Healthcare Was the Most Breached Industry in 2024
A recent report from the financial and risk advisory firm Kroll has confirmed that healthcare is now the primary target for cybercriminals, having overtaken finance for data breaches in 2024. In 2024, healthcare accounted for almost one-quarter (23%) of all data breaches, overtaking finance (22%), albeit by the smallest of margins. In 2023, finance topped the list with 26% of data breaches with healthcare in second place with 18% of data breaches.
Over the past few years, finance and healthcare have been vying for the top spot for data breaches, and there is no reason to suggest any change in 2025; however, the Kroll Data Breach Outlook 2025 report provides interesting insights into attacks on other sectors. Cyber actors are conducting fewer attacks on other often targeted sectors such as professional services, retail, technology, and education, with attacks on the technology sector falling by 46%, attacks on education falling by 38%, and retail attacks falling by 33%. Last year saw an increase in attacks on the industrial services, manufacturing, government, and insurance sectors, with the latter seeing a 25% increase in attacks.
The attraction of the healthcare sector is clear. Healthcare records are extremely valuable to cybercriminals and can be used for many malicious purposes. On average, hackers are able to earn around $5 per stolen credit card number compared to around $1,000 for each set of stolen healthcare records. Attacks on healthcare organizations are also easier, as they have a sprawling attack surface and continue to use legacy devices and software, which makes securing healthcare environments more difficult. Kroll also notes that while finance has mature incident response programs, in healthcare those programs are fairly immature.
“The healthcare industry is a target-rich environment and companies need to be looking at their medium-and long-term programs to ensure they can remain safe and secure,” explained Kroll in the report. “Understanding who your adversaries are, and what their capabilities are, is key. From there, you can build a comprehensive risk strategy to understand the edges of your exposure, take down what you can and understand what you can’t.”
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
As a provider of credit monitoring and identity theft protection services, Kroll’s data provides insights into the level of concern among consumers affected by data breaches. In 2024, healthcare topped the list for the percentage of consumers taking advantage of credit monitoring and identity theft protection services. On average, 45% of victims of healthcare data breaches took advantage of those services in 2024, an 85% year-over-year increase. The take up was 25% for breaches at technology firms and 20% for breaches in finance. Kroll suggests that this may have been due to a number of highly publicized healthcare data breaches in 2024.
While healthcare topped the list in terms of the number of people taking advantage of credit monitoring services, technology topped the list in terms of calls following a data breach, accounting for 33% of the total with healthcare in second place with 30% of calls. There was a 69% year-over-year increase in calls following a technology data breach, but even though healthcare topped the list of the percentage of individuals taking advantage of credit monitoring services, calls regarding healthcare data breaches fell by 21% year-over-year.
When it comes to misuse of information, new credit card fraud was by far the most common type of identity theft, accounting for 52% of cases, the same percentage as in 2023. The next most common type was new cellphone account fraud, accounting for 9% of cases.
