Kroll’s Cyber Risk team has unveiled its 2025 Data Breach Outlook, indicating a dramatic shift in the landscape of cybersecurity threats. The healthcare sector emerged as the most targeted industry in 2024, accounting for a concerning 23% of all reported data breaches. This statistic reveals a notable increase from previous figures, as the financial sector witnessed a decrease from 26% to 22%. The findings come in the wake of a series of cyberattacks that heavily impacted the NHS last year, highlighting the vulnerabilities pervasive within healthcare organizations.
The data, derived from extensive analysis of incidents handled by Kroll’s Identity Theft and Breach Notification (ITBN) team, reveals a broader trend of reduced data breach occurrences in other sectors. The technology industry reported a staggering 46% decrease in breaches, while education and retail sectors saw declines of 38% and 33%, respectively. Despite the overall downward trend in breaches across most sectors, the healthcare industry remains an attractive target due to its sensitive data and the potential for significant financial rewards for cybercriminals.
Following breaches, there has been a notable uptick in inquiries related to post-breach responses within the technology sector, where 33% of such inquiries were linked to technology-related incidents. In comparison, healthcare’s response rate stood at 30%, while finance lagged behind at just 18%. The healthcare industry also led the way in adopting identity protection services, with 45% of affected individuals choosing options like identity and credit monitoring after a breach occurred.
Furthermore, the report identified new credit card fraud as the most prevalent form of fraud in 2024, constituting 52% of all recorded cases. Trends indicate a rise in new cellphone fraud and auto loan account fraud, while fraudulent activities related to utilities demonstrated a notable decline.
Denyl Green, Global Head of Identity Theft and Breach Notification at Kroll, reflected on the concerning trends within the healthcare sector. He noted that 2024 was marked by significant cyberattacks that left healthcare boards grappling with the heightened risks inherent to their operations. The year’s most significant data breach, involving Change Healthcare, underscored the potential for widespread disruption within an interconnected industry like healthcare.
Green emphasized the lucrative nature of healthcare data, highlighting its potential market value on the dark web—up to USD $1000—compared to a mere USD $5 for a stolen credit card number. This value is compounded by the life-critical nature of healthcare data, which increases the likelihood that organizations will comply with ransomware demands to avoid service disruptions. Additionally, the occurrence of fraudulent medical claims utilizing stolen identities presents a unique financial incentive that distinguishes healthcare from other sectors.
In light of these challenges, Green urged healthcare providers to adopt a proactive approach to security. He stressed the importance of developing medium- and long-term security strategies that effectively address potential vulnerabilities. Understanding the adversaries involved and their associated capabilities is instrumental in crafting a comprehensive risk management strategy. By identifying areas of exposure and implementing necessary protections, healthcare organizations can bolster their defenses against the ever-evolving threat landscape.
Given the specific context of these cybersecurity incidents, potential adversary tactics and techniques outlined in the MITRE ATT&CK framework could include initial access through phishing or exploitation of public-facing applications, persistence mechanisms through credential dumping, and privilege escalation to gain unauthorized access to sensitive information. Awareness and preparedness against such tactics are critical for strengthening security measures and safeguarding patient data integrity.
