Healthcare CISOs know they’re struggling – and it’s not only the users’ fault

Credit: ID 100857391 © Maxkabakov |

CISOs in healthcare organisations are working hard to tighten security controls but pervasive issues with user errors, limited staff and financial resources, and a relentless flood of aggressive attacks by data-hungry cyberattackers, are hindering their progress – and even security executives admit they’re not doing anywhere near as good a job as they should be.

Fully 83 percent of healthcare organisations participating in a recent Carbon Black analysis said they have seen an increase in cyber attacks over the past year, with an average of 8.2 attempted attacks per endpoint every month.

Two-thirds said attacks have become more sophisticated in the past year, with a third noting instances of ‘island hopping’ – in which attackers establish command posts throughout a compromised network – and a similar proportion noting they had run into counter-incident response efforts as cybercriminals fought to work around cybersecurity controls.

Ransomware attacks were noted by two-thirds of organisations, while 45 percent said they had encountered attacks primarily designed to destroy data.

The myriad pressures on cybersecurity organisations had left many security practitioners falling short of their own expectations, with a third of respondents rating themselves with a grade of C, a quarter giving themselves a B, and 16 percent a B-.