Cybercriminals
exposed more than 5 billion records in 2019, costing US organizations over $1.2
trillion, according to a new report. Healthcare was the most targeted industry last
year and remains an active target in 2020, accounting for 51% of incidents in
Q1 – likely fueled by the COVID-19 pandemic.
Researchers are noticing a sharp increase in costs related to data breaches. While the 2.8 billion records exposed in 2018 cost organizations more than $654 billion, the over 5 billion records exposed in 2019 cost $1.2 billion. This lifts the total cost from data breaches to over $1.8 trillion in two years, according to digital identity firm ForgeRock.
Breaches
have increased dramatically, both in actual numbers and costs, with healthcare
emerging as the most targeted industry in 2019, accounting for 382 breaches and
over $2.45 billion in costs. Medical records were the most sought-after type of
PII in Q1 2020, accounting for 25% of all exposed data. These findings are
consistent with other reports tracking attacks on healthcare institutions.
A CBC Canada report revealed this week that medical records can fetch up to $200 on the dark web as they give malicious actors immense leverage in fraud campaigns. One expert cited in the CBC piece opined that healthcare in Canada is 20 years behind banks when it comes to cyber-hygiene. ForgeRock researchers further note that technology firms had the highest number of records compromised by breaches, with over 1.37 billion exposed.
According to
the report, unauthorized access was the most common attack vector used in 2019,
responsible for 40% of breaches, followed by ransomware and malware at 15% and
phishing at 14%.
Personally
identifiable information (PII) as defined by new legislature (i.e. GDPR)
remained the most targeted data by attackers and was exposed in 98% of 2019
breaches, up from 97% in 2018.
“By
targeting PII and leveraging unauthorized access, cybercriminals highlight how
weaknesses in enterprises’ identity and access management practices
increasingly allow for greater volumes and more sensitive types of data to be
pilfered,” researchers stressed.
Banking/insurance/financial
came second after healthcare, accounting for 12% of all breaches. Education
followed, at 7%, then government and retail, each with a 5% share.
Researchers
say 2020 is set to outpace last year in terms of records breached, even though
the number of individual incidents has dropped by 57%. And healthcare breaches
will likely dominate, driven by fraudulent COVID-19 campaigns geared towards
medical institutions and unwary members of the public.
Bitdefender’s own researchers in Q1 2020 found that the number of global cyberattacks targeting hospitals in March increased by almost 60% from February. According to our data over the past 12 months, this marked the highest spike in our global evolution of cyberattacks detected at hospitals.