A new report tracking data breaches has found that as with other industries, the bulk of healthcare attacks were perpetrated by external actors. It also concluded that the number of attacks targeting healthcare organizations continues to grow.
To compile this year’s Verizon Data Breach Investigations Report, which covers 16 different industries, researchers analyzed 3,950 data breaches. It also looked at 32,002 incidents that met researchers’ quality standards, culled from a broader list of 157,525 incidents overall.
Among the key news items buried in this year’s edition of the report was that at least according to the authors, the widely-held belief that insiders are the biggest data security threat could be wrong. “In spite of what you may have heard through the grapevine, external attackers are considerably more common in our data than are internal attackers, and always have been,” the report’s authors write.
When looking at healthcare industry incidents from the top down, the Verizon report notes that there has been a substantial increase in the number of both breaches and attacks, with 798 incidents on record for the current year. This included 521 incidents with confirmed data disclosure, up from 304 in the previous year.
The data compromised quite frequently included personal information (77% of cases), followed by medical (67%), credentials (18%) and other (18%).
Among the biggest changes researchers found between last year and 2020 was a big drop in privilege misuse episodes, from 23% last year to just under 9% this year. They also noted that while internal actor-related breaches were previously more common than those initiated by external actors, things have switched for this year. Specifically, internal actor breach levels fell from 59% to 48%, while externally based attacks climbed from 42% to 51%.
When it came to what drove the attacks, the researchers found that 88% of were financially motivated and often took the form of ransomware attacks backed by criminal groups.
When it came to internal incidents, one of the highest-profile issues was the impact of inside errors, the most common of which involved misdelivery of sensitive information. This includes when someone sends an email message to the wrong distribution list, sometimes with an attachment containing sensitive data attached.
Meanwhile, as more healthcare organizations have launched patient portals and other interactive web services, cybercriminals have begun to launch web applications attacks.
It’s worth bearing in mind that the ongoing growth in healthcare-related security incidents and breaches is likely to continue. Healthcare data will continue to be attractive to cyber-intruders, given how easy it can be to sell it to eager third parties. Also, healthcare providers are also likely to remain top targets for ransomware attacks, as they can’t afford to lose access to patient records for any significant length of time.
There may be some solace, however, in the stats suggesting that internal actors aren’t driving the majority of these incidents, and that when they are involved they’ve often made a mistake rather than engaged in theft or sabotage. If employees are generally willing to protect data (but not well-informed about how to do so), that’s a problem we can solve.