Ransomware attacks rise, accidental breaches most common cause of data loss

In healthcare, unintended disclosure continued to drive the majority of healthcare losses in the first half of 2017, according to Beazley.
By Bill Siwicki
02:08 PM
Ransomware attacks

Hackers never quit. Their ceaseless assault on healthcare has continued during 2017, racking up hit after hit against provider organizations.

Ransomware attacks continued their rise in the first half of 2017, up 50 percent over the first half of 2016, according to the Beazley Breach Insights report from Beazley, a cyber and data breach response insurance firm that compares data on its base of clients from multiple industries, including healthcare.

Hacking and malware attacks, which include ransomware attacks, continue to be the leading cause of breaches, accounting for 32 percent of the 1,330 incidents that Beazley Breach Response Services helped clients handle in the first half of the year, the firm reported.

[Join Your Peers at HIMSS’ Healthcare Security Forum! Register Today]

In healthcare specifically, unintended disclosure – such as misdirected faxes and emails or the improper release of discharge papers – continued to drive the majority of healthcare losses, leading to 42 percent of industry breaches during the first half of 2017, the report found. This was equal to the proportion of these breaches in the industry in the first half of 2016.

Hacks and malware accounted for only 18 percent of healthcare data breaches in the first half of 2017, compared with 17 percent during the first half of 2016, the report found.

Accidental breaches caused by employees making errors or data breached while under the control of third parties continue to be a significant problem for all industries – they accounted for 30 percent of breaches overall, just a bit behind the level of hacking and malware attacks.

[Also: How connecting disparate data sources opens the doors to hackers]

“This continuing high level of accidental data breaches suggests that organizations are still failing to put in place the robust measures needed to safeguard client data and confidentiality,” Beazley said. “Since 2014, the number of accidental breaches reported to Beazley’s team has shown no sign of diminishing. As more stringent regulatory environments become the norm, this failure to act puts organizations at greater risk of regulatory sanctions and financial penalties.”

Unintended breaches show no signs of abating, said Katherine Keefe, global head of Beazley Breach Response Services. “They are a persistent threat and expose organizations to greater risks of regulatory sanctions and financial penalties,” Keefe said.

But they can be much more easily controlled and mitigated than external threats, she added. Organizations should not ignore this significant risk and instead put more robust systems and procedures in place, she said.

[Also: Obama cybersecurity coordinator Michael Daniel to keynote HIMSS Healthcare Security Forum]

In June, Beazley Breach Response Services provided legal and forensics services for clients in response to the NotPetya attack. It’s key to respond quickly to ransomware attacks, Beazley said, especially for healthcare organizations because the Office for Civil Rights treats all ransomware attacks as presumed breaches.

Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn

More regional news

CMS Administrator Seema Verma and National Coordinator for Health IT Dr. Donald Rucker

Is synthetic data the key to healthcare clinical and business intelligence?

The open source synthetic data source, Synthea. (Diagram courtesy of The MITRE Corporation.)