Cybercrooks are switching up targets moving away from retail and financial services onto healthcare and government last year, according to figures from IBM’s security business.

Retail drops out of top five most attacked sector while financial targets dropped from #1 to #3 in IBM X-Force’s 2016 Cyber Security Intelligence Index. The new highest volume breaches in 2015 centered on healthcare (most attacked), manufacturing (second place), government (fourth) and transportation. Healthcare’s prominence as a target for attacks is essentially because cybercrooks have tuned into ways of making money from stolen healthcare data, making health insurance firms, clinics and hospitals an increasingly attractive target.

“Five of the eight largest healthcare security breaches since the beginning of 2010—those with more than one million records reportedly compromised—took place during the first six months of 2015,” IBM X-Force researchers explain. “In fact, over 100 million healthcare records were reportedly compromised in 2015.”

“Packed with a wealth of exploitable information, electronic health records fetch a high price on the black market. They typically contain credit card data, email addresses, social security numbers, employment information and medical history records—much of which will remain valid for years, if not decades. Cyber thieves are using that data to launch spear phishing attacks, commit fraud and steal medical identities.”

Elsewhere the threat for banks and other financial service firms from extortion has increased. The number of breaches in the financial services industry that involved extortion tactics or theft of currency rose by 80 per cent (or almost doubled) in 2015. At the same time, many commercial banking clients fell victim to the Dyre and Dridex Trojans, which were responsible for a large number of multi-million dollar heists targeting enterprises last year.

Across all industries employees continue to be a major source of security problems. There in five (up from 55 per cent) of attacks were initiated by insiders, of those a third were carried out by inadvertent actors (down from 50 per cent in 2014).

The improvement in areas such as workers becoming unwitting conduits for attack is a sign that employee education and security policies are helping to reduce the effectiveness of spear phishing and similar hacking tactics. Or, put another way, workers are more wary of baited emails that actually come packed with malicious code.

More details from IBM X-Force’s survey of the cyber-threat landscape can be found here. The annual report looks back at 2015 based on IBM Security Services’ operational and investigative data from billions of security events across more than 1,000 companies in 100 countries. ®