Numerous industries experience patient data breaches
Patient data breaches extend beyond the healthcare sector, with a recent study of businesses in countries including Australia finding that the breaches affect 90% of the industries examined.
The study by Verizon Enterprise Solutions found that despite the ubiquity of such breaches, companies in many industries are not even aware they retain patient data, let alone that this data is at risk.
But patient data is often held in sources including employee records, including workers compensation claims, or information for corporate wellness programs.
The report analysed more than 1900 data breaches in 25 countries including Australia and New Zealand and found that 18 of the 20 industries examined fell victim to such a breach.
It found that 392 million combined patient records were exposed in breaches which spanned industries including health care, agriculture, manufacturing, retail, finance, education and public service.
Uniquely among personal health information breaches, attacks are carried out by external and internal actors in roughly equal proportion.
The primary action of attack is lost portable devices, while the second most common cause of data breach is administrative error, such as sending a medical report to the wrong recipient. Combined with employees abusing their privileges to access the data, these three actions account for 86% of health data breaches.
Report lead author Suzanne Widup said there could be major consequences for the healthcare sector if patients lose faith in the security of their private information.
“Healthcare organisations need to realise that patients trust them with their data, and if that trust is broken, the implications can be huge,” she said.
“[Patient data breaches] can lead to significant consequences impacting an individual and their family and increasing healthcare costs for governments, organisations and individuals. Protected health information is highly coveted by today’s cybercriminals.”
How the explosion of non-human identities is changing cybersecurity
A surge in machine-to-machine communication and non-human...
Building stronger critical infrastructure with Zero Trust
Zero Trust provides a way to stay ahead of cyber attacks by assuming breaches will happen and...
Happy birthday, Active Directory!
Active Directory is a technology that has proved its staying power and has shaped enterprise IT...
