"Additionally, Healthcare's median time to resolve serious findings was 58 days, ranking 10th of 13 industries. Hospitality led with 20 days. Healthcare's half-life, for serious findings was 244 days, ranking 11th of 13 industries, far behind transportation at 43 days. These results place healthcare in the "Struggling" quadrant of the comparative framework - an industry with relatively low prevalence of serious findings but consistently slow remediation. This lag leaves vulnerabilities exposed for months, increasing compliance risks and creating dangerous entry points for attackers."
"Despite lagging resolution speed overall, most healthcare organizations succeed in fixing the most critical issues on time. Nearly 40% of healthcare SLAs require serious findings in business-critical assets to be fixed within three days, and another 40% require resolution within four to 14 days. In practice, most organizations meet these deadlines: 43% resolve critical findings in one to three days 37% resolve within four to seven days 14% resolve within eight to 14 days"
13.3% of healthcare pentest findings qualify as serious, ranking sixth-best of 13 industries. Healthcare resolved 57.4% of serious findings, placing 11th of 13 industries, while transportation led at 80.2%. Median time to resolve serious findings is 58 days (10th of 13); hospitality led with 20 days. The half-life for serious findings is 244 days (11th of 13), far longer than transportation's 43 days. Healthcare sits in a 'Struggling' quadrant with low prevalence but consistently slow remediation, leaving vulnerabilities exposed for months. Most organizations meet SLAs for critical assets, resolving many critical issues within days. Leaders cite generative AI, third-party software, data exposure, insider threats, and phishing as top risks.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]