Verizon DBIR: System Intrusion is Top Healthcare Breach Cause

The healthcare sector remains a top target for cyberthreat actors, and the Verizon Data Breach Investigations Report (DBIR) has reconfirmed this with its 2025 findings. In fact, system intrusion overtook miscellaneous errors as the top cause of healthcare data breaches in 2024. This trend is a cause for concern, as it highlights the increasing sophistication and diversity of cyber threats against healthcare organizations.

Verizon analyzed more than 22,000 security incidents across several sectors, including healthcare. The report found that third-party involvement in breaches doubled, and vulnerability exploitation increased by 34%. Additionally, ransomware attacks rose by 37% since last year's report. Verizon tracked 1,710 healthcare incidents, with 1,542 of these confirmed data disclosure.

System intrusion, as defined by Verizon, encompasses all breaches and incidents that leverage a diversity of techniques, primarily hacking techniques and malware, along with social engineering tactics. This definition includes a wide range of reliable cyber threat tactics, such as credential stealing, exploitation of vulnerabilities, phishing, and ransomware. The report noted that healthcare continues to be a favorite target for this type of attacker, due in part to the urgent need for access to data in emergency situations.

While system intrusion overtook miscellaneous errors as the top cause for healthcare data breaches, miscellaneous errors remain a prevalent occurrence in healthcare that can escalate into large-scale breaches. According to Verizon, the majority of observed healthcare incidents were financially motivated, with 16% attributed to espionage – a significant increase from last year's 1%. The report attributes this rise in espionage-motivated breaches to changes in its contributor makeup.

The majority of cyber threat actors impacting the healthcare sector remained external rather than internal. However, Verizon notes that the compromised data often fell under the categories of medical, personal, and internal records. Furthermore, third-party breaches have become a significant concern, with these incidents impacting numerous organizations and patients, making headlines throughout the year.

"The DBIR's findings underscore the importance of a multi-layered defense strategy," said Chris Novak, vice president, global cybersecurity solutions, Verizon Business, in a press release. "Businesses need to invest in robust security measures, including strong password policies, timely patching of vulnerabilities, and comprehensive security awareness training for employees."

Overall, the Verizon DBIR report highlights the ongoing threat landscape in healthcare and emphasizes the importance of prioritizing cybersecurity measures to protect against these threats.