Health Sector Most Targeted by Hackers, Breach Costs Rise to $17.76B

Updated: Jun 12, 2020

ForgeRock’s annual consumer identity breach report found the healthcare sector was the most targeted by hackers in 2019, which has continued into 2020. And its 382 data breaches cost the sector more than $2.45 billion.


June 09, 2020 - The healthcare sector was the most targeted by hackers and cyberattacks in 2019. And its 382 data breaches cost the sector more than $17.76B billion, according to ForgeRock’s 2019 Consumer Breach Report.


The healthcare sector accounted for 45 percent of data breaches in 2019, followed by the banking, insurance, and financial sector at 12 percent. Researchers calculated the $17.76B spent on data breaches amounted to about $429 per breached patient record, up 5.14 percent from 2018.


ForgeRock researchers analyzed the data breaches affecting consumers across all sectors reported between January 1, 2019 and March 31, 2020, which were the categorized by sector. Researchers found that breaches have dramatically increased during that timeframe, both in numbers and in costs.


In fact, the average cost of a single breach increased 112 percent from $3.86 million in 2018, to $8.9 million in 2019. The number of breaches impacting consumers rose 78.57 percent, from 2.8 billion in 2018, to 5 billion in 2019.


“As organizations recover from effects of the COVID-19 pandemic, the impact of these breaches extends beyond the bottom line,” researchers wrote. “Consumers are leveraging their digital identity more than ever for tasks and online activities to maintain their daily lives, for everything from remote access to work applications.”


“Protecting digital identities is no longer an afterthought for organizations,” they added. “It is an immediate mandate to maintain trust with consumers and avoid costly breaches.”


ForgeRock also analyzed the most common vulnerabilities and other methods hackers leveraged to gain access into victims’ networks. Unauthorized access was the most common type of breach accounting for 40 percent of incidents, compared to 34 percent in 2018.


Ransomware and malware accounted for the second highest number of breaches at 15 percent, compared to 13 percent in 2018. Phishing attacks rounded up the top three, accounting for 14 percent of all breaches.


Notably, the number of breaches impacting Social Security numbers and dates of birth information decreased by 14.5 percent, from 54 percent in 2018 to 37 percent in 2019. However, attacks targeting this sensitive data increased to 37 percent of attacks.


“This consumer data will continue to be a priority target for cybercriminals, as they look to leverage this data to open accounts, exploit it for ransom or use it to access other sensitive data, such as bank account information or health records,” researchers explained.


Names and addresses were the second-most targeted data at 18 percent of attacks, while protected health information was targeted in 17 percent of attacks.


So far in 2020, there have been a total of 92 reported breaches, with personally identifiable information the most targeted data type and comprising of 96 percent of those breaches. Specifically, hackers targeted Social Security numbers and dates of birth the most, making up 34 percent of data breaches and more than 1.15 billion records breached.


Medical records were the second most targeted during Q1 2020, accounting for 25 percent of breaches.


Unauthorized access was the top method leveraged during Q1 2020 attacks and comprising 39 percent of breaches. The