Dive Brief:
Data breaches hit the healthcare sector more than other industries last year, according to a report published this week by financial and risk advisory firm Kroll.
In 2024, the healthcare industry accounted for 23% of data breaches handled by the advisory, compared with just 18% in 2023.
The sector was battered by cyberattacks last year — including the major incident at claims processor Change Healthcare — and the industry operated with “fairly immature” incident response practices, wrote Denyl Green, global head of breach notification at Kroll, in the report.
Dive Insight:
The healthcare and finance sectors have been alternating between the top two most breached sectors in recent years, according to the analysis.
Last year, healthcare returned to the top spot — and its customers seemed fairly concerned about the safety of their information. For example, the sector ranked highest in the number of consumers who began using credit and identity monitoring after a data breach.
Forty-five percent of these services activated in the wake of breach involved healthcare organizations, compared with 25% in the technology industry and 20% in the finance sector. That could be due to the highly publicized nature of many healthcare breaches — and it might result in higher costs for companies or their insurers who may pay for these services, according to Kroll.
Additionally, the second-highest number of calls to Kroll — about one third of total inquiries — about data breaches were related to the healthcare industry, according to the analysis.
Healthcare was the most breached industry in 2024
Percentage of data breaches from 2022 to 2024 by industry
Healthcare has become a major target for cybercriminals, given the high stakes of care delivery and the value of sensitive health data. Still, the industry is underprepared compared with others, and it has fewer advanced security capabilities, according to a Kroll report published last spring.
In 2024, the sector weathered several high-profile cyberattacks, including the ransomware attack on Change that significantly disrupted payments to providers and other key operational tasks for weeks. Last month, the UnitedHealth-owned company said the attack may have compromised the data of about 190 million people, the largest healthcare breach ever reported to federal regulators.
