Data breaches in the healthcare sector have been on the rise, according to a recent report by financial and risk advisory firm Kroll. In 2024, the healthcare industry accounted for 23% of data breaches handled by the advisory, a significant increase from 18% in the previous year. This surge in data breaches was largely attributed to cyberattacks, with the industry facing challenges in developing mature incident response practices.
The healthcare sector, along with the finance industry, has been consistently ranked among the top two most breached sectors in recent years. However, in 2024, healthcare reclaimed the top spot, raising concerns among consumers about the security of their personal information. Following data breaches, a high number of consumers in the healthcare sector started using credit and identity monitoring services, surpassing those in the technology and finance sectors.
The highly publicized nature of healthcare breaches has led to increased scrutiny and potential financial implications for companies and insurers. In fact, healthcare organizations accounted for 45% of credit and identity monitoring services activated post-breach, compared to 25% in the technology sector and 20% in finance. This trend underscores the urgency for the healthcare industry to strengthen its cybersecurity measures and incident response capabilities.
Despite being a prime target for cybercriminals due to the sensitive nature of health data, the healthcare industry lags behind other sectors in terms of advanced security capabilities. A Kroll report highlighted the industry’s vulnerability to cyber threats and the need for enhanced security measures to mitigate risks. In 2024, the sector faced several high-profile cyberattacks, including a ransomware incident at claims processor Change Healthcare, which disrupted operations and compromised data for millions of individuals.
The increasing frequency and severity of data breaches in the healthcare industry underscore the urgent need for proactive cybersecurity measures and incident response strategies. By prioritizing cybersecurity investments and adopting best practices, healthcare organizations can safeguard sensitive data, protect patient privacy, and mitigate the financial and reputational risks associated with cyber threats.
