April 4, 2018
When cybersecurity breakdowns occur in healthcare, there are usual suspects you can look to, a new report from Verizon suggests.
More troubling, those usual suspects are usually part of the health-care organization where the breach occurred, and healthcare is behind other industries in securing personal information in its databases.
The 2018 Protected Health Information Data Breach Report (PHIDBR) from Verizon, which Clinical Innovation + Technology details on its web site, included the evaluation of 1,368 cybersecurity incidents from 27 countries. It delves into the cybersecurity of healthcare following the Data Breach Investigations Report (DBIR). The PHIDBR includes findings on what cased cybersecurity incidents, what types of incidents are most common, and solutions to improving the privacy and security of patient data.
Findings included:
21 percent of cybersecurity incidents occurred because of stolen laptops that contained unencrypted patient data.
70 percent of cybersecurity incidents with malicious code were classified as ransomware attacks.
58 percent of cybersecurity incidents in healthcare involved insiders. Insiders were found to endanger data for financial gain (48 percent), fun or curiosity in reading personal records (31 percent) and convenience (10 percent).
27 percent of security incidents involved patient health information on paper records. Breaches of patient information from paper records are more prevalent in the healthcare sector. The main causes included sensitive data not being delivered correctly (20 percent), thrown away without shredding (15 percent) and lost paper documents (8 percent).
Solutions to improving cybersecurity included:
Full encryption: “These services are effective and low-cost ways of protecting patient data.
Continuous monitoring of who has access to records: Cybersecurity polices should be required to the monitoring of patient health record access. Training employees and adopting warning banners could reduce incidents causes by internal factors.
Develop preventative measures: Adopting measures to combat ransomware attacks and malware would prevent devices from being hacked and patient health records from being accessed.
