Health Sector Most Targeted in Ransomware Attacks

Pamila Muzaffar
Data Breach Solicitor

Recent statistics from the Information Commissioner’s Office (ICO) have revealed that there were 8,815 data security incidents in the last 12 months, which caused sensitive personal data to be leaked, stolen or seen by the wrong person.

According to The Times, over 500 organisations lost data through a ransomware attack and the majority of those targeted were from the health and education sectors.

As the number of ransomware attacks is continuing to rise in the public and private sectors, data breach experts are reminding organisations to put better measures in place to protect people’s personal data.

What is a Ransomware Attack?

Ransomware is a form of malware, a malicious software that’s intended to harm a device or network. In a ransomware attack, cyber criminals will gain access to a company’s network and install ransomware to block their access. They’ll then ask for a ‘ransom’ in exchange for unlocking the computer and restoring access.

Large organisations are often targeted in these attacks as criminals know they hold large quantities of personal data and have the money to pay the ransom.

How is Personal Data Used?

Organisations collect personal data for a range of reasons, including:

      • Tracking and measuring customer behaviour e.g. shopping habits
      • Improving security measures e.g. fingerprint or voice activation
      • Improving customer experiences e.g. personalised promotions and offers
      • Selling data to other organisations e.g. advertisers

With personal data being the most valuable commodity in the world, it’s no wonder that ransomware attacks are on the rise. But what do cybercriminals use your data for?

There are a few reasons why criminals target large organisations for personal data.

This includes:

        • Identity theft – criminals can use personal details like your name, address and banking details to create online accounts or take out loans in your name
        • Hacking into your personal accounts – if the criminals access your email address and passwords, they can take over any online accounts you use these for by changing the password
        • Selling your personal data – unlike organisations who will ask for your consent to share your data with other companies, cybercriminals will sell the data they’ve stolen to other criminals on the dark web
        • Phishing – this is when criminals trick victims into giving them personal information like banking details by posing as a convincing account, such as a bank or online retailer

Which Sectors are most affected by Data Breaches?

The report found that the sectors that suffered the most data breaches in 2020/21 were:

          • Health – 1,512 breaches
          • Education – 1,208 breaches
          • Retail – 948 breaches
          • Charity – 527 breaches

Data being sent to the wrong person was listed as the most common cause of these data breaches (accounting for more than 3,000 cases). The rest were down to criminal activity including phishing, and ransomware and malware attacks.

When looking at the last two years, the ICO reported 3,557 personal data breaches across the NHS, leading to thousands of NHS patients’ data being stolen, lost or exposed to the wrong people. For example, 866 of these data breaches involved personal patient data being emailed or posted to the wrong person. Personal data was also lost because of paperwork and devices going missing, and NHS staff telling patients the wrong information.

Due to the sensitive nature of NHS patient data, it’s concerning to see these statistics. While we hope these findings will encourage more organisations to crack down on their data security systems, we recommend taking your own steps to looking after your personal data. Read our 10 top tips here.

You can use our free data breach checker to see if your data’s been breached. If you’re aware that your personal data has already been breached, and you’d like to discuss making a claim for compensation, get in touch with our Data Breach Solicitors for a free case assessment.

Contact our Cyber Security Solicitors For a Free Case Assessment

We're happy to help

Monday to Friday 8:30am-7:00pm

0808 239 9426

0808 239 9426

We're happy to call you

Simply click below to arrange the assessment

Request a Free Case Assessment

Request a Callback

This data will only be used by Simpson Millar in accordance with our Privacy Policy for processing your query and for no other purpose

Simpson Millar Solicitors are a national law firm with over 500 staff and offices in Billingham, Bristol, Cardiff, Catterick, Lancaster, Leeds, Liverpool, London and Manchester.