• Summary

    Basic human error continues to beset this industry as it has for the past several years. The most common Error continues to be Misdelivery (36%), whether electronic or of paper documents. Malicious Internal actions, however, have dropped from the top three for the second year in a row. Financially motivated organized criminal groups continue to target this sector, with the deployment of Ransomware being a favored tactic.


    655 incidents, 472 with confirmed data disclosure

    Top Patterns

    Miscellaneous Errors, Basic Web Application Attacks and System Intrusion represent 86% of breaches

    Threat Actors

    External (61%), Internal (39%) (breaches)

    Actor Motives

    Financial (91%), Fun (5%), Espionage (4%), Grudge (1%) (breaches)

    Data compromised

    Personal (66%), Medical (55%), Credentials (32%), Other (20%), (breaches)

    Top IG1 Protective Controls

    Security Awareness and Skills Training (14), Secure Configuration of Enterprise Assets and Software (4), Access Control Management (6)

  • Since 2019, the Healthcare sector has seen a shift from breaches caused by Internal actors to primarily External actors. This brings this vertical in line with the long-term trend seen by the other industries. This is good news actually, as no industry wants their employees to be their primary threat actor. While one of the top patterns for Healthcare continues to be Miscellaneous Errors, with Misdelivery being most common, at least errors are not malicious in nature (Figure 105). The insider breaches that were maliciously motivated have not shown up in the top three patterns in Healthcare for the past several years. But does this mean they are no longer occurring, or are they still around but we just aren’t catching them (like Bigfoot)? Only time will tell. 

    For the second year in a row, we have seen Personal data compromised more often than Medical in this sector. That strikes us as strange, given the fact that this is the one sector where you would expect to see Medical information held most commonly. However, with the increase of External actor breaches, it may simply be that the data taken is more opportunistic in nature. If controls, for instance, are more stringent on Medical data, an attacker may only be able to access Personal data, which is still useful for financial fraud. Simply put, they may take what they can get and run.

  • Figure

Let's get started.