Healthcare (NAICS 62)

Please provide the information below to view the online Verizon Data Breach Investigations Report.

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

Frequency

 

1,378 incidents, 1,220 with confirmed data disclosure

Top patterns

 

Miscellaneous Errors, Privilege Misuse and System Intrusion represent 83% of breaches

Threat actors

 

Internal (70%), External (30%) (breaches)

Actor motives

 

Financial (98%), Espionage (1%) (breaches)

Data compromised

 

Personal (75%), Internal (51%), Other (25%), Credentials (13%) (breaches)

What is the same?

 

System Intrusion breaches remain in the top three attack patterns.


Summary

This year’s Healthcare sector analysis reveals significant shifts compared to previous years. Insiders deliberately causing breaches have surged back into second place after a steady decline since 2018. Interestingly, Personal data has eclipsed Medical data as the preferred target for threat actors.

Their condition is rapidly evolving.

We certainly didn’t require X-rays to diagnose the changes in the Healthcare industry this year. There are a wealth of differences from last year to this year, so let’s dive in and take a look. There has been a trend of decreasing malicious insider threats in the Healthcare sector since 2018 (Figure 62). However, we saw that trend beginning to reverse itself to some degree last year. It has continued to make up lost ground and now holds the second-place spot this year. This is even more worthy of mention when you consider Privilege Misuse wasn’t even in the top three last year.

As a result, the Internal actor has taken back the driver’s seat in this industry. Whether wreaking malevolent mischief in terms of Privilege Misuse or simply making a hefty dose of innocent mistakes, resulting in the Miscellaneous Errors pattern taking the top spot in this year’s rankings, insiders are making quite the comeback in this sector. Not unlike almost every other industry on which we report, the error that appears to be the most beloved is Misdelivery (sending information to the wrong recipient, whether by electronic or physical means) (Figure 63). Loss is in second place and primarily consists of the misplacement of paper documents, which is bad for the organization and the environment. Lastly, we have Gaffe (a DBIR team favorite), which is when people simply blurt out sensitive data in the hearing of others.

Data Breach Investigation Report figure 62

Finally, a point of particular interest to the team was that Medical data, usually the most commonly stolen data type in this sector, doesn’t even get a passing nod (Figure 64). It seems that Personal data is the flavor of the year for threat actors, and they don’t really care about Aunt Bertha’s bunions.

Data Breach Investigation Report figure 63
Data Breach Investigation Report figure 64

Let’s
connect

Call Sales
877-297-7816

Have us contact you
Request a call

Call for Public Sector
844-825-8389