Most Breaches Inadvertent Inside Jobs

Most Breaches Inadvertent Inside Jobs

Don’t look any farther than clinic’s walls to find most of the sources of data breaches, says Verizon, which recently released their 2019 Data Breach Investigations Report.  What they found adds to Compliance Officers‘ headaches.

Not in Our Stars But in Ourselves

The report, which reflects research results of 41,686 security incidents and 2,013 data breaches from 86 countries and several industries, indicates that in addition to foolish errors.  healthcare workers misusing privileges and applications create most of the problems.  In a large number of cases, the breaches are generated by an innocent employee’s mistroke. However, many are caused by employees’ greed, desire for revenge, and espionage.  The top three patterns for errors are:

  1. Miscellaneous mistakes
  2. Privilege misuse
  3. Web applications

Not surprisingly, 72% of the data being compromised is medical while 34% is personal. Credentials is the third most compromised data in healthcare.  Verizon identifies 59% of “threat actors” as internal, while 4% can be partners and 42% is external. Four out of five motives for the threat actors can be classified as financial, but fun, convenience, grudge, and espionage are also motivators.

C-level executives are 12 times more likely to the target of social incidents and 9 times more likely to be the target of social breaches than in years past, Verizon asserts.  Like their employees, they open emails, download questionable applications, and access risky sites. Data compromised by recklessness amounts to 72% medical, 34% personal, and 25% credential.

No Breaches Without Outsiders

Except for those cases where a staff member may open a patient’s record without authorization, most breaches begin with outside threats.  Ransomware attacks account for 24% of the incidents where malware was used. In most cases, the malware is released when an email attachment or link is opened by an unwitting staff member. These attacks are often aimed at healthcare facilities and groups because of perceived deep pockets. Data is locked and either destroyed or sold on the Dark Web.

The success of phishing attacks has fallen dramatically of the last seven years, but 18% of those who do fall for the attacks are doing so on mobile devices.

Certified Professional Compliance Officer - CPCO

Overall, while Verizon’s report indicates progress in preventing some breaches, the growth in self-generated breaches is, according to the data company, sobering.

Brad Ericson

Brad Ericson

Director of Publishing at AAPC
Brad Ericson, MPC, CPC, COSC, has been director of publishing since 2007. Before AAPC he was at Ingenix for 13 years and Aetna Health Plans prior to that. He has been writing and publishing about healthcare since 1979. He received his Bachelor's in Journalism from Idaho State University and his Master's of Professional Communication degree from Westminster College of Salt Lake City.
Brad Ericson

Latest posts by Brad Ericson (see all)

About Has 389 Posts

Brad Ericson, MPC, CPC, COSC, has been director of publishing since 2007. Before AAPC he was at Ingenix for 13 years and Aetna Health Plans prior to that. He has been writing and publishing about healthcare since 1979. He received his Bachelor's in Journalism from Idaho State University and his Master's of Professional Communication degree from Westminster College of Salt Lake City.

Leave a Reply

Your email address will not be published. Required fields are marked *