Healthcare (NAICS 62)

Please provide the information below to view the online Verizon Data Breach Investigations Report.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.



525 incidents, 436 with confirmed data disclosure

Top patterns


System Intrusion, Basic Web Application Attacks and Miscellaneous Errors represent 68% of breaches

Threat actors


External (66%), Internal (35%), Multiple (2%) (breaches)

Actor motives


Financial (98%), Espionage (2%), Fun (1%), Ideology (1%) (breaches)

Data compromised


Personal (67%), Medical (54%), Credentials (36%), Other (17%) (breaches)

What is the same?


The top three patterns remain the same, although the order has changed. Internal actors making mistakes continues to trouble this sector.



Ransomware actors continue targeting this sector, and are increasingly causing confirmed data breaches in the process. Errors (particularly Misdelivery) are consistently prevalent as well. Finally, don’t discount the insider threat in this industry.

A sector under siege 

The Healthcare vertical is highly targeted by ransomware gangs, which results in both the loss of use of their systems—potentially with life-threatening consequences—as well as data breaches. While the number of ransomware incidents peaked in this industry in 2021, the last three years have seen a jump in data breaches (where the data is confirmed to have been stolen as well as the encryption triggered) caused by ransomware. This combination of attacks by adversaries is resulting in more data being compromised in addition to the usual chaos of staff being forced to do their jobs without the systems they rely upon. 

Mitigating these attacks takes time—if the organization even has reliable, tested backups of the systems compromised—and resources. If both are scarce in your organization, prevention and early detection are your best friends. Don’t ignore the threat this type of attack represents when you are planning your controls.

Sorry ’bout that 

The Miscellaneous Errors pattern remains prevalent in healthcare. The action variety of Misdelivery is a consistent people problem. This is the mistake that happens when data that is supposed to go to a certain person (or group) actually ends up going to someone entirely different. Sometimes it is in the form of that spreadsheet with sensitive employee health information accidentally being sent to a much wider distribution than planned (those email groups can be so similar—thanks a lot, autocomplete). In other cases, it is a mailing error with paper documents that are placed in such a way that too much information is visible in the envelope’s clear window. Who wants their letter carriers to know about their embarrassing condition? Customers (patients) are understandably upset.

Where’s my gruntle? 

Ah, the disgruntled employee—so often the perpetrator of malicious actions and wreaking only the kind of havoc an insider can achieve. While the Privilege Misuse pattern is no longer in the top three for this industry, it remains a consistent problem. Snooping from curiosity—more the bored employee than the actively hostile—is common in Healthcare as well. But this is also a sector in which we see evidence of collusion, multiple actors working together to make their breach dreams a reality. If only this diligence could be put toward their legitimate work tasks, these employees could be top performers. The industry’s only defense for when someone loses their gruntle is fast detection of unusual data access patterns. This remains a challenge for any industry where internal actors are motivated to cause trouble.

Let's get started.