As IBM X-Force Security Research predicted six months ago, a shift in cybercriminals’ focus from the retail industry led to increased risk in the health care sector in the second half of 2016. Unfortunately, empirical data confirmed just how dramatic these trends have been on a year-over-year basis. Let’s review the state of health care security in 2016.

Top Threats to Health Care Security in 2016

The Privacy Rights Clearinghouse published a chronology of publicly disclosed data breaches, sorted by type of breach, type of organization, number of records compromised and date of disclosure. The following graphic shows that the total number of data breaches in the health care sector ballooned from 81 in 2015 to 283 in 2016.

Drilling down into the type of breaches is also enlightening when reviewing the state of health care security in 2016.

Malicious External

External, malicious incidents, which may involve malware infection or other outside cybercriminal activity, increased from 17 instances in 2015 to 121 in 2016. This category includes ransomware, by far the highest-profile exploit to hit the health care sector in 2016.

Non-Malicious Internal

Sometimes breaches occur as the result of a pure accident. For example, a user with legitimate access might unintentionally disclose sensitive data, mistakenly post sensitive information publicly, or send a confidential email, fax or physical documents to the wrong party. This type of insider threat increased by a factor of nearly five, from 18 in 2015 to 86 in 2016.

Lost or Stolen Devices

This type of breach occurs when devices holding sensitive data are lost, stolen or improperly discarded. Incidents involving this type of breach increased by about 45 percent, from 27 in 2015 to 39 in 2016. Virtually all of these are mobile or portable devices such as smartphones, laptops, memory sticks, hard drives, backup tapes and so on. Most organizations use encryption to address the risk of data breaches on their endpoints.

Physical Loss

Incidents in which paper documents were physically lost, discarded or stolen increased by about 2.7 times, from 12 in 2015 to 32 in 2016. This is a good reminder that the scope of information security actually encompasses data in all forms, electronic or not.

Malicious Internal

There was one bright spot in the year-over-year trends, according to the report. Internal breaches stemming from malicious users with legitimate access, such as employees, contractors, business partners and customers, decreased from 11 in 2014 and seven in 2015 to just five in 2016. While the insider threat is still a serious concern, the data showed that it’s a relatively low-priority issue with regard to data breaches.

Looking Back, Looking Ahead

Why did the cyberthreat landscape shift to the health care sector? Cybercriminals have the motive — since health care data is both valuable and long lasting — and the opportunity. They are able to exploit common use of legacy systems and devices with weak security, as well as a fragmented workforce with a high priority on patient care and low priority on security, and the pressing need for immediate access to patient records. These factors make health care an extremely attractive target.

The prescription for health care security in 2017 and beyond? Recognize the fundamental problem as a business issue, not a technology issue. Understand the risks, decide how much risk is acceptable and invest in a more mature set of capabilities for reducing risk to an acceptable level.

Listen to the podcast: Data Security Insights from a Health Care Insider

More from Healthcare

Reporting Healthcare Cyber Incidents Under New CIRCIA Rules

Numerous high-profile cybersecurity events in recent years, such as the Colonial Pipeline and SolarWinds attacks, spurred the US government to implement new legislation. In response to the growing threat, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) in March 2022.While the law has passed, many healthcare organizations remain uncertain about how it will directly affect them. If your organization has questions about what steps to take and what the law means for your processes,…

Healthcare Breaches Costliest for 12 Years Running, Hit New $10.1M Record High

IBM Security and the Ponemon institute release an annual report known as one the most significant industry benchmarks. The Cost of a Data Breach analysis examines real-world breaches in great detail, producing insights into the factors that impact the cost of cyber-attacks. In the 2022 report just released, the healthcare sector stands out for extremely high breach costs on the global average chart. Furthermore, the sector has kept its leading position in that respect for the 12th year in a…

Incident Response for Health Care IT: Differences and Drivers

Threat actors continue to target the health care industry. IBM’s Threat Intelligence Index for 2022 rates the industry as the sixth most targeted. That puts it close behind the energy and retail and wholesale sectors. Certain regions seem to be more prone to attack as well. The Asia-Pacific region accounted for 39% of all health care-related attacks, while North America trailed next at 33%. Coming as no surprise, ransomware is the leading known method of attack, representing 38% of cases.Some…

Hospital Ransomware Attack: Here’s What a Cybersecurity Success Story Sounds Like 

Major ransomware attacks are scary, but against hospitals, they are even worse. One notable attack in August 2021 forced Ohio’s Memorial Health System emergency room to shut down (patients were diverted to other hospitals). In all hospital attacks, the health, safety, privacy and lives of patients face risk. But this incident also shows that whether targets are hospitals or any other kind of organization, the time and money spent preventing attacks is almost always worth it.  But what do you do…