Healthcare Industry Rife with Error and Misuse, Verizon Data Breach Report Finds | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Healthcare Industry Rife with Error and Misuse, Verizon Data Breach Report Finds

April 10, 2018
by Rajiv Leventhal
| Reprints

Healthcare is the only industry in which there were more internal actors behind cyber incidents than external in the last year, according to Verizon’s 2018 Data Breach Investigations Report (DBIR).

The report, which covered various industries beyond healthcare, such as education, financial and insurance, information, and the public sector, revealed a core finding that ransomware attacks are a key cybersecurity threat for global organizations. In fact, ransomware is the most common type of malware, found in 39 percent of malware-related data breaches—double that of last year’s DBIR—and accounts for over 700 incidents. What’s more, Verizon’s analysis found that attacks are now moving into business critical systems, which encrypt file servers or databases, inflicting more damage and commanding bigger ransom requests.

The 11th edition of the DBIR analyzed more than 53,000 cybersecurity incidents and over 2,300 data breaches from over 65 countries. Key findings from the healthcare industry this year include:

  • In all, the healthcare industry is rife with error and misuse. In fact, it is the only industry that has more internal actors behind breaches than external. In addition to these problem areas, ransomware is endemic in the industry—it accounts for 85 percent of all malware in healthcare.
  • In total, there were 750 incidents and 536 with confirmed data disclosed
  • The top three patterns include: miscellaneous errors, crimeware and privilege misuse, which represent 63 percent of all incidents within healthcare
  • Breach threat actors: 56 percent internal; 43 percent external; 4 percent partner; and 2 percent multiple parties
  • Breach actor motives:  75 percent financial; 13 percent fun; 5 percent convenience
  • Data compromised: 79 percent medical; 37 percent personal; 4 percent payment

Other noteworthy findings, across all industries, included:

  • Ransomware is the most prevalent variety of malicious software: It was found in 39 percent of malware-related cases examined this year, moving up from fourth place in the 2017 DBIR (and 22nd in 2014). But even more importantly, it has started to impact business critical systems rather than just desktops. This is leading to bigger ransom demands, making the life of a cybercriminal more profitable with less work.
  • The human factor continues to be a key weakness: Employees are still falling victim to social attacks. Financial pretexting and phishing represent 98 percent of social incidents and 93 percent of all breaches investigated—with email continuing to be the main entry point (96 percent of cases). Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities, emphasizing the need for ongoing employee cybersecurity education.
  • Phishing attacks cannot be ignored: While on average 78 percent of people did not fail a phishing test last year, 4 percent of people do for any given phishing campaign. A cybercriminal only needs one victim to get access into an organization.
  • Most attackers are outsiders: One breach can have multiple attackers and Verizon found the following: 72 percent of attacks were perpetrated by outsiders, 27 percent involved internal actors, 2 percent involved partners and 2 percent feature multiple partners. Organized crime groups still account for 50 percent of the attacks analyzed.

“Ransomware remains a significant threat for companies of all sizes,” Bryan Sartin, executive director security professional services, Verizon, said in a statement. “It is now the most prevalent form of malware, and its use has increased significantly over recent years. What is interesting to us is that businesses are still not investing in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom؅—the cybercriminal is the only winner here!”

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Advocate Aurora Health, Foxconn Plan Employee Wellness, “Smart City,” and Precision Medicine Collaboration

Wisconsin-based Advocate Aurora Health is partnering with Foxconn Health Technology Business Group, a Taiwanese company, to develop new technology-driven healthcare services and tools.

Healthcare Data Breach Costs Remain Highest at $408 Per Record

The cost of a data breach for healthcare organizations continues to rise, from $380 per record last year to $408 per record this year, as the healthcare industry also continues to incur the highest cost for data breaches compared to any other industry, according to a new study from IBM Security and the Ponemon Institute.

Morris Leaves ONC to Lead VA Office of Electronic Health Record Modernization

Genevieve Morris, who has been detailed to the U.S. Department of Veterans Affairs (VA) from her position as the principal deputy national coordinator for the Department of Health and Human Services, will move over full time to lead the newly establishment VA Office of Electronic Health Record Modernization.

Cedars-Sinai Accelerator Program Presents Fourth Class of Startups

The Cedars-Sinai Accelerator, a program that helps entrepreneurs bring their innovative technology products to market, has brought in nine more health tech startups as part of its fourth class.

DirectTrust Adds Five Board Members

DirectTrust, a nonprofit organization that support health information exchange, announced the appointment of five new executives to its board of directors.

Analysis: Many States Continue to Have Restrictive Telemedicine Policies

State Medicaid programs are evolving to accelerate the adoption of telemedicine models, this evolution is occurring more quickly in some states than others, according to a recent analysis by Manatt Health.