healthcare working using tablet

Healthcare Industry at Highest Risk of Cybersecurity Breaches, Study Finds

While healthcare organizations are confidently moving sensitive patient data to the cloud, less than half are encrypting that information.

The healthcare industry is at the highest risk for data and cybersecurity breaches out of any economic sector in the country, according to a new study.

The report by Thales, a French security company, and IDC, an analysis firm, found that 70 percent of 100 total healthcare organizations have experienced a data breach. A third of the organizations surveyed reported a breach in the last year alone.

Adding to the cybersecurity risks is the fact that 80 percent of institutions reported storing data on the cloud, but only 38 percent of them encrypt data on their cloud platforms.

"Data security is increasingly complex, particularly for healthcare organizations immersed in cloud and digital transformation initiatives,” Tina Stewart, vice president market strategy for cloud protection and licensing activity at Thales, said in a statement. “The focus should be to encrypt everything in the cloud and keep control of the data by centrally managing the keys to the encrypted data."

According to Thales and IDC, healthcare organizations face a “broad and ever-expanding threat surface” due to the huge amount of information they collect on patients, insurance companies and more. The firms also found that IT security spending in the industry is down, making it harder for organizations to beef up their cybersecurity operations and prevent breaches.

"Healthcare data is especially attractive to hackers because it's far more valuable than other kinds of data that can be accessed and exploited,” Frank Dickson, the program vice president for security products research at IDC, said in a statement.

He added that it is harder to mitigate the damage done to patients when healthcare data is stolen.

“A credit card can be cancelled or a bank account can be closed, but private patient data circulates endlessly which opens opportunities for various types of fraud to occur again and again from a single breach,” Dickson said.

The firms recommended that organizations dedicate more resources to cloud-based security solutions, adopt new data security strategies including encryption, and prioritize compliance with data security regulations.

The findings match up with other recent studies, according to industry news website HealthcareDive. A June study by Integris Software found that while a majority of healthcare companies in the U.S. felt confident in their ability to manage sensitive data, about half updated their inventory of that data once a year or less.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Report Shows Cybercriminals Continue Pivot to Stealthier Tactics

    IBM recently released the 2025 X-Force Threat Intelligence Index highlighting that cybercriminals continued to pivot to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined. IBM X-Force observed an 84% increase in emails delivering infostealers in 2024 compared to the prior year, a method threat actors relied heavily on to scale identity attacks. Read Now

  • 2025 Security LeadHER Conference Program Announced

    ASIS International and the Security Industry Association (SIA) – the leading membership associations for the security industry – have announced details for the 2025 Security LeadHER conference, a special event dedicated to advancing, connecting and empowering women in the security profession. The third annual Security LeadHER conference will be held Monday, June 9 – Tuesday, June 10, 2025, at the Detroit Marriott Renaissance Center in Detroit, Michigan. This carefully crafted program represents a comprehensive professional development opportunity for women in security this year. To view the full lineup at this year’s event, please visit securityleadher.org. Read Now

    • Industry Events
  • Report: 82 Percent of Phishing Emails Used AI

    KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today launched its Phishing Threat Trend Report, detailing key trends, new data, and threat intelligence insights surrounding phishing threats targeting organizations at the start of 2025. Read Now

  • NRF Supports Federal Bill to Thwart Retail Crime

    The National Retail Federation recently announced its support for the Combating Organized Retail Crime Act of 2025. The act was introduced by Chairman Chuck Grassley, R-Iowa, Senator Catherine Cortez Masto, D-Nev., and Representative Dave Joyce, R-Ohio. Read Now

  • ISC West 2025 Brings Almost 29,000 Industry Professionals to Las Vegas

    ISC West 2025, organized by RX and in collaboration with the Security Industry Association, concluded at the Venetian Expo in Las Vegas last week. The nation’s leading comprehensive and converged security event attracted nearly 29,000 industry professionals and left a lasting impression on the global security community. Over five action-packed days, ISC West welcomed more than 19,000 attendees and featured 750 exhibiting brands. Read Now

    • Industry Events
    • ISC West

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.