The healthcare sector was the most breached in 2024, report finds.
Although attackers targeting PayPal users and tales of millions of stolen credit cards being given away for free on the dark web still dominate the headlines, don’t be fooled: healthcare hacking is where the real money is for the cybercriminal industry.
Healthcare Data Breaches Topped Finance In 2024
The latest data breach outlook report for 2025, published Feb. 24 by the Kroll Cyber Risk team, has analyzed the industry sectors that have been hardest hit across the entirety of 2024. The results are likely to shock many as finance is no longer the primary target for data hackers, having been overtaken by healthcare which accounted for nearly a quarter of all incidents according to the Kroll analysts.
The key findings of the report were as follows:
The most breached industry across 2024 was healthcare with 23%, just ahead of finance on 22% of all incidents. The latter dropped from 26% in the same report for the previous year.
The technology sector saw data breaches drop by 46%, with education (38%) and retail (33%) also experiencing big declines. However, technology was the most “proactive post-breach” sector according to Kroll, with 33% of inquiries following breach notification compared to 30% for healthcare and a surprisingly low 18% for the finance industry.
When it comes to taking up those offers of identity protection offered to consumers who have been impacted by a data breach, healthcare took the lead on 45% with a large number of these adding credit monitoring into the post-breach protections mix.
2024 Attacks Leave Healthcare Boards Pondering Overall Risk To Business
“2024 was, unfortunately, a standout year for the healthcare sector,” Denyl Green, global head of identify theft and breach notification at Kroll, said, “suffering from numerous cyberattacks culminating in a year that left healthcare boards thinking deeply of the overall risk to their businesses.” The reason for the uptick in attacks is simple enough: financial gain. “Healthcare data can be worth up to $1000 on the dark web, compared to the $5 that a credit card number is worth,” Green continued; “The threat of patient lives on the line means healthcare organizations are also more likely to pay the ransom in ransomware cases in order to restore their systems and ensure that patient care is not interrupted.”
