Cybersecurity is the most ignored factor in the healthcare industry across the globe, which has led to the highest number of personal data breaches, reports say.
Over 4,850 data breaches were reported to the United Kingdom’s Information Commissioner’s Office (ICO) between January 1, and June 20, 2019. Healthcare tops the list of industries most likely to suffer personal data breaches.
According to ICO data, 18% of all breaches were reported within the sector, compared to 16% of central and local government, education sector with 12%, justice and legal with 11%, and 9% within financial services. These figures are obtained by Egress, a data security solutions firm via the Freedom of Information (FOI) request.
Over 60% of personal data breaches reported to ICO this year were caused by human error, with healthcare being the most-affected sector. Nearly half, up to 43%, was the result of incorrect disclosure that included posting data to the wrong recipient (20%), emailing information to incorrect recipients (18%) and providing data in response to a phishing attack (5%).
For the US too, 2019 might be the worst year for healthcare cybersecurity. In 2018, the healthcare industry saw 15 million patient records compromised in 503 breaches, and this year, just up to half of 2019, the numbers have skyrocketed to potentially over 25 million patient records breached.
Experts believe that this is very concerning, especially considering the nature of the data. According to Verizon’s 2019 Data Breach Investigations Report, the healthcare industry was the only sector where insider threat created more data breaches (59%) than the external attacks.
Often organizations fixate on external threats, and the most significant cause of breaches remains the shortcoming of people or employees to send emails to the right person. Not every insider breach is due to reckless or negligent employees. However, the presence of human error in breaches shows a need for organizations to invest in technology that works along with the user in mitigating the insider threat.
Some of the major hacks of in the healthcare sector in 2019 globally include the Amca breach where potentially data of 25 million patients was revealed. In May, a filing with the SEC revealed that American Medical Collection Agency, a billing services vendor, was hacked for eight months between August 1, 2018, and March 30, 2019. The investigations are going on, and so far, it has been proved that 12 million patients were affected. Insurer Dominion National also reported a nine-year hack on its servers where potentially data of 2.96 million patients was breached. An internal alert revealed unauthorized access, that prompted the investigation. This access began on August 25, 2010, and was discovered in April 2019. Another misconfigured database led to a personal health data breach of 1.57 million Inmediata Health Group patients. The provider also accidentally mailed patients the wrong letters during the breach notification process.
All these breaches had patient demographic details, medical claims data, and other personal information. Experts believe that organizations need to accept the fact that breaches are going to happen and shift their focus from recovery and how to minimize the damage to get back up and running fast.
Healthcare organizations need to invest in protecting their data like the financial services industry, and also train their employees on the importance of personal data today, to avoid such breaches.