Can you hear me now? Verizon reports that the healthcare industry had more breaches than any other industry in 2017. In the recently released 2018 Data Breach Investigations Report (DBIR) by Verizon, Personally Identifiable Information and Protected Health Information were shown to be the most common types of data compromised overall, even more than payment information.
The findings do not surprise PrivaPlan President David Ginsberg. “Privaplan’s experience both in the U.S. and globally with our many clients, confirms an increase in exploits that result in breaches,” he said.
Additionally, according to the report, healthcare is the only industry where the threat from inside is greater than that from outside. Human error is a major contributor to those stats making up 17% of all breaches. This includes employees failing to shred confidential information, sending an email to the wrong person or misconfiguring web servers. While none of these were deliberately ill-intentioned, the DBIR stated, they could all still prove costly.
Employees are also abusing their access to systems or data, although in 13% of cases, it’s driven by fun or curiosity—for example, where a celebrity has recently been a patient. Looking at forbidden data is only part of the problem; many are still falling for phishing campaigns. While 78% of people don’t click on a single phishing campaign all year, an average of 4% of the targets in any given phishing campaign will click it. The DBIR found that, incredibly, the more phishing emails someone has clicked, the more likely they are to do so again.
Then there are the unfortunate incidents when items consistently go missing from healthcare organizations each year, such as laptops, other portable devices, and paper documents. Employee offices account for 36% of theft locations, and employees’ personal vehicles account for 32% of theft.
Back to the question that opened this post: Can you hear me now? Because the healthcare industry is at the top of data breaches, your job may never be more important than it is now. Review your security policies and procedures and update to the latest standards. Test and train your employees regarding security rules and regulations.
“Our Security Risk Assessments help our customers determine their risks to potential data breaches,” said Ron Bebus, IT Security Consultant for PrivaPlan. “It’s always great to see their progress of strengthening security systems and practices when we return for follow-up assessments. In the last few years, we have also helped them train their staff on the dangers of phishing attacks.”
In a timely announcement, Ginsberg said, “We have just released our long anticipated HIPAA Masters Class Certification program for HIPAA privacy and security officials, compliance officials and anyone else interested in a Certificate learning program!”
To learn more, you can reach our experts at info@privaplan.com or call 877-218-7707. We can hear you now, and always.