More than 65 percent of healthcare data in the United Kingdom is exposed through a surprisingly small number of security incidents, highlighting serious weaknesses in data protection across the sector. According to recent findings, just 11 percent of reported data security breaches are responsible for most of the leaked healthcare information, putting millions of patient records at risk.
Data breaches typically involve the unauthorized exposure of sensitive information belonging to individuals, consumers, or organizations. However, the healthcare industry remains a particularly attractive target for cybercriminals due to the high value of medical records. A study conducted by cybersecurity firm Huntsman Security reveals that healthcare data is disproportionately affected when breaches occur, with a limited number of incidents causing extensive damage.
The research also compared international trends and found that Australia is performing relatively better than the UK in this area. In Australia, approximately 28 percent of data security incidents were responsible for 90 percent of healthcare data leaks. While still concerning, this concentration suggests that improved controls over high-risk incidents could significantly reduce overall data exposure.
These insights were uncovered through a collaborative effort between Huntsman Security, the UK Information Commissioner’s Office (ICO), and the Office of the Australian Information Commissioner (OAIC). Researchers analyzed data linked to more than three million individuals to understand how breaches occur, what data is most targeted, and whether such incidents could have been avoided.
One of the most alarming findings of the study is that nearly 45 percent of all observed data breaches were preventable. This indicates that basic cybersecurity measures—such as better access controls, employee training, and system monitoring—could have stopped almost half of these incidents before any data was compromised.
Furthermore, the study found that in approximately 63 percent of healthcare-related breaches, attackers were specifically targeting medical information rather than personal identifiers or financial details. This is because healthcare data holds significant value on the dark web. Medical records can be used for identity theft, insurance fraud, and black-market resale, often generating higher returns than stolen credit card information.
Overall, the findings underscore the urgent need for stronger cybersecurity practices in the healthcare sector. With sensitive patient data increasingly under threat, organizations must prioritize preventive measures to reduce risks, protect patient privacy, and maintain public trust
Join our LinkedIn group Information Security Community!
