Most Breaches Inadvertent Inside Jobs

Most Breaches Inadvertent Inside Jobs

Don’t look any farther than clinic’s walls to find most of the sources of data breaches, says Verizon, which recently released their 2019 Data Breach Investigations Report.  What they found adds to Compliance Officers‘ headaches.

Not in Our Stars But in Ourselves

The report, which reflects research results of 41,686 security incidents and 2,013 data breaches from 86 countries and several industries, indicates that in addition to foolish errors.  healthcare workers misusing privileges and applications create most of the problems.  In a large number of cases, the breaches are generated by an innocent employee’s mistroke. However, many are caused by employees’ greed, desire for revenge, and espionage.  The top three patterns for errors are:

  1. Miscellaneous mistakes
  2. Privilege misuse
  3. Web applications

Not surprisingly, 72% of the data being compromised is medical while 34% is personal. Credentials is the third most compromised data in healthcare.  Verizon identifies 59% of “threat actors” as internal, while 4% can be partners and 42% is external. Four out of five motives for the threat actors can be classified as financial, but fun, convenience, grudge, and espionage are also motivators.
C-level executives are 12 times more likely to the target of social incidents and 9 times more likely to be the target of social breaches than in years past, Verizon asserts.  Like their employees, they open emails, download questionable applications, and access risky sites. Data compromised by recklessness amounts to 72% medical, 34% personal, and 25% credential.

No Breaches Without Outsiders

Except for those cases where a staff member may open a patient’s record without authorization, most breaches begin with outside threats.  Ransomware attacks account for 24% of the incidents where malware was used. In most cases, the malware is released when an email attachment or link is opened by an unwitting staff member. These attacks are often aimed at healthcare facilities and groups because of perceived deep pockets. Data is locked and either destroyed or sold on the Dark Web.
The success of phishing attacks has fallen dramatically of the last seven years, but 18% of those who do fall for the attacks are doing so on mobile devices.
Overall, while Verizon’s report indicates progress in preventing some breaches, the growth in self-generated breaches is, according to the data company, sobering.

Certified Professional Compliance Officer - CPCO

Brad Ericson
Latest posts by Brad Ericson (see all)

About Has 337 Posts

Brad Ericson, MPC, CPC, COSC, is a seasoned healthcare writer and editor. He directed publishing at AAPC for nearly 12 years and worked at Ingenix for 13 years and Aetna Health Plans prior to that. He has been writing and publishing about healthcare since 1979. He received his Bachelor's in Journalism from Idaho State University and his Master's of Professional Communication degree from Westminster College of Salt Lake City.

Comments are closed.