Healthcare is the only industry in which there were more internal actors behind cyber incidents than external in the last year, according to Verizon’s 2018 Data Breach Investigations Report (DBIR).
The report, which covered various industries beyond healthcare, such as education, financial and insurance, information, and the public sector, revealed a core finding that ransomware attacks are a key cybersecurity threat for global organizations. In fact, ransomware is the most common type of malware, found in 39 percent of malware-related data breaches—double that of last year’s DBIR—and accounts for over 700 incidents. What’s more, Verizon’s analysis found that attacks are now moving into business critical systems, which encrypt file servers or databases, inflicting more damage and commanding bigger ransom requests.
The 11th edition of the DBIR analyzed more than 53,000 cybersecurity incidents and over 2,300 data breaches from over 65 countries. Key findings from the healthcare industry this year include:
- In all, the healthcare industry is rife with error and misuse. In fact, it is the only industry that has more internal actors behind breaches than external. In addition to these problem areas, ransomware is endemic in the industry—it accounts for 85 percent of all malware in healthcare.
- In total, there were 750 incidents and 536 with confirmed data disclosed
- The top three patterns include: miscellaneous errors, crimeware and privilege misuse, which represent 63 percent of all incidents within healthcare
- Breach threat actors: 56 percent internal; 43 percent external; 4 percent partner; and 2 percent multiple parties
- Breach actor motives: 75 percent financial; 13 percent fun; 5 percent convenience
- Data compromised: 79 percent medical; 37 percent personal; 4 percent payment
Other noteworthy findings, across all industries, included:
- Ransomware is the most prevalent variety of malicious software: It was found in 39 percent of malware-related cases examined this year, moving up from fourth place in the 2017 DBIR (and 22nd in 2014). But even more importantly, it has started to impact business critical systems rather than just desktops. This is leading to bigger ransom demands, making the life of a cybercriminal more profitable with less work.
- The human factor continues to be a key weakness: Employees are still falling victim to social attacks. Financial pretexting and phishing represent 98 percent of social incidents and 93 percent of all breaches investigated—with email continuing to be the main entry point (96 percent of cases). Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities, emphasizing the need for ongoing employee cybersecurity education.
- Phishing attacks cannot be ignored: While on average 78 percent of people did not fail a phishing test last year, 4 percent of people do for any given phishing campaign. A cybercriminal only needs one victim to get access into an organization.
- Most attackers are outsiders: One breach can have multiple attackers and Verizon found the following: 72 percent of attacks were perpetrated by outsiders, 27 percent involved internal actors, 2 percent involved partners and 2 percent feature multiple partners. Organized crime groups still account for 50 percent of the attacks analyzed.
“Ransomware remains a significant threat for companies of all sizes,” Bryan Sartin, executive director security professional services, Verizon, said in a statement. “It is now the most prevalent form of malware, and its use has increased significantly over recent years. What is interesting to us is that businesses are still not investing in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom—the cybercriminal is the only winner here!”