For the healthcare industry, 2024 was a year of many breaches—and expensive ones, too.
UnitedHealth Group’s CEO Andrew Witty told the US Senate Committee on Finance that his company paid a $22 million ransom, following a record-breaking 2024 cyberattack against its subsidiary Change Healthcare. (The February breach hit the personal information of 100 million people, according to the US Department of Health and Human Services.)
A report from the HIPAA Journal called 2024 the “the worst-ever year in terms of breached healthcare records”—claiming a 9.4% annual increase in compromised data and a 2024 total of 184,111,469 breached records.
Kroll’s Denyl Green sees high numbers in the future, too.
“Healthcare organizations hold a lot of really sensitive data, which is valuable, and ransomware attacks targeting those organizations have a definite impact,” Green told IT Brew.
As global head of breach notification at the risk advisory firm, Green’s teams help companies mail notifications, spin up dedicated call centers, and provide credit monitoring to impacted individuals. Kroll supports organizations in sectors like education, finance, government, and healthcare (but not Change Healthcare, the company said in a recent report).
The company’s study, released on Feb. 18 and sourced from over 1,000 of its global data breach cases, discovered:
- Healthcare was the most breached industry in 2024, accounting for 23% of breaches, compared to 18% in 2023.
- Healthcare stood first amongst other highly targeted sectors like finance, professional services, and retail.
Green spoke with IT Brew about the definite impacts—and surprises—after a rough year for healthcare IT.
Responses have been edited for length and clarity
What conclusions can we draw from the finding that healthcare accounted for 23% of breaches?
There’s a need to recover the systems pretty quickly, because it can affect patient care. I think that’s the trend we've been seeing, and we’ll continue to see. As long as there’s ways for the threat actors to get in and get a hold of the data, the ransomware itself is a huge draw.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Is the healthcare industry struggling to stop breaches? In some ways, are they an easier target?
I believe so. You have complex, interconnected systems spanning many, many sub-entities that are connected and sharing data. So, you can imagine that it expands the risk enormously with system upkeep and making sure vulnerabilities aren’t there. There’s also the human factor. So, many different users logging into a system continues to be a prevalent method to get access.
Which findings surprised you?
I personally am surprised with the prevalence of ransomware payments. Not in my role at Kroll, but as a consumer, it’s hard to understand…It feels a bit like we’re enabling the threat actors to continue this behavior with those sorts of payments. We’re giving them what they want. It’s not helping secure my data. We just paid millions of dollars to get access back to the data. On the flip side, as a professional in this industry, I understand the reasoning and the logic behind the payment—back to where we started the conversation, with that need to restore systems quickly and keep patient care running. The surprise, I think, is just the dollar value that you see coming out in these ransomware attacks.
What to you is the standout finding from this report?
Our most sensitive data is what was most at risk in 2024—healthcare data encompassing not just our social security number, not just our name, our credit card, but everything within our medical files. There’s personal, reputational damage stemming from medical identity theft. The impacts are pretty far reaching. People really need to be aware that this risk is there with their most sensitive data.