- Healthcare is overwhelmingly considered the worst industry for cybersecurity, with widespread anecdotes of outdated tech, careless practices, and resistance from clinical staff
- Financial services are praised for strict, mature cybersecurity controls, while education, manufacturing, and local government also receive criticism for poor practices
- Many cite cultural, technical, and budgetary challenges—especially in healthcare—as key reasons for pervasive cybersecurity failures
Across hundreds of Reddit comments from cybersecurity professionals, healthcare emerges as the most frequently cited industry with the worst cybersecurity practices. Stories range from hospitals storing patient data on unencrypted personal laptops to X-ray machines operated through unsecured remote access points. Many healthcare professionals—especially doctors—are described as resistant to security protocols like multi-factor authentication or password management, viewing them as an inconvenience rather than a necessity. This cultural clash between clinical needs and cybersecurity priorities is further complicated by outdated infrastructure, poorly maintained legacy systems, and budget constraints that deprioritize IT investments.
Numerous firsthand accounts illustrate healthcare’s reliance on obsolete technology, such as Windows 7 or even Windows 98, and lax physical and network security controls. Comments mention exposed patient records, shared passwords, unsecured USB drives, and even server rooms doubling as storage closets. Pentesters and incident responders recount horror stories of compromised medical equipment, improperly stored data backups, and weak or nonexistent network segmentation between IT and OT systems. The underlying issue, many argue, is not just technical, but organizational: healthcare often lacks cybersecurity leadership, adequate training, and institutional accountability.
In contrast, the financial industry is described as having the most robust cybersecurity frameworks, driven by tight regulatory scrutiny and a longstanding foundation in audit-based security practices. Banks are said to prioritize risk mitigation, enforce strict access controls, and undergo regular third-party audits. While not perfect—phishing and spam still persist—financial institutions are credited with being more proactive and consistent than many other sectors. Even within the broader financial services category, banking is seen as far more secure than insurance or mortgage processing.
Other poorly rated sectors include education (particularly K-12), manufacturing, and local government. Schools suffer from underfunding, tech-savvy students who bypass restrictions, and a lack of standardized controls. Manufacturing and operational technology (OT) environments are criticized for decades-old infrastructure and engineers who undervalue security. Local governments are often caught with outdated equipment, minimal oversight, and shared credentials. While some users highlight improvements underway in these sectors, most agree that cybersecurity maturity remains highly inconsistent across industries, with healthcare widely regarded as the weakest link.
Leave a Reply
You must be logged in to post a comment.