Thu, Nov 19, 2020

Data Breach Cases in the Healthcare Industry Increase by Nearly 90% in 2020

Malware and email compromise account for more than half (62%) of cyber incidents reported by healthcare organisations between January - September 2020

Only a third of Australian healthcare organizations have embedded cyber awareness and training into their policies and procedures

Sydney – Kroll, the global leader in risk mitigation, investigations, compliance, cyber resilience, security and incident response solutions, has today released a whitepaper which explores the impact of COVID-19 on healthcare’s cyber security landscape and shares best practice guidance for healthcare providers. 

A rapid shift to remote working, the expansion of telehealth services and a workforce under increased pressure, all triggered by COVID-19, has led to an 86% increase in healthcare data breach notification cases globally between March and September 2020.

“The COVID-19 pandemic triggered a sudden shift to remote health services, and while this was essential and widely embraced, in many instances crucial security elements were left behind,” said Louisa Vogelenzang, Associate Managing Director and Asia-Pacific lead for Identity Theft and Breach Notification services in Kroll’s Cyber Risk practice.

“As Australian health organizations continue to digitize and transition online, it’s critical they address cyber security policies and procedures to ensure patient’s data is adequately protected. Multiple points of vulnerability which distinguish the new risk landscape—including remote workforces and the expansion of telehealth services—have heightened the threat of cyberattacks and data breaches for providers and patients.”

According to Kroll’s Data Breaches in the Healthcare Industry Whitepaper, email compromise and malware account for more than half (62%) of the incidents reported this year as of September, 2020, highlighting the rising risk of human error due to changed working conditions brought about by the pandemic. Previous reports also indicate that stolen health information—including Medicare numbers, medical insurance and credit card information—is being sold on the dark web for up to AU$1000. 

The whitepaper suggests this new environment requires an enhanced security focus to ensure patient data is secure. With telehealth services likely to remain a key component of Australia’s healthcare industry, the report unpacks the implications for the security of patient information and how healthcare providers can ensure the security of their telehealth solutions. 

“For healthcare providers looking to make telehealth services a permanent fixture of their offering, it’s essential they have a good third-party risk assessment program in place to ensure all security risks are considered from the start and contracts are reviewed for security-related provisions, as well as general terms and conditions,” said Brian Lapidus, Managing Director and Global Breach Notification Leader. 

The whitepaper also looks at new and changing regulatory obligations facing the healthcare industry and community expectations around how consumer data is managed and safeguarded. 

“In an increasingly challenging cyber security landscape, healthcare providers must be prepared for a data breach to ensure they’re in the best defensible position when a cyberattack inevitably occurs,” he added. 

About Kroll
Kroll is the world’s premier provider of services and digital products related to governance, risk and transparency. We work with clients across diverse sectors in the areas of valuation, expert services, investigations, cyber security, corporate finance, restructuring, claims administration, data analytics and regulatory compliance. Our firm has nearly 5,000 professionals in 30 countries and territories around the world. For more information, visit

M&A advisory, capital raising and secondary market advisory services in the United States are provided by Duff & Phelps Securities, LLC. Member FINRA/SIPC. Pagemill Partners is a Division of Duff & Phelps Securities, LLC. M&A advisory, capital raising and secondary market advisory services in the United Kingdom are provided by Duff & Phelps Securities Ltd. (DPSL), which is authorized and regulated by the Financial Conduct Authority. Valuation Advisory Services in India are provided by Duff & Phelps India Private Limited under a category 1 merchant banker license issued by the Securities and Exchange Board of India.

For media inquiries, please contact:
Grace McCarthy
M: +61 422 558 112
[email protected]

Identity Theft and Breach Notification

Services include drafting communications, full-service mailing, alternate notifications.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Notification, Call Centers and Monitoring

Kroll’s data breach notification, call centers and monitoring team brings global breach response expertise to efficiently manage regulatory and reputational needs.

Data Breach Notification Letters

Kroll will work with your team to implement a personalized, plain-language notification letter that provides pertinent information and maintains message control.

Data Breach Call Center Services

A notification letter can generate lots of questions for those affected by a data breach. Kroll’s call center services are provided by skilled representatives who know how to handle difficult questions and stand at the ready to serve your breached population.