Ransomware and tax fraud rise as healthcare hit with more data breaches than any other industry

Symantec and Identity Resource Center in separate reports attributed nearly 17 percent of breaches to healthcare, found ransomware up by 35 percent, and said that organized criminals are using best practices much like nation-state attackers.
By Jessica Davis
07:58 AM

The healthcare industry accounted for the highest number of data breaches among service industries in 2015, according to a new 2016 Internet Security Threat Report from Symantec, that also found ransomware on the rise and increasingly sophisticated attack tactics being perpetrated by organized criminals with extensive resources.

The same report recorded nine mega breaches and half a billion stolen personal records, with ransomware attacks growing by 35 percent in 2015.

Criminals are becoming more sophisticated - even establishing professional businesses and adopting best business practices, the report found. And this evolution has increased the reach of these cybercriminals and supported the explosion of these types of online crimes.

“Advanced criminal attack groups now echo the skill sets of nation-state attackers," Kevin Haley, director, Symantec Security Response, said in a statement. "They have extensive resources and a highly-skilled technical staff that operate with such efficiency they maintain normal business hours and even take the weekends and holidays off.”

Sign up for the Healthcare IT News Privacy & Security Update newsletter.

“We're even seeing low-level criminal attackers create call-center operations to increase the impact of their scams," he added.

Healthcare is a major contributor to these attacks: 16.6 percent of the 245.2 million stolen records that exposed Social Security numbers since 2005 were healthcare-related, according to a report released Tuesday by the Identity Theft Resource Center. The group is sponsored by IDT911, an identity theft protection firm.

Of the 176.5 million medical and healthcare records exposed since 2005, 1.5 million have occurred since 2014 and 17.2 million have been exposed by "Data on the Move," according to the ITRC report. And employee error, negligence and insider theft were responsible for 371 healthcare-related breaches.

In just this year alone, almost 6.2 million records have been left vulnerable, the report found. Furthermore, the IRS reported a 400 percent surge in tax-related phishing and malware incidents in just January and February of this year.

“Tax refund fraud continues to rise, creating almost unbearable issues for victims nationwide,” Eva Velasquez, CEO of ITRC, said in a statement. “It's our belief the 575 healthcare breaches since 2010 - that have exposed more than 142 million social security numbers - are contributing to this increase."

Advanced criminal groups first exploit vulnerabilities and use these weaknesses to their advantage, according to the Symantec report. Some of these criminals sell the data to lower-level players on the black market. 

[Quick HIT Study: More than half of hospitals hit with ransomware in last 12 months]

The amount of malware attacks alone, with over 430 million new malware variants discovered last year, demonstrates the rising tide of the professional cybercriminals to exploit weaknesses and cripple and penetrate corporate networks.

“Data breaches have become the third certainty in life - disrupting and endangering lives as well as damaging the reputations and balance sheets of countless organizations,” said Adam Levin, IDT911 chairman and founder, in a statement.

“Companies need to create a culture of privacy and security from the mailroom to the boardroom,” he said. “That means making the necessary investment in hardware, software and training.”

Learn more at the upcoming HIMSS and Healthcare IT News Privacy and Security Forum, May 11-12, 2016, in Los Angeles. Register here. 

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn