Healthcare Data Breaches Surpass Finance, Increasing Ransom Risks

NEW YORK, NY — A recent report from the Kroll Cyber Risk team reveals a shocking shift in the landscape of data breaches, with healthcare surpassing finance as the most targeted sector in 2024. Released on February 24, 2025, the report shows healthcare accounted for 23% of all data breach incidents last year, narrowly edging out finance at 22%.

The findings indicate that the finance sector has seen a significant decline in breaches, down from 26% in 2023. This marks a notable turn in trends as healthcare’s vulnerabilities have come under increased scrutiny. The drop in breaches for the technology sector was also significant, showing a 46% reduction, while education and retail experienced declines of 38% and 33%, respectively.

Kroll’s report highlights the proactive approach within the technology sector post-breach, noting that 33% of organizations sought inquiries following breach notifications. This is contrasted by only 30% in healthcare and a mere 18% in finance, suggesting a varied response strategy across sectors.

An alarming statistic arises from the report regarding identity protection offers post-breach. Healthcare led the way as 45% of impacted consumers accepted such offers, with many also opting for credit monitoring services. “2024 was, unfortunately, a standout year for the healthcare sector,” said Denyl Green, Kroll’s global head of identity theft and breach notification. “The many cyberattacks left healthcare boards grappling with the overall risks to their businesses.”

The profit motive behind these attacks is clear. Green explained, “Healthcare data can be worth up to $1,000 on the dark web, compared to the $5 that a credit card number fetches. The immediacy of patient care means healthcare organizations may be more inclined to pay ransoms to restore systems quickly and avoid service disruptions.”

This evolving threat landscape underscores the urgency for healthcare institutions to bolster their cybersecurity defenses. As cybercriminals continue to exploit vulnerabilities for maximal financial gain, the protection of sensitive patient information remains paramount.