Verizon DBIR: System intrusion is top healthcare breach cause

The healthcare sector remains a top target for cyberthreat actors, the Verizon DBIR, or Data Breach Investigations Report, reconfirmed with its 2025 findings. System intrusion, which includes ransomware, overtook miscellaneous errors as the top cause of healthcare data breaches in 2024, the report found.

What's more, Verizon observed a troubling uptick in espionage as a motive for cyberthreat actors in the healthcare sector.

The report analyzed more than 22,000 security incidents across several sectors, including healthcare. Across all sectors included in the report, third-party involvement in breaches doubled, and vulnerability exploitation increased by 34%. Additionally, ransomware attacks rose by 37% since last year's report.

Verizon tracked 1,710 healthcare incidents, 1,542 of which confirmed data disclosure. System intrusion rose to the top spot in healthcare breach causes.

System intrusion "encapsulates all the breaches and incidents that leverage a diversity of techniques, predominately hacking techniques and malware, with a dash of social engineering," the report stated.

Verizon's definition of a system intrusion includes a wide range of reliable cyberthreat tactics, like credential stealing, exploitation of vulnerabilities, phishing and ransomware.

"Healthcare continues to be a favorite target for this kind of attacker, and the urgent need for access to data in emergency situations only adds to the pressure healthcare organizations feel when their systems are all unavailable and they must resort to more old-school processes," the report noted.

Although system intrusion overtook miscellaneous errors as the top cause for healthcare data breaches, miscellaneous errors remain a prevalent occurrence in healthcare that can escalate into large-scale breaches.

While the majority of the observed healthcare incidents were financially motivated, an alarming 16% of healthcare incidents were attributed to espionage, compared to just 1% last year. Verizon attributed a portion of the rise in espionage-motivated breaches to changes in its contributor makeup. It also noted that the uptick is worth keeping an eye on when it comes to cyberthreat actor trends.

The majority of cyberthreat actors impacting the healthcare sector remained external rather than internal, and the compromised data fell under the categories of medical, personal and internal.

"And if having your own systems at risk isn’t bad enough, you also need to contend with the risks of your entire supplier/partner infrastructure," the report continued. "These third-party breaches impacted a huge number of organizations and patients and made headlines all year long."

The rise in third-party breaches has underscored the importance of including vendor contingency plans in an organization's incident response and recovery planning processes.

Overall, the Verizon DBIR report showed that cyberthreat actors continue to be unafraid when it comes to targeting critical infrastructure entities and the vendors that surround them.

"The DBIR's findings underscore the importance of a multi-layered defense strategy," said Chris Novak, vice president, global cybersecurity solutions, Verizon Business, in a press release.

"Businesses need to invest in robust security measures, including strong password policies, timely patching of vulnerabilities, and comprehensive security awareness training for employees."