Compromise assessment is an excellent discipline for recognising current or past attacks on hospitals, evaluating them and taking appropriate measures to prevent them in the future. It can meaningfully enhance a hospital’s IT security, but is not sufficient on its own to raise its security maturity level. But what does it take to sustainably increase the IT security level in the CRITIS sector? Christoph Lemke, Senior Cyber Security Consultant SECUINFRA and Ramon Weil, Founder & CEO SECUINFRA, have critically discussed this question.