Kroll’s Data Breach Outlook 2025 report also reveals interesting information about cyberattacks on other sectors. Professional services, education, retail, and technology had fewer attacks. Cyberattacks on the technology sector dropped by 46%, education attacks fell by 38%, and retail attacks declined by 33%. Last year, attacks increased on the manufacturing, industrial services, government, and insurance sectors, with 25% more attacks on the insurance sector.
Cybercriminals are attracted to the healthcare sector because of the value of protected health information (PHI). They can use stolen data for malicious applications. The average earnings of hackers is about $5 per stolen credit card number whereas the earnings are approximately $1,000 for every set of stolen medical data. Attacking healthcare companies is easier because of their vast attack surface and use of older devices and software programs. These are the reasons for the difficulty of securing healthcare environments. Kroll says that finance has better incident response plans than the healthcare sector.
The healthcare sector is a rich target for cybercriminals. Companies should evaluate their medium- and long-term systems to ensure they can stay secure. Knowing your enemies and their abilities is important. Then, you can build a detailed risk plan to recognize your vulnerability, eliminate what you can, and know what you cannot.
As an identity theft protection and credit monitoring services provider, Kroll’s data provides information about the degree of concern among individuals impacted by data breaches. In 2024, the healthcare sector had the most number of consumers availing credit monitoring and identity theft protection services. About 45% of healthcare data breach victims availed of those services in 2024. About 25% of technology data breach victims and 20% of finance data breach victims availed of those services. Kroll notes that this was probably because of some highly published healthcare data breaches in 2024.
Although healthcare was number one on the list of people availing credit monitoring services, technology was number one on the list of calls after a data breach. Technology calls accounted for 33% of the total while healthcare calls accounted for 30% of the total. With regards to data misuse, the most common type of identity theft is new credit card fraud with 52% of cases, which was also the number of cases in 2023. New cellphone account fraud was the second most common type of identity theft with 9% of cases.