Just 11% of UK healthcare breaches account for 65% of data exposed

Published: 10 February 2026
Last updated: 10 February 2026
NHS logo
Cate Gillon/Getty Images

Mitigating just a fraction of all healthcare data security incidents could protect the data of millions of individuals, according to cybersecurity experts.

Just 11% of healthcare security incidents in the UK put 65% of victims’ data at risk, a new research from cybersecurity firm Huntsman Security has revealed. It also looked into the situation in Australia, where 28% of incidents accounted for 90% of all victims.

The findings are based on a combination of Freedom of Information requests and independent analysis of data from the UK Information Commissioner’s Office (ICO) and the Office of the Australian Information Commissioner (OAIC).

ADVERTISEMENT

Across both countries, issues such as misconfigured systems, excessive access rights, and phishing exposed the data of more than 3 million people, the research showed.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

In the UK, 45% of preventable breaches, and 63% of healthcare breaches overall, involved health data, while attackers targeting the healthcare sector were the least likely to steal basic personal identifiers or financial information.

The researchers also found that healthcare breaches were most likely to involve children’s data, accounting for 16% of cases in the UK. Information on vulnerable adults was particularly targeted, appearing in 16 % of breaches, compared to an average of 8%.

Healthcare organizations in the UK also took longer to report a breach, with 95 days compared to 78 on average.

“Healthcare organizations are responsible for some of our most private, sensitive data. Inevitably, this makes them a target for attackers: reducing this risk needs to be a priority,” said Peter Woollacott, chief executive of Huntsman Security.

“We can see that addressing preventable attacks can have a five-to-one impact,” he said, noting that cyber assessment frameworks provided by organizations like the UK’s National Cyber Security Centre (NCSC) or the US National Institute of Standards and Technology (NIST) as an “excellent” basis for reducing the risk of preventable attacks.

“Controls such as effective and timely patching, multi-factor authentication, user application hardening, and regular backups might seem simple, but can be an often-overlooked element of a successful security strategy,” Woollacott said.

ADVERTISEMENT

Britain’s publicly funded National Health Service (NHS) came under the spotlight last year after a breach involving its data was claimed by the Russia-linked ransomware cartel Cl0p.

However, despite sustained attacks on healthcare systems around the world last year, the average ransom demand in the sector fell by 80% compared with the previous year, according to Comparitech’s 2025 Healthcare Ransomware report.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Nadella scoffs at AI giants as Microsoft may host China’s DeepSeek
Cruel cyber training in Canada: testing if exhausted employees would fall for a 'day off' scam
Cloudflare gives AI agents temporary accounts to deploy websites without human logins
Developers giving attackers a free ride after hundreds of iPhone AI apps found exposing credentials
This tiny European country is pioneering digital ID for AI agents
Canadian lender TD tells some employees it will use software to monitor their work
ADVERTISEMENT