Healthcare
NAICS 62

Please provide the information below to view the online Verizon Data Breach Investigations Report.

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

  • Frequency

     

    849 incidents, 571 with confirmed data disclosure

    Top patterns

     

    Basic Web Application Attacks, Miscellaneous Errors and System Intrusion represent 76% of breaches

    Threat actors

     

    External (61%), Internal (39%) (breaches)

    Actor motives

     

    Financial (95%), Espionage (4%), Convenience (1%), Grudge (1%) (breaches)

    Data compromised

     

    Personal (58%), Medical (46%), Credentials (29%), Other (29%) (breaches)

    Top IG1 protective controls

     

    Security Awareness and Skills Training (14), Secure Configuration of Enterprise Assets and Software (4), Access Control Management (6)

    What is the same?

     

    The top three patterns are the same, but the order is not. The threat actors were exactly the same as last year (down to the percentage point).

    Summary

     

    The Basic Web Application Attacks have overtaken the Miscellaneous Errors in causing breaches in this sector. Errors remain a significant problem.

  • Patterns

     

    5-Year difference

     

    3-Year difference

    Basic Web Application Attacks

     

    Greater

     

    Greater

    Miscellaneous Errors

     

    Less

     

    Less

    System Intrusion

     

    Greater

     

    Greater

  • Pattern

     

    Difference with peers

     

     

    Basic Web Application Attacks

     

    Greater

     

     

    Miscellaneous Errors

     

    Greater

     

     

    System Intrusion

     

    Less

     

     

  • Insiders? What Insiders?

    Healthcare is the industry where the internal actor has figured prominently in breaches since we first began collecting and reporting data. While the make-up of the insider breach has moved from being largely malicious Misuse incidents to the more benign (but no less reportable) Miscellaneous Errors, we have always been able to rely on this industry to tell the insider threat story. With the rise of the Basic Web Application Attacks pattern in this vertical, those inside actors no longer hold sway. Move over Insiders, the big dogs are here. 

    Make no mistake (no pun intended) your employees are still causing breaches, but they are over 2.5 times more likely to make an error than to maliciously misuse their access. Misdelivery and Loss are the most common errors (and they are so close, we’d need a photo finish to determine a winner). 

    Figure 87 illustrates the change over time in patterns for healthcare. Back in 2015, the top pattern was Privilege Misuse, followed by Miscellaneous Errors. It wasn’t until 2019 that we started to see the rise of Basic Web Application Attacks, and they have clearly become a serious problem for everyone, not just this industry. Healthcare has increasingly become a target of run-of-the-mill hacking attacks and the more impactful ransomware campaigns (both from the System Intrusion pattern, which came in third). With the increase in ransomware, comes the associated increase of the discovery method of Actor Disclosure. It is a bad day when that ransom note pops up after the encryption has been triggered, providing convenient methods of payment for these customer service-focused threat groups. (And really, who doesn’t want to make it easy for their “customers” to pay them?) 

    For the second year, Personal data is compromised more often than Medical. Do we consider this the norm now for the one industry with a plethora of medical data? Is this because the actors are just getting in and getting their encryption game on without regard to the type of records they are rendering inaccessible? Only those in the industry know for certain if they have increased their controls around their Medical data but left Personal data in the waiting room.

Let's get started.