2021 Healthcare Data Risk Report

March 31, 2021

The 2021 Healthcare Data Risk Report is the second report in our annual series analyzing industry-specific threats, trends, and solutions.

This report focuses on data security in the healthcare industry: hospitals, pharmaceutical firms, and biotechnology companies. It was compiled by analyzing over 3 billion files across 58 organizations.

Many of our findings are further broken down by company size:

  • Small: <500 employees
  • Medium: 501–1,500 employees
  • Large: 1,501+ employees

This report aims to help healthcare and biotech organizations better understand their cybersecurity vulnerabilities in the face of increasing threats and provides insight into how healthcare companies can mitigate future risk.


COVID-19 provided fertile ground for attackers to sow confusion and take advantage of healthcare organizations on the front lines. From hospitals triaging patients around the clock to pharmaceutical companies developing advanced vaccines, cybercriminal groups targeted entities and systems under massive stress.

Attacks against the healthcare and biotech sector demonstrate maliciousness on an unprecedented scale. While their methods vary, their goal is the same: grab sensitive data to steal, sell, or extort.

In 2020, cybercriminals unleashed potent variants of ransomware like Maze and Ryuk on hundreds of hospitals. State-sponsored actors zeroed in on pharma and biotech companies to harvest COVID-19 research. Insider threats continued to tax the healthcare sector, while simple human errors left vulnerable information exposed — posing additional risk in a year like no other. 2020 also marked the first year that a patient’s death has been directly linked to a cyberattack.

With so much on the line, we wanted to understand the extent to which the healthcare and biotech sectors are protecting their sensitive information. These sectors have their work cut out for them: we found that every employee can access one out of every five files.

Overexposed data, in tandem with an increased number of attacks exhibiting new levels of sophistication, made healthcare one of the most at-risk sectors in 2021.

Price: FREE

About the Provider

We arm our customers with an industry-leading platform that is built to protect the world’s most valuable and most vulnerable data. Varonis starts at the heart – with data – so our customers are prepared to defend their data against attacks from inside and out. Our platform eliminates repetitive, manual clean-up projects and automates manual data protection routines, so we bring security and cost-savings together – maybe for the first time in cybersecurity history.


Biotech, Data Risk, data security, Healthcare