Safe & Sound with Marianne Kolbasuk McGee

Anti-Phishing, DMARC , Fraud Management & Cybercrime , Governance

Report: Healthcare Is No. 1 - For Breaches

New Studies Analyzes Breach Trends and Offers Mitigation Advice
Report: Healthcare Is No. 1 - For Breaches
Report: Phishing was most common vector for 2018 breaches, and healthcare was the top sector hit.

Healthcare organizations - especially those that have been hit with phishing attacks - won't be surprised to learn that a new report shows the healthcare sector was the No. 1 target for major data breaches last year. And the No. 1 cause of breaches across all industries was phishing.

See Also: Webinar | Passwords: Here Today, Gone Tomorrow? Be Careful What You Wish For.

Those findings come from the law firm BakerHostetler's fifth annual Data Security Incident Response Report. It's based on insights from its legal work with the victims of more than 750 U.S. data breach incidents in 2018.

Top Sectors Experiencing Breaches

Source: BakerHostetler

I frequently write about phishing incidents that are added to the Department of Health and Human Service's HIPAA Breach Reporting Tool, the official health data breach tally. But the BakerHostetler findings put the security challenges facing all industries into perspective.

For instance, while phishing was involved in 37 percent of incidents in all sectors, other common causes were network intrusions (30 percent); inadvertent disclosures (12 percent); loss or stolen devices/records (10 percent); and system misconfiguration (4 percent).

Other top breach trend findings across all industries:

  • Some 25 percent of incidents triggered international reporting requirements under such laws as the European Union's General Data Protection Regulation.
  • An encryption key was received and data restored for 91 percent of organizations who paid a ransom after a ransomware attack. The average ransom paid was nearly $29,000, and the largest ransom was $250,000.
  • Employees were responsible for 55 percent of breaches. That includes falling victim to phishing attacks, where users mistakenly click on malicious links. Malicious insiders were responsible for just 5 percent of the breaches examined.
  • Vendors were involved in 11 percent of the incidents.
  • Once an attacker gained access to a device or an account, the most common next steps were accessing an Office 365 account (34 percent); roaming the network to find available data (30 percent); installing ransomware (12 percent); and obtaining a wire transfer to an attacker's account (8 percent).

When it comes to the healthcare sector and its vulnerability to cyberthreats, a separate new study released Thursday by the security consultancy CynergisTek places part of the blame on an overemphasis on regulatory compliance, rather than on efforts to adopt more robust standards, practices and security controls - such as those laid out by the National Institute of Standards and Technology Cybersecurity Framework.

Taking Action

The BakerHostetler report highlights several risk management steps that organizations should take, including:

  • Strengthen access controls - especially by implementing multifactor authentication.
  • Secure cloud resources. "Given the effectiveness of phishing, cloud resources accessible by just a username and password will continue to be at risk."
  • Update detection methods and defenses to keep up with threat actors who are constantly modifying their tools, tactics and procedures to avoid detection.
  • Prepare for increased extortion demands, especially as threat actors pay more attention to identifying their victims and demanding a higher ransom.

What steps is your organization taking to defend against cyberattacks?



About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site, and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.