Insiders Are The Cause Of Most Healthcare Breaches

Uploaded on 2017-08-14 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare, TECHNOLOGY--Resilience

Ransomware and hacking incidents plagued 2016, and this year is no different, with the latest Protenus Breach Barometer midyear report finding that 2017 is on pace to exceed last year’s rate of one breach per day.

So far this year, the healthcare sector has reported 233 breach incidents to the US Department of Health and Human Services, state attorney generals and media. More than 3.16 million patient records have been breached.

The report analyzed 193 of the incidents for which it had data. Breaches have remained steady in the last six months outside of June, which saw a spike with 52 incidents. And March saw the most patients affected, with 1,360,961 records breached.

“The healthcare sector will only stop being so vulnerable when the advances in data collection, sharing and analytics are matched with similar advances in our understanding of how to protect patient data,” said Protenus Cofounder and President Robert Lord.

“Healthcare has invested tens of billions of dollars in deploying systems to leverage data to improve patient outcomes, and appropriately so,” he continued. “But we still have massive problems with the abuse of that data and those systems.”

So what are the biggest threats plaguing healthcare in 2017? Insiders and hackers.

Hacking accounted for 75 breaches this year, with 1,684,904 patient records impacted. Malware and ransomware were specifically mentioned in 29 of these incidents, but the report found there were many additional incidents where malware was reported as hacking or an IT incident.

Officials expect more organisations to report ransomware attacks this year, as HHS updated its ransomware reporting requirements in Aug. 2016. The update places the burden of proof on the provider to demonstrate data remained inaccessible or weren’t exfiltrated.

Insiders are also remaining a constant challenge for healthcare, accounting for 96 incidents or 41 percent of data breaches this year so far. More than 1.17 million patient records were breached by insider error or wrongdoing.

Wrong-doing is rife to cause significant damage, as it’s rarely detected immediately. For example, Anthem reported this week an employee of its Medicare insurance coordination services vendor was stealing and misusing Medicaid member data from as early as July 2016. The breach wasn’t found until April.

Another issue plaguing the healthcare sector is that other types of external attacks have been underreported or unreported. Thousands of databases in all sectors have been wiped or the data were exfiltrated. The report found that only few of these were reported to HHS.

The FBI has also reported that these ‘ransacking’ incidents or targeted databases aren’t being reported.

“Healthcare executives, at a fundamental level, should stop thinking about security and privacy as a cost center and more as a strategic pillar of their organisation,” said Lord. We've continued to see increased awareness and incremental improvements, “but not the needed dramatic leap forward.”

To Lord, the leap will be driven by CISOs and Chief Privacy Officers, “dramatically increasing investment in these areas to match other industries and leveraging the use of advanced analytics to detect inappropriate uses of patient data.”

“A culture of trust, comprised of dual pillars of privacy and security, must come from the highest levels of the organisation.”

Healthcare IT News

You Might Also Read:

8 Major Problems Healthcare CIOs Are Facing:

Is It Really Possible to Protect Your Health Data?:

 

 

 

 

« Protecting Future Cars from Cyber Attacks
Australian Spy Data Helps Business Cyber Threats »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Surrey Centre for Cyber Security (SCCS)

Surrey Centre for Cyber Security (SCCS)

The Centre focuses on three main research directions - Privacy and Data Protection, Secure Communications, and Human-Centred Security.

Emerson Electric Co

Emerson Electric Co

Emerson provides industrial automation systems and associated cybersecurity solutions to protect critical process control systems from cyber attack.

NXO France

NXO France

NXO is an independent leader in the integration and management of digital workflows with services covering digital infrastructures, communications & collaboration, and security.

PROMIA

PROMIA

PROMIA is in the business of providing solutions that are designed to support highly secure, reliable, scalable and interoperable business applications.

LMG Security

LMG Security

LMG Security is a cybersecurity consulting, research and training firm.

Netmarks Indonesia (NMID)

Netmarks Indonesia (NMID)

Netmarks Indonesia is an IT solutions provider offering services related to ICT infrastructure, digital transformation and cyber security.

CSIRT-NQN

CSIRT-NQN

CSIRT-NQN is the Computer Incident Response Team for the Argentine province of Neuquen.

Belkasoft

Belkasoft

Belkasoft is a software vendor providing public agencies, corporate security teams, and private investigators with digital forensic solutions.

KOVRR

KOVRR

Kovrr financially quantifies cyber risk on demand. Our technology enables decision makers to seamlessly drive actionable cyber risk management decisions.

PhishX

PhishX

PhishX is a SaaS platform for security awareness that simulates Cyberthreats, train people, while measure and analysis results, reducing Cybersecurity risks for People and Companies.

Sequoia Capital

Sequoia Capital

Sequoia Capital is a venture capital firm focused mainly on technology. We partner both with young companies finding their stride and established ones looking for growth.

Nonprofit Cyber

Nonprofit Cyber

Nonprofit Cyber is a first-of-its-kind coalition of global nonprofit organizations to enhance joint action to improve cybersecurity.

SensCy

SensCy

SensCy is a Trusted Guide for Sensible Cybersecurity for small and medium-sized organizations.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Enterprise Strategy Group

Enterprise Strategy Group

Enterprise Strategy Group, a division of TechTarget, is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.

Pixee

Pixee

Pixee fixes vulnerabilities, hardens code, squashes bugs, and gives engineers more time to focus on the work that counts.