Scary new healthcare breach statistics
Interesting new statistics out today about some scary new healthcare breach statistics. It has now been determined that breaches are now responsible for more damages than employee error.
So, while I understand, many might laugh at this statistic, but in all actuality, it is a very scary statistic. All things being said, people make mistakes, in fact, they make a lot of mistakes. Now, there are so many breaches, so many attacks against the healthcare system, that despite the number of daily mistakes potentially made by employees, is more more costly.
Now, of all times, the healthcare industry should be bulking up, on all security measures, inside and out.
From the article:
Cybercriminals and nation-state actors are indeed targeting healthcare organizations for their valuable data: cyberattacks and physical criminal activity now have officially surpassed insider negligence as the main cause of a data breach in healthcare organizations.
The Ponemon Institute’s new Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, published today, found that close to 45% of all data breaches in healthcare are due to criminal activity such as cybercriminal and nation-state hacks, malicious insiders, and physical theft, a 125% increase in such activity over the past five years. That’s a first, since employee or insider negligence — user errors, lost laptops and thumb drives, etc. — accounted for the majority of breaches last year and in years past, according to Ponemon.
More than 90% of healthcare organizations surveyed by Ponemon in its report has suffered at least one data breach exposing patient data over the past two years, while 39% had been hit by two- to five breaches, and 40% had suffered more than five breaches during that timeframe. Security incidents (without an actual data breach) occurred at 78% of healthcare organizations.
About 45% of those breaches came via criminal attacks; 43% by lost or stolen computing devices; 40% via employee mistakes; and 12% via a malicious insider.
The cost of all of this healthcare breach-mania? Some $6 billion per year, with an average cost of $2.1 million per healthcare organization, according to the report, which was commissioned by ID Experts.
“For the first time, criminal attacks constitute the number one root cause [of data breaches], versus user negligence/incompetence or system glitches,” says Larry Ponemon, chairman and founder of Ponemon Institute. “Ninety-one percent had one or more breach in the last two years, and some of these are tiny, less than 100 records, but they are still not trivial.”
Healthcare organizations also are regularly battling security incidents, such as malware infections. Some 65% say they were hit with cyberattacks in the past two years, and half suffered incidents involving paper-based security incidents. They’re not confident in their incident response capabilities, either, with more than half saying their IR isn’t adequately funded or manned. And one-third don’t have an IR plan at all.
Lost and stolen devices were a problem at 96% of healthcare organizations in the study, as was spear phishing (88%).