Report: Internal actors responsible for most healthcare breaches
Most system breaches that expose protected health information stem from internal actors, according to Verizon’s 2018 Protected Health Information Data Breach Report.
The report—which looks at threats facing protected health information—studied more than 1,300 security incidents and breaches at healthcare organizations between 2015 and 2017. According to the report, 57.5 percent of security incidents stemmed from internal actors, while 42 percent came from external actors.
The report also said misdelivery was the most common type of unintentional error that compromised protected health information—making up about 38.2 percent of those errors. Disposal errors were 17.2 percent. Those errors mostly affected documents.
Privilege abuse (66 percent), data mishandling (21.6 percent) and possession abuse (16.9 percent) were the most common types of misuse incidents that exposed health data. Those types of incidents mostly affected databases.
According to the report, thefts comprised 95.2 percent of physical security incidents—mostly of laptops. It also revealed 70.5 percent of malware attacks come from ransomware, which mostly affected databases.
To address common security threats, the report encouraged healthcare organizations to implement full disk encryption, mandate routine monitoring of record access and build resiliency to combat ransomware attacks.