-
Frequency
849 incidents, 571 with confirmed data disclosure
Top patterns
Basic Web Application Attacks, Miscellaneous Errors and System Intrusion represent 76% of breaches
Threat actors
External (61%), Internal (39%) (breaches)
Actor motives
Financial (95%), Espionage (4%), Convenience (1%), Grudge (1%) (breaches)
Data compromised
Personal (58%), Medical (46%), Credentials (29%), Other (29%) (breaches)
Top IG1 protective controls
Security Awareness and Skills Training (14), Secure Configuration of Enterprise Assets and Software (4), Access Control Management (6)
What is the same?
The top three patterns are the same, but the order is not. The threat actors were exactly the same as last year (down to the percentage point).
Summary
The Basic Web Application Attacks have overtaken the Miscellaneous Errors in causing breaches in this sector. Errors remain a significant problem.
Healthcare
NAICS 62
- 2022 DBIR
- Master Guide
- Introduction
- Summary of Findings
- Results and Analysis Intro
- Results and Analysis - Intro to Patterns
- Results and Analysis - Not the Human Element
- Results and Analysis - Basic Web Application Attacks
- Industries
- Intro to Industries
- Accommodation and Food Services Data Breaches
- Arts and Entertainment Data Breaches
- Data Breaches in Education
- Financial Services Data Security Breaches
- Healthcare Data Breaches
- Information Industry Data Breaches
- Data Breaches in Manufacturing Industries
- Data Breaches in Energy & Utilities Industries
- Professional Services Data Breaches
- Public Administration Data Breaches
- Retail Data Breaches and Security
- Small Business Data Breach Statistics
- Intro to Regions
- Wrap Up
- Appendices
- Corrections
- Download the full report (PDF)
Please provide the information below to view the online Verizon Data Breach Investigations Report.
Thank You.
Thank you.
You will soon receive an email with a link to confirm your access, or follow the link below.
Thank you.
You may now close this message and continue to your article.
-
Patterns
5-Year difference
3-Year difference
Basic Web Application Attacks
Greater
Greater
Miscellaneous Errors
Less
Less
System Intrusion
Greater
Greater
-
Pattern
Difference with peers
Basic Web Application Attacks
Greater
Miscellaneous Errors
Greater
System Intrusion
Less
-
Insiders? What Insiders?
Healthcare is the industry where the internal actor has figured prominently in breaches since we first began collecting and reporting data. While the make-up of the insider breach has moved from being largely malicious Misuse incidents to the more benign (but no less reportable) Miscellaneous Errors, we have always been able to rely on this industry to tell the insider threat story. With the rise of the Basic Web Application Attacks pattern in this vertical, those inside actors no longer hold sway. Move over Insiders, the big dogs are here.
Make no mistake (no pun intended) your employees are still causing breaches, but they are over 2.5 times more likely to make an error than to maliciously misuse their access. Misdelivery and Loss are the most common errors (and they are so close, we’d need a photo finish to determine a winner).
Figure 87 illustrates the change over time in patterns for healthcare. Back in 2015, the top pattern was Privilege Misuse, followed by Miscellaneous Errors. It wasn’t until 2019 that we started to see the rise of Basic Web Application Attacks, and they have clearly become a serious problem for everyone, not just this industry. Healthcare has increasingly become a target of run-of-the-mill hacking attacks and the more impactful ransomware campaigns (both from the System Intrusion pattern, which came in third). With the increase in ransomware, comes the associated increase of the discovery method of Actor Disclosure. It is a bad day when that ransom note pops up after the encryption has been triggered, providing convenient methods of payment for these customer service-focused threat groups. (And really, who doesn’t want to make it easy for their “customers” to pay them?)
For the second year, Personal data is compromised more often than Medical. Do we consider this the norm now for the one industry with a plethora of medical data? Is this because the actors are just getting in and getting their encryption game on without regard to the type of records they are rendering inaccessible? Only those in the industry know for certain if they have increased their controls around their Medical data but left Personal data in the waiting room.
Let's get started.
Choose your country to view contact details.
- Select Country...
- United States
- Argentina
- Australia
- Austria
- Belgium
- Brazil
- Canada
- Chile
- China
- Colombia
- Costa Rica
- Denmark
- Finland
- France
- Germany
- Hong Kong
- India
- Ireland
- Italy
- Japan
- Korea
- Luxembourg
- Mexico
- Netherlands
- New Zealand
- Norway
- Panama
- Portugal
- Singapore
- Spain
- Sweden
- Switzerland
- Taiwan
- United Kingdom
- United States
- Venezuela
-
Call for Sales.
Or we'll call you.
Existing customers, sign in to your business account or explore other support options.