Healthcare Industry Rife with Error and Misuse, Verizon Data Breach Report Finds | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Healthcare Industry Rife with Error and Misuse, Verizon Data Breach Report Finds

April 10, 2018
by Rajiv Leventhal
| Reprints

Healthcare is the only industry in which there were more internal actors behind cyber incidents than external in the last year, according to Verizon’s 2018 Data Breach Investigations Report (DBIR).

The report, which covered various industries beyond healthcare, such as education, financial and insurance, information, and the public sector, revealed a core finding that ransomware attacks are a key cybersecurity threat for global organizations. In fact, ransomware is the most common type of malware, found in 39 percent of malware-related data breaches—double that of last year’s DBIR—and accounts for over 700 incidents. What’s more, Verizon’s analysis found that attacks are now moving into business critical systems, which encrypt file servers or databases, inflicting more damage and commanding bigger ransom requests.

The 11th edition of the DBIR analyzed more than 53,000 cybersecurity incidents and over 2,300 data breaches from over 65 countries. Key findings from the healthcare industry this year include:

  • In all, the healthcare industry is rife with error and misuse. In fact, it is the only industry that has more internal actors behind breaches than external. In addition to these problem areas, ransomware is endemic in the industry—it accounts for 85 percent of all malware in healthcare.
  • In total, there were 750 incidents and 536 with confirmed data disclosed
  • The top three patterns include: miscellaneous errors, crimeware and privilege misuse, which represent 63 percent of all incidents within healthcare
  • Breach threat actors: 56 percent internal; 43 percent external; 4 percent partner; and 2 percent multiple parties
  • Breach actor motives:  75 percent financial; 13 percent fun; 5 percent convenience
  • Data compromised: 79 percent medical; 37 percent personal; 4 percent payment

Other noteworthy findings, across all industries, included:

  • Ransomware is the most prevalent variety of malicious software: It was found in 39 percent of malware-related cases examined this year, moving up from fourth place in the 2017 DBIR (and 22nd in 2014). But even more importantly, it has started to impact business critical systems rather than just desktops. This is leading to bigger ransom demands, making the life of a cybercriminal more profitable with less work.
  • The human factor continues to be a key weakness: Employees are still falling victim to social attacks. Financial pretexting and phishing represent 98 percent of social incidents and 93 percent of all breaches investigated—with email continuing to be the main entry point (96 percent of cases). Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities, emphasizing the need for ongoing employee cybersecurity education.
  • Phishing attacks cannot be ignored: While on average 78 percent of people did not fail a phishing test last year, 4 percent of people do for any given phishing campaign. A cybercriminal only needs one victim to get access into an organization.
  • Most attackers are outsiders: One breach can have multiple attackers and Verizon found the following: 72 percent of attacks were perpetrated by outsiders, 27 percent involved internal actors, 2 percent involved partners and 2 percent feature multiple partners. Organized crime groups still account for 50 percent of the attacks analyzed.

“Ransomware remains a significant threat for companies of all sizes,” Bryan Sartin, executive director security professional services, Verizon, said in a statement. “It is now the most prevalent form of malware, and its use has increased significantly over recent years. What is interesting to us is that businesses are still not investing in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom؅—the cybercriminal is the only winner here!”

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Mass. General, Eastern Maine Healthcare Systems Form Clinical Affiliation

Massachusetts General Hospital will form a clinical affiliation with Eastern Maine Healthcare Systems, in which the two provider organizations will collaborate on areas as telemedicine, research, and protocols for providing care, according to a report in the Boston Globe.

Humanitarian Data Exchange Wins Health Data Liberator Award

Sarah Telford and Ahmadou Dicko were named the winners of this year’s Health Data Liberator award at the Health Datapalooza conference in Washington, D.C., for their work on the Humanitarian Data Exchange.

Survey: Optimism for Health IT Startups in 2018, Skepticism for Amazon Healthcare Partnership

Despite all the buzz about new entrants disrupting healthcare, the majority of healthcare stakeholders are dubious about the impact of the Amazon/Berkshire Hathaway/JP Morgan healthcare partnership and believe the effort will face substantial challenges, according to a survey by venture capital firm Venrock.

NIH Awards $10M to Alabama-based Newborn Genome Sequencing Project

The National Institutes of Health (NIH) has awarded a four-year, $10 million grant to HudsonAlpha Institute for Biotechnology, a Huntsville, Ala.-based genomics and genetics research institute, in collaboration with the University of Alabama at Birmingham (UAB) School of Medicine and the University of Mississippi Medical Center, to investigate how genome sequencing can help with the diagnosis and care of babies with birth defects and genetic disorders.

Senate Committee Advances Opioid Bill that Includes Telehealth Provisions

The Senate Health, Education, Labor and Pensions (HELP) Committee voted Tuesday to advance a bipartisan opioid bill, called the Opioid Crisis Response Act of 2018, that includes provisions promoting the use of telemedicine in substance abuse treatment.

Florida Insurer Establishes Digital Health and Wellbeing Program for Members

Florida Blue, a health insurer based in Jacksonville, has announced a partnership with Welltok. The goal of the collaboration will be to provide Florida Blue members with access to a digital health and wellbeing program designed to help them become and stay healthy.