Report: Healthcare Is No. 1 - For BreachesNew Studies Analyzes Breach Trends and Offers Mitigation Advice
Healthcare organizations - especially those that have been hit with phishing attacks - won't be surprised to learn that a new report shows the healthcare sector was the No. 1 target for major data breaches last year. And the No. 1 cause of breaches across all industries was phishing.
See Also: Threat Horizons Report
Those findings come from the law firm BakerHostetler's fifth annual Data Security Incident Response Report. It's based on insights from its legal work with the victims of more than 750 U.S. data breach incidents in 2018.
Top Sectors Experiencing Breaches
I frequently write about phishing incidents that are added to the Department of Health and Human Service's HIPAA Breach Reporting Tool, the official health data breach tally. But the BakerHostetler findings put the security challenges facing all industries into perspective.
For instance, while phishing was involved in 37 percent of incidents in all sectors, other common causes were network intrusions (30 percent); inadvertent disclosures (12 percent); loss or stolen devices/records (10 percent); and system misconfiguration (4 percent).
Other top breach trend findings across all industries:
- Some 25 percent of incidents triggered international reporting requirements under such laws as the European Union's General Data Protection Regulation.
- An encryption key was received and data restored for 91 percent of organizations who paid a ransom after a ransomware attack. The average ransom paid was nearly $29,000, and the largest ransom was $250,000.
- Employees were responsible for 55 percent of breaches. That includes falling victim to phishing attacks, where users mistakenly click on malicious links. Malicious insiders were responsible for just 5 percent of the breaches examined.
- Vendors were involved in 11 percent of the incidents.
- Once an attacker gained access to a device or an account, the most common next steps were accessing an Office 365 account (34 percent); roaming the network to find available data (30 percent); installing ransomware (12 percent); and obtaining a wire transfer to an attacker's account (8 percent).
When it comes to the healthcare sector and its vulnerability to cyberthreats, a separate new study released Thursday by the security consultancy CynergisTek places part of the blame on an overemphasis on regulatory compliance, rather than on efforts to adopt more robust standards, practices and security controls - such as those laid out by the National Institute of Standards and Technology Cybersecurity Framework.
The BakerHostetler report highlights several risk management steps that organizations should take, including:
- Strengthen access controls - especially by implementing multifactor authentication.
- Secure cloud resources. "Given the effectiveness of phishing, cloud resources accessible by just a username and password will continue to be at risk."
- Update detection methods and defenses to keep up with threat actors who are constantly modifying their tools, tactics and procedures to avoid detection.
- Prepare for increased extortion demands, especially as threat actors pay more attention to identifying their victims and demanding a higher ransom.
What steps is your organization taking to defend against cyberattacks?