Home / News

Healthcare Industry Was the Most Common Victim of Third-Party Breaches in 2022

Health care industry was the most common victim of cyberattacks in 2022, according to a report by cyber intelligence firm, Black Kite. The study found a total of 34.9% of cyberattacks occurred in health care, up 1% from the year before, making it the most attacked sector for the second year in a row—most likely due to the heavy regulations surrounding Personal Health Information (PHI) that have only attracted more attention from hackers. The report also highlighted a lack of budget, outdated software, and the ability to remotely share personal data between patients and hospital systems as avenues for hackers to gain access to sensitive data.

The unintended effect of the Russian war: The report also showed that ransomware attacks accounted for 27% of third-party breaches in 2022, which was down from 2021, and that this could be an unintended effect of the Russian war in Ukraine. After health care, finance ranked second for total attacks last year, tallying 14.3%, and government was third, accounting for 9.5% of attacks.

Phishing attacks were the most common type of cyberattacks in health care in 2022, making up 50.7% of the attacks, followed by malware and ransomware, both of which accounted for 17.9% and 14.3%, respectively. Automaker Toyota topped the list of top five cybersecurity breaches of 2022, with a data breach exposing the emails of 300,000 customers, while Highmark Health ranked; third, with a breach exposing the names, dates of birth, and prescription information of 67,147 people.

The key finding from the report:

  • Unauthorized network access was the most common root cause of third-party attacks, initiating 40% of third-party breaches last year. The rise is partially due to the remote work model that has become prevalent with the pandemic.
  • Ransomware accounted for 27% of third-party breaches in 2022—a decrease from 2021 due to Russian sanctions, which hinder the ability of Russian-based cybercriminals to act.
  • The average time between an attack and the disclosure date was 108 days, with a 50% increase from 2021—giving threat actors more time to cause significant damage with stolen data.
  • Technical services vendors (providing infrastructure services) were the top target of third-party breaches. In the top three for a fourth consecutive year, these vendors were included in 30% of incidents.
  • The healthcare industry was the most common victim of third-party breaches accounting for 34% of incidents 2022—an increase from 2021—followed by finance (14%) and government (14%).

Bottom line: “The report contains good news and bad news. The good news, defenders are getting marginally better and the number of breaches via third parties dropped YoY. The bad news, while the number of breaches dropped, the impact of the breaches jumped. And we are seeing a lot of the same issues and vectors for successful attacks - this means basic blocking and tackling aren’t happening.” –Jeffrey Wheatman

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC


Sponsored byDNIB.com


Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global