One A Day: Healthcare Breaches Are A Daily Event

Uploaded on 2018-03-27 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Health & Welfare

The Breach Barometer, published monthly through the joint effort of Protenus and Databreaches.net, provides useful insight into current types of data breaches.

The findings are based on information obtained through searching records and releases, not just looking at reports filed with the HHS Office for Civil Rights. By expanding beyond just OCR, the findings provide more insight than would otherwise be readily available.

Continuing the trend from last year, January 2018 saw an average of more than a breach per day, with a total of 37 health data breaches. As usual, hacking incidents and insider issues were the leading causes of the breaches.

Just considering the source of the breach does not tell the whole story, though. As noted in the Breach Barometer, while January saw 12 insider incidents, those incidents only involved 6,805 records, at least according to available figures.
While the number of records that insiders accessed may not have been all that great, the fact that insiders are still inappropriately accessing information is troubling. 

One breach took more than a year to detect, and that individual reviewed a significant amount of personal information. That incident saw 1,309 records accessed over the course of 15 months. While that amounts to roughly 87 records per month, auditing may have been able to detect such activity. More tools are available in the marketplace to automate at least a portion of the review.

In light of the increasing availability of tools, why are more healthcare organizations not taking advantage of them? Can an argument be made that not using such a tool constitutes insufficient security practices? 

While that argument may not apply today, the story could be different in the very near future. Regardless of the technology that may be available now, organizations should not be ignoring insider risks. 

The second leading cause of January data breaches was hacking, which accounted for 11 of the incidents and impacted 393,766 records. That total was more than 80 percent of the records inappropriately accessed in January. The causes of the hacks included phishing, ransomware and malware. 

Those causes do not present any surprises. Instead, they emphasize the fact that healthcare remains under attack and no relief is in sight. The high number of records is also consistent with previous reports, since a hacking incident can easily spread across an entire system or eat up large chunks of data.

As with many previous versions of the Breach Barometer, the January report shows a lot of work remains to be done. No organisation can feel secure, and ongoing efforts are essential.

While it is unrealistic to expect that a month will ever be breach-free, more can be done to reduce the frequency to less than a breach per day. Increasing security and being aware of requirements are key, and failure to do so could lead to the next HIPAA settlement headline.

Information Management

You Might Also Read: 

Massive Breach: 3m Healthcare Records Compromised:

Healthcare Suffers Most Cyber Security Incidents:
 

 

« Learning About Russian Hackers
Cognitive Computing And AI Compared »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Cybersecurity Credentials Collaborative (C3)

Cybersecurity Credentials Collaborative (C3)

C3 provides a forum for collaboration among vendor-neutral information security and privacy and related IT disciplines certification bodies.

Intensity Analytics

Intensity Analytics

Intensity Analytics is a software firm that develops next-generation, physical user and entity behavioral authentication ("physical UEBA") security software technology.

Hysolate

Hysolate

Hysolate has transformed the endpoint, making it the secure and productive environment it was meant to be.

DeepCyber

DeepCyber

DeepCyber supports its customers, with an “intelligence-driven” approach, to improve their proactive detection and response "capability" of cyber threats.

Onward Security

Onward Security

Onward Security provides security solutions including network & application assessment, product security testing and security consulting services.

K2 Cyber Security

K2 Cyber Security

K2 Cyber Security delivers the Next Generation Application Workload Protection Platform to secure web applications and container workloads against sophisticated attacks.

Optimum Speciality Risks

Optimum Speciality Risks

Optimum Speciality Risks are an experienced team of cyber insurance experts, backed by Lloyds of London.

Curtail

Curtail

Curtail keeps businesses running by using live traffic analysis to identify defects before software goes live, and detect and isolate security threats before they impact systems.

Technology Innovation & Startup Centre (TISC)

Technology Innovation & Startup Centre (TISC)

TISC is a startup incubator at the Indian Institute of Technology Jodhpur (IITJ) and we back deep-tech startups.

SoloKeys

SoloKeys

SoloKeys provides the first open-source FIDO2 security key: Protect your online accounts against unauthorized access by using the most secure login method.

IT Acceleration

IT Acceleration

IT Acceleration is a full-service IT management and support, IT compliance and Digital Forensics company.

Cyber Defense Networking Solutions (CDNS)

Cyber Defense Networking Solutions (CDNS)

CDNS is a global network infrastructure provider whose platforms are engineered for security, optimized for speed and designed for resiliency.

Netstar

Netstar

Netstar is an IT Support company based in Central London providing fully managed IT Support, Cyber Security and Technology Consulting services.

Advantage

Advantage

Advantage exists to provide peace of mind in an evolving technology reliant world. We were created by visionaries who for nearly 4-decades have been passionate about providing world-class solutions.

Halogen Group

Halogen Group

Halogen Group is the leading Security Solutions Provider in West Africa. Services encompass Physical Security, Electronic Security, Virtual & Cyber Security, Risk Assessments and Training.

Sayers

Sayers

Sayers is best known for its ability to solve business challenges with IT solutions. Our areas of expertise include cloud, storage, virtualization, security, mobility and networking.