NHS cyber-attacks – healthcare overtakes the finance industry for most breached industry in 2024

Kroll’s Cyber Risk team has today published its 2025 Data Breach Outlook, breaking down which sectors were hit hardest by breaches in 2024.

Healthcare overtook finance as the most breached sector, accounting for nearly a quarter of all incidents – especially relevant after last year’s wave of NHS cyber-attacks.

The report dives into the data Kroll’s Identify Theft and Breach Notification (ITBN) team collected from thousands of incidents handled throughout the year. Main findings in report include:

• Healthcare overtakes the finance industry for most breached industry in 2024, accounting for 23% of breaches.

• Data breaches in finance are declining, with the finance sector accounting for 22% of breaches in 2024, compared to 26% in 2023.

• There was a significant drop (46%) in the number of data breaches in the technology sector. The education and retail sectors also had significant decreases, at 38% and 33%, respectively.

• The technology sector is the most proactive post-breach with 33% of inquiries after being notified of a breach were related to the technology industry, compared to 30% in healthcare and only 18% in finance.

• However, healthcare ranked highest (45%) in the number of consumers who took up identity protection—often a combination of identity and credit monitoring.

• New credit card fraud was the most common type of fraud in 2024, accounting for 52% of cases.

• New cellphone fraud and auto loan account fraud were also trending in 2024. Interestingly, there was a significant decrease in utilities fraud.

Comment from Denyl Green, Global Head of Identify Theft and Breach Notification, Kroll: “2024 was unfortunately a standout year for the healthcare sector, suffering from numerous cyberattacks culminating in a year that left healthcare boards thinking deeply of the overall risk to their businesses. The largest healthcare data breach of the year, Change Healthcare, demonstrated the widespread disruption a breach can cause due the interconnectedness of the healthcare industry. The healthcare sector presents an enticing target for threat actors due to its potential for significant financial gain.

“Healthcare data can be worth up to $1000 on the dark web, compared to the $5 that a credit card number is worth. The threat of patient lives on the line means healthcare organizations are also more likely to pay the ransom in ransomware cases in order to restore their systems and ensure that patient care is not interrupted. Lastly, fraudulent medical claims using stolen identities provide an additional avenue for financial gain not seen with other types of stolen information. Business within the healthcare industry need to be looking at their medium-and long-term security programs to ensure they can remain safe and secure. Understanding who your adversaries are, and what their capabilities are, is key. From there, you can build a comprehensive risk strategy to understand the edges of your exposure, take down what you can and understand what you can’t.”

Please visit https://www.kroll.com/en to find out more.