What Drives Health Care Data Breaches?

May 28, 2026

Health care continues to be plagued by “miscellaneous errors” that are exposing the sector to data breaches.

Released this month, Verizon’s 2026 Data Breach Investigation Report looks at the ways AI is changing cybersecurity and ways to stay protected. The report evaluates 31,000 actual real-world security incidents, including 22,000 confirmed data breaches across 145 countries.

“Health care organizations face a mix of Ransomware-driven System Intrusions and persistent human errors, with financially motivated external attackers exploiting vulnerabilities, Phishing, and using stolen credentials,” the report notes. “Staff mistakes and misconfigurations remain a chronic source of breaches.”

Here are a few key takeaways from the report:

• Health care:  Key issues across the sector include data sent to the wrong person (misdelivery), data loss, and misconfiguration where data is stored without proper controls.
  • System intrusion, miscellaneous errors and social engineering represent the large majority (81%) of breaches.
• Key trend:  As people learn to avoid email phishing , attackers are pivoting to so-called mobile social engineering, including fake texts and voices calls. These methods have a significantly higher success rate than email phishing.
• AI in action:  About 45 percent of employees are now considered regular users of AI on their corporate devices, up from 15 percent in the previous year.
  • On average, companies had more than 15 percent of users with unauthorized AI extensions on their browsers.
• Quotable:  “One of the main functions of these AI plugins is often to collect and retain information about what the user is browsing for context, so if your corporate users are browsing your internal sites, some of your non-public data might be getting vacuumed up,” the report notes.

“While the velocity of cyber threats—driven by AI and faster vulnerability exploitation—is increasing, the foundational principles of security and strong risk management remain the most effective defense,” said Daniel Lawson, SVP Global Solutions, Verizon Business, in a statement.

Learn more about the report online.