Introduction by Denyl Green, Global Head of Breach Notification, Kroll

When it comes to security, 2024 was unfortunately a standout year for the healthcare sector. Kroll found that the healthcare industry was the most breached, had fairly immature incident response practices, and unfortunately suffered numerous cyberattacks culminating in a year that left healthcare boards thinking deeply of the overall risk to their businesses. According to The HIPAA Journal,“ 2024 was the worst-ever in terms of breached healthcare records, which jumped by 9.4 % from last year’ s record-breaking total to 184,111,469 breached records.” This is due to the largest healthcare data breach of the year, Change Healthcare.

In February of last year, a ransomware group breached the Change Healthcare network and exfiltrated the health information of reportedly an estimated 100 million individuals and then encrypted the files.

Change Healthcare disclosed that the attack started when members of the BLACKCAT ransomware group used stolen credentials to log into the company’ s Citrix remote access service. This event demonstrated the widespread disruption a breach can cause due to the number of healthcare organisations that relied on Change Healthcare’ s systems.

Though Kroll did not handle the Change Healthcare breach response, Kroll assisted with numerous large third-party breaches and saw firsthand the impact to organisations recovering from these incidents. Kroll handles thousands of incidents every year

20 www. intelligenthealth. tech