Healthcare (NAICS 62)
Please provide the information below to view the online Verizon Data Breach Investigations Report.
Thank you.
You will soon receive an email with a link to confirm your access, or follow the link below.
Thank you.
You may now close this message and continue to your article.
- 2024
- Summary of Findings
- Introduction
- Helpful Guidance
- Results and Analysis - Introduction
- Incident Classification - Introduction
- Industries - Introduction
- Accommodation and Food Services Data Breaches
- Educational Services
- Financial and Insurance Services
- Healthcare Data Breaches
- Information Industry Data Breaches
- Data Breaches in Manufacturing Industries
- Professional Services Data Breaches
- Public Administration Data Breaches
- Retail Data Breaches and Security
- Introduction to Regions
- Wrap Up
- Appendix
- Corrections
- Download the full report (PDF)
Frequency |
1,378 incidents, 1,220 with confirmed data disclosure |
|
Top patterns |
Miscellaneous Errors, Privilege Misuse and System Intrusion represent 83% of breaches |
|
Threat actors |
Internal (70%), External (30%) (breaches) |
|
Actor motives |
Financial (98%), Espionage (1%) (breaches) |
|
Data compromised |
Personal (75%), Internal (51%), Other (25%), Credentials (13%) (breaches) |
|
What is the same? |
System Intrusion breaches remain in the top three attack patterns. |
Summary
This year’s Healthcare sector analysis reveals significant shifts compared to previous years. Insiders deliberately causing breaches have surged back into second place after a steady decline since 2018. Interestingly, Personal data has eclipsed Medical data as the preferred target for threat actors.
Their condition is rapidly evolving.
We certainly didn’t require X-rays to diagnose the changes in the Healthcare industry this year. There are a wealth of differences from last year to this year, so let’s dive in and take a look. There has been a trend of decreasing malicious insider threats in the Healthcare sector since 2018 (Figure 62). However, we saw that trend beginning to reverse itself to some degree last year. It has continued to make up lost ground and now holds the second-place spot this year. This is even more worthy of mention when you consider Privilege Misuse wasn’t even in the top three last year.
As a result, the Internal actor has taken back the driver’s seat in this industry. Whether wreaking malevolent mischief in terms of Privilege Misuse or simply making a hefty dose of innocent mistakes, resulting in the Miscellaneous Errors pattern taking the top spot in this year’s rankings, insiders are making quite the comeback in this sector. Not unlike almost every other industry on which we report, the error that appears to be the most beloved is Misdelivery (sending information to the wrong recipient, whether by electronic or physical means) (Figure 63). Loss is in second place and primarily consists of the misplacement of paper documents, which is bad for the organization and the environment. Lastly, we have Gaffe (a DBIR team favorite), which is when people simply blurt out sensitive data in the hearing of others.
Finally, a point of particular interest to the team was that Medical data, usually the most commonly stolen data type in this sector, doesn’t even get a passing nod (Figure 64). It seems that Personal data is the flavor of the year for threat actors, and they don’t really care about Aunt Bertha’s bunions.
