Insiders Are The Cause Of Most Healthcare Breaches

Ransomware and hacking incidents plagued 2016, and this year is no different, with the latest Protenus Breach Barometer midyear report finding that 2017 is on pace to exceed last year’s rate of one breach per day.

So far this year, the healthcare sector has reported 233 breach incidents to the US Department of Health and Human Services, state attorney generals and media. More than 3.16 million patient records have been breached.

The report analyzed 193 of the incidents for which it had data. Breaches have remained steady in the last six months outside of June, which saw a spike with 52 incidents. And March saw the most patients affected, with 1,360,961 records breached.

“The healthcare sector will only stop being so vulnerable when the advances in data collection, sharing and analytics are matched with similar advances in our understanding of how to protect patient data,” said Protenus Cofounder and President Robert Lord.

“Healthcare has invested tens of billions of dollars in deploying systems to leverage data to improve patient outcomes, and appropriately so,” he continued. “But we still have massive problems with the abuse of that data and those systems.”

So what are the biggest threats plaguing healthcare in 2017? Insiders and hackers.

Hacking accounted for 75 breaches this year, with 1,684,904 patient records impacted. Malware and ransomware were specifically mentioned in 29 of these incidents, but the report found there were many additional incidents where malware was reported as hacking or an IT incident.

Officials expect more organisations to report ransomware attacks this year, as HHS updated its ransomware reporting requirements in Aug. 2016. The update places the burden of proof on the provider to demonstrate data remained inaccessible or weren’t exfiltrated.

Insiders are also remaining a constant challenge for healthcare, accounting for 96 incidents or 41 percent of data breaches this year so far. More than 1.17 million patient records were breached by insider error or wrongdoing.

Wrong-doing is rife to cause significant damage, as it’s rarely detected immediately. For example, Anthem reported this week an employee of its Medicare insurance coordination services vendor was stealing and misusing Medicaid member data from as early as July 2016. The breach wasn’t found until April.

Another issue plaguing the healthcare sector is that other types of external attacks have been underreported or unreported. Thousands of databases in all sectors have been wiped or the data were exfiltrated. The report found that only few of these were reported to HHS.

The FBI has also reported that these ‘ransacking’ incidents or targeted databases aren’t being reported.

“Healthcare executives, at a fundamental level, should stop thinking about security and privacy as a cost center and more as a strategic pillar of their organisation,” said Lord. We've continued to see increased awareness and incremental improvements, “but not the needed dramatic leap forward.”

To Lord, the leap will be driven by CISOs and Chief Privacy Officers, “dramatically increasing investment in these areas to match other industries and leveraging the use of advanced analytics to detect inappropriate uses of patient data.”

“A culture of trust, comprised of dual pillars of privacy and security, must come from the highest levels of the organisation.”

Healthcare IT News

You Might Also Read:

8 Major Problems Healthcare CIOs Are Facing:

Is It Really Possible to Protect Your Health Data?:

 

 

 

 

« Protecting Future Cars from Cyber Attacks
Australian Spy Data Helps Business Cyber Threats »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MobileIron

MobileIron

MobileIron provides EMM capabilities to IT organizations that need to secure mobile devices, applications and content.

Zurich

Zurich

Zurich is a leading multi-line insurer providing a wide range of property and casualty, and life insurance products and services in more than 210 countries and territories.

Lynx Software Technologies

Lynx Software Technologies

Lynx provide secure software and operating systems for use in mission critical applications such as aerospace, medical, transportation and IoT.

Grimm Cyber

Grimm Cyber

GRIMM makes the world a more secure place by increasing the cyber resiliency of our client’s systems, networks, and products.

Secmentis

Secmentis

Secmentis is a cyber security consultancy specializing in penetration testing, threat intelligence, and proactive defense for your IT infrastructure.

Careers in Cyber Security (CiCS)

Careers in Cyber Security (CiCS)

CareersinCyberSecurity is a leading global job board and career resource for Cyber Security, IT Audit, Technology Risk and Data Protection professionals.

Comarch

Comarch

Comarch is a provider of IT business solutions to optimize operational and business processes. Cyber security solutions are focused on Identity Management and Security Assessment services.

Cog Systems

Cog Systems

Cog Systems offer an embedded solution built on modularity, proactive security, trustworthiness, and adaptability to enable highly secure connected devices.

Solidified

Solidified

Solidified is the largest audit platform for smart contracts. Our community has the highest concentration of top Blockchain security specialists and best-in-class code auditors.

Stamus Networks

Stamus Networks

Stamus Networks offers Scirius Security Platform solutions that marry real-time network traffic data with enhanced Suricata intrusion detection (IDS) and an advanced analytics engine.

Eureka Technology Partners

Eureka Technology Partners

Eureka Technology Partners are committed to helping you focus on your business by taking care of your IT infrastructure and data security needs.

Mitiga

Mitiga

Mitiga uniquily combines the top cybersecurity minds in Incident Readiness and Response with a cloud-based platform for cloud and hybrid environments.

SecureLayer7

SecureLayer7

SecureLayer7 is an international provider of integrated business information security solutions with an innovative approach to IT security.

WhizHack Technologies

WhizHack Technologies

WhizHack's mission is to not only create a pipeline of cyber security products but also to empower people to sustainable innovation in securing digital assets of tomorrow.

Cranium

Cranium

Cranium are an international consultancy organisation specialised in privacy, security and data management.

American Binary

American Binary

American Binary is a Quantum Safe Networking (TM) and post-quantum encryption company.