Data Breach Cases in the Healthcare Industry Increase by Nearly 90% in 2020

Malware and email compromise account for more than half (62%) of cyber incidents reported by healthcare organisations between January - September 2020

Only a third of Australian healthcare organizations have embedded cyber awareness and training into their policies and procedures

Sydney – Kroll, a division of Duff & Phelps and global leader in risk mitigation, investigations, compliance, cyber resilience, security and incident response solutions, has today released a whitepaper which explores the impact of COVID-19 on healthcare’s cyber security landscape and shares best practice guidance for healthcare providers. 

A rapid shift to remote working, the expansion of telehealth services and a workforce under increased pressure, all triggered by COVID-19, has led to an 86% increase in healthcare data breach notification cases globally between March and September 2020.

“The COVID-19 pandemic triggered a sudden shift to remote health services, and while this was essential and widely embraced, in many instances crucial security elements were left behind,” said Louisa Vogelenzang, Associate Managing Director and Asia-Pacific lead for Identity Theft and Breach Notification services in Kroll’s Cyber Risk practice.

“As Australian health organizations continue to digitize and transition online, it’s critical they address cyber security policies and procedures to ensure patient’s data is adequately protected. Multiple points of vulnerability which distinguish the new risk landscape—including remote workforces and the expansion of telehealth services—have heightened the threat of cyberattacks and data breaches for providers and patients.”

According to Kroll’s Data Breaches in the Healthcare Industry Whitepaper, email compromise and malware account for more than half (62%) of the incidents reported this year as of September, 2020, highlighting the rising risk of human error due to changed working conditions brought about by the pandemic. Previous reports also indicate that stolen health information—including Medicare numbers, medical insurance and credit card information—is being sold on the dark web for up to AU$1000. 

The whitepaper suggests this new environment requires an enhanced security focus to ensure patient data is secure. With telehealth services likely to remain a key component of Australia’s healthcare industry, the report unpacks the implications for the security of patient information and how healthcare providers can ensure the security of their telehealth solutions. 

“For healthcare providers looking to make telehealth services a permanent fixture of their offering, it’s essential they have a good third-party risk assessment program in place to ensure all security risks are considered from the start and contracts are reviewed for security-related provisions, as well as general terms and conditions,” said Brian Lapidus, Managing Director and Global Breach Notification Leader. 

The whitepaper also looks at new and changing regulatory obligations facing the healthcare industry and community expectations around how consumer data is managed and safeguarded. 

“In an increasingly challenging cyber security landscape, healthcare providers must be prepared for a data breach to ensure they’re in the best defensible position when a cyberattack inevitably occurs,” he added. 

About Kroll
Kroll is the leading global provider of risk solutions. For more than 45 years, Kroll has helped clients make confident risk management decisions about people, assets, operations and security through a wide range of investigations, cyber security, due diligence and compliance, physical and operational security, and data and information management services. For more information, visit

Duff & Phelps is the world’s premier provider of governance, risk and transparency solutions. We work with clients across diverse sectors in the areas of valuation, corporate finance, disputes and investigations, cyber security, claims administration and regulatory compliance. With Kroll, the leading global provider of risk solutions, and Prime Clerk, the leader in complex business services and claims administration, our firm has nearly 4,000 professionals in 25 countries around the world. For more information, visit

For media inquiries, please contact:
Grace McCarthy
M: +61 422 558 112
[email protected]

2020-11-19T00:00:00.0000000 0001-01-01T00:00:00.0000000 /en/about-us/news/healthcare-industry-data-breach-cases-increase-2020 /-/media/kroll/images/news/featured-images/2019/data-breach-notification-service-australia.jpg news {CE589BFE-43ED-4214-8CBC-A96989570B0F} {E39587AD-8F0B-4FE2-865F-969BC5501096} {911A8E3E-0E6C-4303-A7D0-63E02AA205CF} {34183564-0FD0-4B23-83DD-F39E7A73B28B} {4D975B32-83A6-485A-843E-2131B17303F0} {2BF96B38-05C8-4166-9F18-E9107C8FC5E0}

Other Areas We Can Help

Cyber Risk

Cyber Risk

Global, end-to-end cyber risk solutions.

Cyber Risk
Cyber Risk: The New Due Diligence Frontier, Identity Monitoring

Data Breach Notification Letters

Notification letters personalized by industry including healthcare, financial, legal and others.

Data Breach Notification Letters