Cybersecurity issues extend beyond healthcare
Healthcare has faced several high-profile cyberattacks this year but it’s not the only industry feeling the repercussions of data breaches.
Ninety percent of industries have experienced a breach of personal information, according to research from Verizon’s business division. Other businesses are unlikely to have quite as detailed information but they do have data from employee benefits and wellness programs and many have information from workers’ compensation claims.
Companies outside healthcare often don’t go as far to secure health data take steps to secure health data the same way they do other information. “They’re focused on protecting their customer data, or they’re focused on their intellectual property,” said Suzanne Widup, the report’s lead author. “And that’s why I think that when some of these breaches have happened, it’s been a bit of a shock to organizations.”
Verizon researchers analyzed data from 25 countries over 20 years. In 1,900 breaches, nearly 400 million health records were stolen—but the actual number of stolen records is likely much higher, because some organizations did not report the extent of their breaches.
Half of all the data breaches discovered in 2014 took place months or even years earlier. Breaches due to a laptop theft are more likely to be reported quickly allowing the organizations involved to minimize the damage. According to the data studied by Verizon, one-third of incidents discovered in 2014 were reported within days.
The majority of breaches undiscovered for a long time are due to an insider because it’s a lot harder to detect someone snooping around if they’re just abusing their own network-access privileges. Tools that monitor network activity and raise flags when something unusual happens are in use at some companies but often go unmonitored, according to Widup.
Encryption would help, according to the report, but some companies haven’t taken that step because of fear that it will slow access to files. Widup says strong encryption isn’t a priority for many organizations.