Over half of all healthcare cybersecurity incidents involve insiders, who aren't always breaching their organizations' data on accident, according to the Verizon 2018 Protected Health Information Data Breach Report.
Verizon evaluated data privacy incidents from 2016 and 2017 affecting healthcare organizations. It gathered nearly 1,368 privacy incidents in total, of which 1,292 are considered breaches — security incidents where protected health information was at risk but not confirmed as compromised.
1. The most common threat category was error, which was responsible for 33.5 percent of all incidents. Misuse (29.5 percent), physically misplacing or stealing (16.3 percent) and hacking (14.8 percent) were other common threat vectors.
2. Insiders responsible for data breaches were motivated by financial gains (48 percent), fun or curiosity (31 percent), such as looking up their own or a family member's health record, convenience (10 percent) or a grudge (4 percent).
3. External threats were overwhelmingly motivated by financial gains (90 percent).
4. About 70 percent of incidents involving malicious code within the healthcare sector were classified as ransomware infections.
5. Twenty-seven percent of incidents were related to PHI printed on paper. Those incidents involved sensitive data being misdelivered (20 percent), records thrown away without shredding (15 percent) and lost records (8 percent).
Click here to access the full report.
More articles on cybersecurity:
Hacking responsible for 83% of breached records in January, insiders 1%: 6 things to know
1 in 5 health employees willing to sell confidential data: 7 survey insights
3 QuadMed clients' data compromised due to technical issues: 9 things to know