Health Data Breaches Account for Less Than 1% of Breaches Worldwide, Report Says

In 2012, there were 621 disclosed data breaches across industries worldwide, and of these less than 1 percent affected the healthcare industry, according to the "Verizon 2013 Data Breach Investigations Report," released by Verizon.

Despite the seemingly frequent reports of health data breaches, this report found that most data breaches affected financial organizations, followed closely by the retail industry. It also found that 75 percent of data breaches in 2012 were financially motivated.

The fact that most data breaches were financially motivated is important for healthcare organizations to note, says Suzanne Widup, senior analyst in Verizon's RISK Team, because they are also usually the victims of financially motivated breaches. For the most part, financial information and Social Security numbers are misused in healthcare industry data breaches. Healthcare organizations should make an effort to understand the motives and methods of the attackers and learn to tailor their defenses to further reduce the number of health data breaches, she says.

Verizon was joined by 18 organizations from around the world that contributed data and analysis to this year's report.

According to the report, external attacks were mostly responsible for data breaches, with 92 percent being attributable to outsiders and only 14 percent to insiders. As far as methods are concerned, hacking was the most common. Seventy-six percent of hacking incidents involved the exploitation of weak or stolen passwords and 40 percent included the introduction of malware — malicious software used to disrupt computer operations and gather sensitive information. Also, a majority of breaches were detected by third parties.

In general, across the industries, the report found that organizations are not taking and implementing recommendations regarding protection against breaches. Sixty-two percent of organizations couldn't detect a breach within a one month period.

Ms. Widup says that healthcare organizations should conduct tests to determine how long it takes them to detect a data breach, and they should ensure that access is taken away from anyone who isn't on the organization's payroll.

Many organizations also make the mistake of assuming that the hackers are extremely skilled. However, Ms. Widup notes that it is not skill that determines the success of a hacker, rather, it is how hard he or she has to work. In 68 percent of the breaches, the effort required to hack into the system was found to be low, according to the report.

"If you have an IP address, you are a target for a data breach," said Ms. Widup. That isn't going to change anytime soon, she adds, but what can change is an organization's preparation and response for dealing with a data breach.

More Articles on Data Breaches:

Stolen Laptop Contains Info on 4k Oregon Health & Science University Hospital Patients
EHR Vendor Reports Data Breach
University of Connecticut Health Center Data Breach Affects 1,400 Patients


© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months