Healthcare Sector has Greatest Number of Reported Data Breaches in 2021

reported publicly from January 1, 2021 to June 30, 2021. There were 18.8 billion records exposed across those breaches, which is 32% lower than the first half of 2020 with 27.8 billion records exposed. About 85% of the breached records in the first 6 months of 2021 were due to the breach that happened at FBS Markets, a Forex trading service.

The report reveals cyber threat actors still target the healthcare sector since this sector has reported a greater number of data breaches compared to other industry sectors this year. Since 2017, the healthcare industry is the most targeted or close to the top one. It seems that the trend will not change soon. There were 238 healthcare data breaches reported in the first half of 2021. There were 194 reported incidents from the finance & insurance sector and 180 data breaches reported by the information sector.

The report indicates there were substantial changes in data breach developments in 2021. Although data breaches have dropped worldwide and have continued to be rather consistent in the United States, there is a noticeable growth in ransomware attacks. The record of Risk Based Security show 352 ransomware attacks in the first half of 2021. If that rate carries on, there will be significantly more attacks than 2020.

Ransomware attacks are very expensive in healthcare because of the long downtime period, and not being able to access medical records puts patient safety at risk. Ransomware gangs surely know this. The dependence on access to information and the high downtime cost raises the possibility of paying the ransom.

In 2020, data breaches began taking more time to be reported. That pattern has carried on in 2021. This is partly because of the growth in ransomware attacks, and investigations take longer. Also, there were a lot of cases when issuing breach notifications took unusually longer and regulators has begun to take notice of this.

Ransomware attacks proceed at a disturbing rate, causing serious ruin on the victim companies that depend on their services, according to Risk Based Security’s Executive Vice President Inga Goddijn. The slow reporting created by long incident investigations hasn’t become better and attackers still discover new opportunities to exploit evolving conditions.

67.97% of reported breaches were hacking incidents. Just 100 or 5.66% were because of viruses, and only 45 or 2.6% were due to email incidents. There were 76 or 4.30% web breaches reported; nevertheless, they led to the greatest number of breached records.

Data breaches that compromised access information like email addresses and passwords have continued to be the same as in other years. Email addresses were compromised in 40% of breaches while passwords were in 33%. 78.66% of reported breaches in 2021 were due to external threat actors and 13.75% were due to insiders. Of the proven insider breaches, 58.85% were accidental while 18.52% were because of malicious insiders.

Risk Based Security additionally reports that the severity of breaches is escalating. Big numbers of data breaches were reported in 2021 that had sensitive information involved, which is a notably disquieting trend.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at