In the past year, health care organizations have increasingly become targets for data breaches. According to data from the Office for Civil Rights, there were 253 health care breaches in 2015, affecting more than 500 individuals and losing over 112 million records.
To understand why these incidents persist, telecommunications company Verizon conducts an annual survey of enterprise data breaches. In its 2016 Data Breach Investigation Report, the company found that hackers tend to exploit human error when accessing their targets.
Taking advantage of human nature
According to the report, 85 percent of successful breaches all involved one or more of the top 10 known vulnerabilities. More specifically, 63 percent of data breaches exploited weak or stolen passwords. Despite the growing threat, the report also found that many organizations are still missing basic defenses against hackers.
"Miscellaneous errors," like sending sensitive information to the wrong recipient or improperly disposing of documents, was the top reason for data breaches in the past year. However, the problem is not necessarily that health care employees are more naive when it comes to navigating the web, but that hackers are becoming wiser to common missteps.
"There's a pronounced trend of a combination of social engineering, like phishing that is followed by hacking actions," Suzanne Widup, senior analyst on the Verizon RISK team, told Health Care IT News. "Hackers are beginning to impersonate executives to get the data they want, for financial fraud and other kinds of information."
Widup pointed out that health care data is becoming more valuable than credit card data, which is why hackers are looking for more surefire strategies to access the information. Backing up that observation, the Verizon report found that 89 percent of attacks were either motivated by financial gain or espionage.
Phishing, according to Verizon, is one of the most popular methods for that reason. The report found that 30 percent of phishing messages were opened in the past year – a 23 percent increase from the year before. Now, phishing attacks are more likely part of a "three-pronged attack" that continues with malware to steal passwords and other credentials that can be used to access third-party websites.
How providers can fight back
With these trends, it's more important than ever for health care providers to revisit their security solutions and look for potential vulnerabilities. These attacks can lead to loss of data and funds, but more so, they can irrevocably damage reputations.
While it may be impossible to eliminate the vulnerability of human error entirely, it's important to train and educate your staff as much as possible. This can at least help reduce the likelihood of a breach. For training resources and seminars, contact Professional Medical Services today.
