Cybercriminals got especially healthy last year, targeting the healthcare industry like never before. In fact, healthcare is the most frequently attacked industry, ahead of manufacturing, financial services, government, and transportation.
Five of the eight largest healthcare security breaches – all with more than 1 million records compromised – took place during the first six months of 2015, according to IBM 2016 Cyber Security Intelligence report. Overall, more than 100 million healthcare records were compromised during 2015.
Healthcare records represent the most valuable haul on the black market because they contain so many varying forms of personal data — credit card and social security numbers, employment information, medical history. Most of that information remains valid even after the discovery of a data breach, and cyber criminals use it to perpetrate phishing attacks, fraud, and identity theft.
No surprise, then, that healthcare has also suffered the most severe financial consequences as a result of being so highly targeted. A separate report by IBM and the Ponemon Institute shows the average cost of a data breach at a healthcare organization could cost as much as $398 per stolen record, compared to the average cost across industries of $217 per stolen record.
Regardless of industry, most attacks were inside jobs. Whether they represented an intentionally malicious act or a resume-generating Oops Moment, 60 percent of cyberattacks in 2015 were launched by an insider with legitimate access to the organization’s network.
“Although the insider is often an employee of the company, he or she could also be a third party,” according to the report. “That includes business partners, clients, or maintenance contractors, for example. They’re individuals you trust enough to allow them access to your systems.”
The good news is that inadvertent insider attacks decreased from nearly one-half in 2014 to one-third in 2015, which could indicate more businesses are making employee threat awareness and cybersecurity training a priority.
As for leading causes of incidents in 2015, the clear frontrunner was unauthorized access. While malware dominated the scene in both 2012 and 2013, unauthorized access incidents flew to the top in 2014, accounting for 37 percent of all security breaches. That figure rose once again, this time to 45 percent, in 2015.
Healthcare organizations may be the most targeted, but no industry is immune. All organizations should take proactive measures above and beyond compliance requirements to mitigate the effects of a cyberattack.
The best defense is a proactive managed security plan that includes:
- 24×7 Intrusion Monitoring and Alerting, with real-time review by security analysts
- Advanced Firewall Management
- Regular vulnerability assessments, which include phishing and social engineering tests
- Employee Security Awareness & Training, with executive briefings tailored specifically to your company and your industry
Images Source: IBM