In its 2025 Data Breach Outlook, Kroll’s Cyber Risk team has revealed that the healthcare industry experienced the highest number of data breaches in 2024, surpassing the finance sector for the first time in recent years.
According to the report, healthcare accounted for 23% of all data breaches in 2024, a notable increase from previous years. This shift marks a significant change, as the finance sector, which had been the leading target for breaches, dropped to 22% from 26% in 2023. The rise in healthcare breaches follows a troubling wave of cyber-attacks that targeted the NHS, further underscoring vulnerabilities within the sector.
The findings are based on extensive data collected by Kroll’s Identity Theft and Breach Notification (ITBN) team, who managed thousands of breach incidents. While healthcare saw an uptick in breaches, other sectors reported significant declines. The technology industry saw a sharp 46% decrease in breaches, while education and retail followed with reductions of 38% and 33%, respectively.
Despite its higher number of breaches, healthcare led in post-breach response, with 45% of affected consumers opting for services such as identity and credit monitoring. This contrasts with 33% in technology and only 18% in finance. In terms of breach-related inquiries, the technology sector continued to dominate with 33% of inquiries, followed by healthcare at 30%.
Kroll’s report also highlights evolving trends in fraud, with credit card fraud emerging as the most common type of fraud in 2024, accounting for 52% of all cases. Notably, fraud involving new cellphones and auto loan accounts also saw an uptick, while utilities fraud significantly declined.
Denyl Green, Global Head of Identity Theft and Breach Notification at Kroll, commented on the findings, emphasizing the impact on the healthcare sector: “2024 was a year that brought significant challenges to healthcare, with numerous cyber-attacks putting pressure on organizations to rethink their security strategies. The largest breach, involving Change Healthcare, illustrated the widespread disruption that can result from breaches, particularly given the interconnected nature of the healthcare industry.”
Green explained the financial allure of healthcare data for cybercriminals: “Healthcare data can be worth up to $1,000 on the dark web, compared to just $5 for a stolen credit card number. The high stakes for patient care also make healthcare organizations more likely to pay ransoms in ransomware cases to quickly restore operations. Additionally, stolen healthcare data can fuel fraudulent medical claims, adding another avenue for criminals.”
Green urged healthcare organizations to adopt a more proactive stance on security: “Healthcare businesses need to prioritize long-term security planning to safeguard against future breaches. By understanding the capabilities of their adversaries, healthcare organizations can better assess their exposure and build comprehensive risk strategies to mitigate potential threats.”
As the healthcare industry faces increasing risks, the need for robust cybersecurity measures has never been more urgent.
Related Topics:
Zeller Launches Financial Solution for Tech Startup Founders
NAB Reports Growth in Revenue, But Decline in Cash Earnings
Canberra United Faces Uncertain Future Amid Ongoing Financial Struggles
