SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Ransomware
#
Physical Security
#
Breach Prevention

Healthcare tops data breach incidents in 2024, surpassing finance

Yesterday
Author image
By Kaleah Salmon, Journalist

Kroll's Cyber Risk team has released its 2025 Data Breach Outlook, revealing that the healthcare industry was the most affected by data breaches in 2024.

The report indicates that healthcare accounted for 23% of all data breaches last year, overtaking the finance sector, which experienced a decline to 22% from 26% in 2023. This shift is particularly significant in light of last year's wave of cyber-attacks targeting the NHS.

The study, based on data collected from thousands of incidents managed by Kroll's Identity Theft and Breach Notification (ITBN) team, also highlights significant reductions in the incidence of data breaches across other sectors. The technology sector saw a 46% drop, while the education and retail sectors experienced decreases of 38% and 33%, respectively.

Post-breach response remains most active within the technology sector, with 33% of inquiries following a breach notification being linked to technological incidents. This contrasts 30% in the healthcare sector and just 18% in finance. Despite healthcare's high incidence of breaches, it led the uptake in identity protection services, with 45% of affected consumers opting for measures such as identity and credit monitoring.

The report notes that new credit card fraud was the predominant form of fraud in 2024, making up 52% of the cases. Additionally, there were upward trends in new cellphone fraud and auto loan account fraud, while utilities fraud saw a notable decline.

Denyl Green, Global Head of Identify Theft and Breach Notification at Kroll, commented on the findings: "2024 was unfortunately a standout year for the healthcare sector, suffering from numerous cyberattacks culminating in a year that left healthcare boards thinking deeply of the overall risk to their businesses. The largest healthcare data breach of the year, Change Healthcare, demonstrated the widespread disruption a breach can cause due to the interconnectedness of the healthcare industry. The healthcare sector presents an enticing target for threat actors due to its potential for significant financial gain."

Green further explained the allure of healthcare data: "Healthcare data can be worth up to USD $1000 on the dark web, compared to the USD $5 that a credit card number is worth. The threat of patient lives on the line means healthcare organisations are also more likely to pay the ransom in ransomware cases in order to restore their systems and ensure that patient care is not interrupted. Lastly, fraudulent medical claims using stolen identities provide an additional avenue for financial gain not seen with other types of stolen information."

He urged the healthcare industry to address security proactively: "Business within the healthcare industry need to be looking at their medium-and long-term security programs to ensure they can remain safe and secure. Understanding who your adversaries are, and what their capabilities are, is key. From there, you can build a comprehensive risk strategy to understand the edges of your exposure, take down what you can and understand what you can't."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Why email security needs automated incident response
LexisNexis completes acquisition of IDVerse for AI solutions
Sophos & Pax8 join forces to bolster MSP cybersecurity
KnowBe4 platform promises up to 400% return on investment
Semperis stresses risk for healthcare organisations amidst rising cyber threats
Top stories
X-PHY appoints Wayne Maw as US general manager
Neeraj Methi joins Myriad360 as VP of Cybersecurity
Tenable unveils Identity 360 & Exposure Center solutions
Peter Alexander named new CMO at Barracuda Networks
Counter-Strike 2 gamers warned about rising scam threats