Almost three-quarters of security incidents in healthcare in 2015 involved physical theft and loss, insider and privilege misuse and miscellaneous errors, according to the Verizon 2016 Data Breach Investigations Report.
That top category—physical theft and loss—is a bigger problem for healthcare than for any other sector included in the report at 32 percent. To address the problem, the report recommends healthcare organizations encrypt their data, train their staff and reduce the use of paper.
The second largest category, insider and privilege misuse, accounts for 23 percent of security incidents in healthcare while only 16 percent of incidents across all sectors. It’s the leading cause of confirmed data breaches, where data was stolen, in healthcare.
Often due to a disgruntled employee, the report recommends that healthcare organizations should monitor user behavior, track USB usage and know their data. “To protect it you need to know what data you have, where it is and who can access it.” Where possible, restrict data access to those who really need it and make sure to update user accounts as soon as employees leave the organization or change their job role, the report advises.
Breach data is typically compromised in minutes or less but discovery often took months or more. More than half (56 percent) of security incidents in healthcare are discovered in days or less but 39 percent remained undiscovered for months or more. Healthcare systems were compromised in minutes or less in 63 percent of cases. That gives successful attackers plenty of time to search for sensitive and potentially lucrative patient records, according to the report.
Access the complete report.