New findings reveal that in the US, healthcare was the most breached industry during the first quarter of 2020.

New research from ForgeRock has revealed that across multiple geographies, the number of organisations and consumers impacted by data breach and cyber attacks has soared year-on-year.

In the US alone, 5 billion records were exposed in 2019 at a cost of $1.2 trillion, up from $654 billion the previous year, of which the technology sector had the costliest impact of over $250 million for more than 1.3 billion breached records. 

The ForgeRock Consumer Identity Breach Report 2020 also revealed that in the US, unauthorised access was the top attack method among cybercriminals (40%) for the second year in a row, followed by ransomware/malware (15%), phishing (14%), and misconfiguration (3%).

“This increase in unauthorized access attacks showcases the need for organizations to employ a sophisticated identity solution to prevent nefarious agents from accessing consumer data,” the report explained.

Other key US findings found:

  • Healthcare was the most breached industry in Q1 2020, accounting for 51% of all breaches, followed by banking (13%).
  • Social Security numbers and date of birth details accounted for 37% of breached data in 2019, down from 54% in 2018. 

The report also took a closer look at the UK and found the healthcare sector to be the most-at risk. With the NHS alone having access to 55 million high-quality primary care and 23 million specialist car records, it is understandable to see why the UK healthcare sector represents such an attractive target. 

“Healthcare presents unique challenges due to the extent of sensitive data being shared in the complex and multi-partner clinical process. Medical facilities are often public, meaning devices are susceptible to physical tampering. And third-party risk arises from the long chain of medical partners, including labs, specialists, and doctors’ surgeries. Each represents a vector for malicious attack,” the report read. 

The report found that since the introduction of mandatory breach reporting in the UK, the number of breaches reported to the Information Commissioner’s Office (ICO) has increased to 14,000 between May 25, 2018 to May 1, 2019. 

It also noted that the Information Commissioner’s Office has a role to play in data breach prevention outside of enforcement. Unlike other jurisdictions, like Australia, there is a lack of comprehensive public data for the industry to analyse, thus this small knowledge-disparity makes it more difficult for UK cybersecurity professionals to know where to concentrate their efforts.

Other UK findings found include:

  • Nearly 46% of UK businesses experienced a data breach in the last 12 months, to which the sophistication and frequency is only increasing every year.
  • Phishing attackers were the most common method of attack in 2019.