2016 Healthcare Data Breaches

Uploaded on 2017-02-24 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

While the business sector led the way in reported data breaches for 2016, healthcare came in second by accounting for 34.5 percent of overall reported breaches, according to research from the Identity Theft Resource Center (ITRC) and CyberScout.

As healthcare IT continues to evolve, the executive suite is also expanding and becoming more intricate. Individuals in leadership positions need to keep data privacy and security issues top priorities, especially as healthcare remains a target for cyber criminals.

The business industry had a total of 494 reported data breaches, while there were 377 reported healthcare data breaches. Education came in third with 98 incidents, while the government/military had 72 reported breaches.

One of the leading causes for healthcare data breaches was employee error or negligence, with 43 reported incidents that exposed 1,183,893 records. In comparison, the second leading sector for employee negligence was the government/military, which had 14 breaches and exposed 35,800 records.

Subcontractors, third parties, and business associates were also a top factor for healthcare data breaches, the report found. The medical/healthcare industry had 16 breaches due to a subcontractor or third party, but approximately 4 million records were exposed. The government/military had the second highest amount of records affected with 95,463.

"For businesses of all sizes, data breaches hit close to home, thanks to a significant rise in CEO spear phishing and ransomware attacks,” CyberScout CEO and Vice Chair of IRTC’s Board of Directors Matt Cullina said in a statement. “With the click of a mouse by a naïve employee, companies lose control over their customer, employee and business data. In an age of an unprecedented threat, business leaders need to mitigate risk by developing C-suite strategies and plans for data breach prevention, protection and resolution."

Healthcare data breaches also exposed the most Social Security numbers, with 10.4 million records put at potential risk. There were 123 breaches that may have exposed SSNs, the report found, accounting for 11.3 percent of reported breaches.

SSN exposure was a leading concern for all industries, with 52 percent of the overall number of breaches in 2016 potentially putting SSNs at risk. This was an 8.2 percent increase from the number of exposed SSNs in 2015. Researchers noted that this increase aligns with the increase of CEO spear phishing attacks.

HealthSecurity 1:       HealthSecurity 2:

Healthcare Industry Lacks Basic Security Knowhow:

 

« Cybersecurity In 2017: Recruitment Is The Key
Warning: Fake Ransomware »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

F-Response

F-Response

F-Response is a software utility that enables an investigator to conduct live Forensics, Data Recovery, and eDiscovery over an IP network using their tools of choice.

MixMode

MixMode

MixMode's PacketSled platform delivers network monitoring, deep forensic analysis and incident response.

Bit4id

Bit4id

Bit4id provides technologies for electronic signature, online authentication, cybersecurity and all other services based on the concept of digital identity.

ecsec

ecsec

ecsec is a specialized vendor of security solutions including information security management, smart card technology, identity management, cloud computing and electronic signature technology.

CSIRT GOV - Poland

CSIRT GOV - Poland

Computer Security Incident Response Team CSIRT GOV, run by the Head of the Internal Security Agency, acts as the national CSIRT responsible for coordinating the response to computer incidents.

PhishX

PhishX

PhishX is a SaaS platform for security awareness that simulates Cyberthreats, train people, while measure and analysis results, reducing Cybersecurity risks for People and Companies.

Secure Recruitment

Secure Recruitment

Secure Recruitment is a specialist Executive Search business that focuses its efforts on attracting specific exceptional talent in Cyber Security.

Wipe-Global

Wipe-Global

Wipe-Global is specialized in data erasure with an international established service partner network.

Riskaware

Riskaware

CyberAware, by Riskaware, provides business-critical cyber attack analysis and impact assessments using NIST standards aligned with NCSC guidance.

Communications & Information Technology Regulatory Authority (CITRA)

Communications & Information Technology Regulatory Authority (CITRA)

CITRA is responsible for overseeing the telecommunications sector, monitoring and protecting the interests of users and service providers, and regulating the services of telecomms networks in Kuwait.

Nclose

Nclose

Nclose is a proudly South African cyber security specialist that has been securing leading enterprises and building our security portfolio since 2006.

Rhodian Group

Rhodian Group

Rhodian Group (formerly Adar) specialize in providing Technology, Cybersecurity, and Compliance services to the insurance industry.

BluSapphire

BluSapphire

BluSapphire is an industry-first, purpose-built, cloud-native, Hybrid XDR platform powered by AI and big data analytics.

TrustMe

TrustMe

TrustMe’s integrated platform for business trust and resilience keeps organizations safe, secure, and trustworthy.

runZero

runZero

runZero delivers the most complete security visibility possible, providing you the ultimate foundation for successfully managing exposures and compliance.

rConfig

rConfig

rConfig is a platform for automated network configuration management and backup. It enables quick rollbacks to prevent outages and ensures easy auditing.