information-stealing malware and business email compromises, are on the rise. increase.

The company said the environment is being challenged by organizations offering remote and hybrid work and being complacent about security. They need to think beyond central cybersecurity, researchers say, requiring ever more robust defenses “at the perimeter level.”

Kroll also noted in its 2024 data breach outlook report, released in February, that the financial sector surpassed healthcare as the most breached industry last year, health showed a year-over-year increase in both the number of post-violation inquiries (14%) and the number. credit or identity monitoring was performed (99%).

Interestingly, the number of breaches in the insurance sector fell even lower in the top 10 most breached industries with breaches down 81% compared to 2022, while the technology sector saw a YoY increase of 40%.

Kroll announced last month that it had appointed Dave Burg, formerly a cyber executive at global firm EY in the US and a cyber veteran of PwC, as its global head of risk network to monitor and extend threat lifecycle management capabilities.

C-Suite oversight and accountability

Also in February, Kroll announced 10 trends for 2024 across industries. Top trends focus on the increasingly complex cyber threat landscape, the continued divergence of public and private market economies, and the growing use of AI and compliance risks. the superiority it will bring.

The company said an interesting lesson for all industry leaders is how the U.S. Securities and Exchange Commission is pivoting to attract private entities. Agencies no longer look to a unit’s chief compliance officer as a point of contact, but rather it is people more senior in the C-Suite who they ask about suitable sourcing – both in terms of human resources and systems. system.

It is not difficult to imagine that strengthening C-Suite accountability for governance and supervisory oversight in the financial sector, if the effort bears fruit, could be a tactic that agencies Other agencies, like HHS, try.

“For CEOs and other principals, being in reasonable denial when it comes to compliance issues is no longer an option,” Kroll researchers said.

Along with that, crossing the t’s and dotting the i’s in sanctions is also something to keep in mind.

Kroll cited rules like the Foreign Corrupt Practices Act, in which “companies that fail to comply will face enormous financial and reputational consequences.”

Security compliance is a significant challenge for corporations “with huge potential financial and reputational risks,” the researchers added, meaning organizations that pay cyber ransoms to a group whose individuals are punished may be violated.

Andrea Fox is a senior editor at Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.

Photo of news7g news7g2 weeks ago
3 4 minutes read
Photo of news7g

news7g

News7g: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, Sports...at the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Bayer, EMD Serono restrict sales of 340B pharmaceuticals after court ruling

Bayer, EMD Serono restrict sales of 340B pharmaceuticals after court ruling

02/02/2023
Industry-first quality solution for scaling genAI adoption

Industry-first quality solution for scaling genAI adoption

02/23/2024
Florida Surgeon General Promotes Nutraceuticals for COVID

Mass deaths of birds and fish: Is there a cover-up?

12/14/2021
Cleveland Clinic makes quantum computing available to startups

Cleveland Clinic makes quantum computing available to startups

11/09/2023
Back to top button