Building on the interest our analysis of the education sector has drawn, we went looking for the top reasons behind the incredible spike in health sector breaches. With mass breaches hitting tens of millions of Americans at Anthem and Premera Blue-Cross, smaller breaches have practically been marginalized. Since the Anthem and Premera breaches have been extensively covered by most InfoSec media and bloggers, we decided to focus our attention on the more “minor” security incidents health service providers have reported over the past year.
Also in this study, we tried not only to find common “Direct Causes” for data breaches, but also attempted to identify any distinct patterns and profiles of breaches. Our research methodology was similar to our past studies. First, we collected information regarding security incidents that resulted in compromised medical records, and later clustered the incidents into three categories:
- Direct Cause - one of six pre-defined categories: Stolen Device, Unauthorized Access, Rogue Insider, Network Misconfiguration, Intrusion, Phishing Attack and Malware Infection.
- Institution Type – separating different medical organizations and third party vendors who may have stored the facility’s records.
- Location – identifying domestic patterns that may imply a locally motivated set of occurrences.
Looking back at the 2015 Verizon Data Breach Report, we found that 74% of incident patterns originated from three factors: miscellaneous errors (32%), physical theft/loss (16%), and insider misuse (26%). Our data, concentrating on July 2014 through July 2015, pointed to a similar trend with 78% of events originating from similar causes..
Behind these similar findings, we found several truly outrageous figures. A combined 730,000 records were compromised over the past year in the US in small breaches (again, disregarding Anthem and Premera). While over 210,000 records were compromised as a result of missing devices and an additional 115,000 compromised records as a result of misconfigurations, the figure that really caught our attention was this: Less than 1,000 records were compromised as a result of direct system malware infection.
Zooming in on incidents occurring in hospitals and medical centers countrywide, we found current and former staff were responsible for almost all related incidents. Phishing attacks and misplaced devices containing patient data consisted of just under half of incidents, with network misconfiguration as the third most common threat cause. Having such a significant human element in almost all incidents raises doubts regarding access regulation and controls in the affected institutions.
Zooming out, we observed reported healthcare breaches affected institutions in 13 states, mostly residing in metropolitan areas. New York, Florida, Texas and California led in numbers of compromised records per state, but showed no exact consistency in breach causes.
Looking forward, after a year of healthcare breaches, we expect a natural curb in incident rate. The question that remains: will organizations in other industries continue to disregard these disturbing symptoms?