Cybersecurity News

Health Sector Most Targeted by Hackers, Breach Costs Rise to $17.76B

ForgeRock’s annual consumer identity breach report found the healthcare sector was the most targeted by hackers in 2019, which has continued into 2020. And its 382 data breaches cost the sector more than $2.45 billion.

healthcare data cybersecurity health records endpoint security phishing ransomware unauthorized access

By Jessica Davis

- The healthcare sector was the most targeted by hackers and cyberattacks in 2019. And its 382 data breaches cost the sector more than $17.76B billion, according to ForgeRock’s 2019 Consumer Breach Report.

The healthcare sector accounted for 45 percent of data breaches in 2019, followed by the banking, insurance, and financial sector at 12 percent. Researchers calculated the $17.76B spent on data breaches amounted to about $429 per breached patient record, up 5.14 percent from 2018.

ForgeRock researchers analyzed the data breaches affecting consumers across all sectors reported between January 1, 2019 and March 31, 2020, which were the categorized by sector. Researchers found that breaches have dramatically increased during that timeframe, both in numbers and in costs.

In fact, the average cost of a single breach increased 112 percent from $3.86 million in 2018, to $8.9 million in 2019. The number of breaches impacting consumers rose 78.57 percent, from 2.8 billion in 2018, to 5 billion in 2019.

“As organizations recover from effects of the COVID-19 pandemic, the impact of these breaches extends beyond the bottom line,” researchers wrote. “Consumers are leveraging their digital identity more than ever for tasks and online activities to maintain their daily lives, for everything from remote access to work applications.”

“Protecting digital identities is no longer an afterthought for organizations,” they added. “It is an immediate mandate to maintain trust with consumers and avoid costly breaches.”

ForgeRock also analyzed the most common vulnerabilities and other methods hackers leveraged to gain access into victims’ networks. Unauthorized access was the most common type of breach accounting for 40 percent of incidents, compared to 34 percent in 2018.

Ransomware and malware accounted for the second highest number of breaches at 15 percent, compared to 13 percent in 2018. Phishing attacks rounded up the top three, accounting for 14 percent of all breaches.

Notably, the number of breaches impacting Social Security numbers and dates of birth information decreased by 14.5 percent, from 54 percent in 2018 to 37 percent in 2019. However, attacks targeting this sensitive data increased to 37 percent of attacks.

“This consumer data will continue to be a priority target for cybercriminals, as they look to leverage this data to open accounts, exploit it for ransom or use it to access other sensitive data, such as bank account information or health records,” researchers explained.

Names and addresses were the second-most targeted data at 18 percent of attacks, while protected health information was targeted in 17 percent of attacks.

So far in 2020, there have been a total of 92 reported breaches, with personally identifiable information the most targeted data type and comprising of 96 percent of those breaches. Specifically, hackers targeted Social Security numbers and dates of birth the most, making up 34 percent of data breaches and more than 1.15 billion records breached.

Medical records were the second most targeted during Q1 2020, accounting for 25 percent of breaches.

Unauthorized access was the top method leveraged during Q1 2020 attacks and comprising 39 percent of breaches. The second most popular breach method during Q1 2020 was phishing, which researched explained will likely be a top attack method through the year as hackers continue their attempts to exploit the COVID-19 pandemic.

Federal agencies and security researchers have frequently reported new phishing and fraud methods used by hackers amid the crisis.

Interestingly, the number of impacted records is up 9 percent from 1.4 billion, despite the total number of breaches declining by 57.79 percent.

And the healthcare sector was the most breached during Q1 2020, accounting for 51 percent of all breaches. Banking was the second-most targeted, but with just 13 percent of breaches. Researchers stressed that healthcare providers will continued to be targeted by hackers, as more consumers are tested and treated for COVID-19.

As a result, organizations “must prioritize not only their patients’ well-being, but their data protection, as well.”

“When it comes to data breaches, we’re seeing the biggest cybersecurity problem continues to be an identity problem,” Eve Maler ForgeRock CTO, said in a statement. “The Consumer Identity Breach Report’s findings demonstrate that enterprises need to increase their identity and access management maturity.”

“The secret is democratizing data control so organizations can allow known users to hop onto authentication ‘express lanes’ for a great experience, entrusting them with convenient consent options, and make bad actors jump through extra hoops to help prevent fraud,” she added.