Beazley, a specialist insurance company, its July 2017 Insights report. The twice-yearly report examines the causes of data breaches experienced by its clients. This report details 1,330 breaches which occurred between January and June 2017 across four different industries.
The report revealed that hacking and malware attacks were the prevalent cause of data breaches, representing 426 attacks (32% of total). This category included ransomeware attacks, of which there has been a significant rise in recent years.
Some industries were more affecting by hacking and malware attacks than others. For example, 44% of attacks of the professional services were down to hacking and malware, and a similar figure was seen higher education (43%). The financial services industry suffered a lower proportion of hacking/malware attacks, at only 37% of their total number of breaches. Only 18% of the breaches in healthcare industry could be attributed to hacking and malware.
Although hacking wasn’t the prevalent cause for breaches in the healthcare industry, the sector did see a surge in the number of ransomware attacks experienced. The number of ransomware attacks increased by 133% in the first six months of 2017. This rise is also seen, to a less extreme extent, in the other industries. Overall, there was an increase of 50% in ransomware attacks.
Accidental exposure of protected health information (PHI) caused by employees or third-party suppliers accounts for nearly as many breaches as hacking and malware incidents, at 30% of the total. For the healthcare industry, accidental data breaches were the leading cause of data security incidents. Employee errors contributed to 42% of all healthcare industry breaches, in comparison to just 18% attributed to hacking and malware attacks. However, it should be noted, that while accidental breaches may occur more frequently, they tend to be on a much smaller scale than hacking attempts and fewer records may be exposed in each breach.
Beazley reports that the percentage of accidental breach incidents does not vary from year to year, despite repeated calls for better employee training programs to be implemented. These accidental disclosures of PHI include a wide range of errors such as misdirected faxes and emails and the improper release of discharge papers.
Commenting on the high proportion of accidental breaches, the report’s authors state “This continuing high level of accidental data breaches suggests that organizations are still failing to put in place the robust measures needed to safeguard client data and confidentiality.”
Following hacking and malware attacks, insider theft the third leading cause for breaches in the healthcare industry, causing 14% of incident. Physical loss of records (8%) and portable device incidents (6%) came next, followed by social engineering attacks which accounted for 3% of the total. Payment fraud was only responsible for 1% of all data breaches in the healthcare industry. The remaining 8% of incidents were attributed to unknown/other causes.