Insiders Responsible for Majority of Healthcare Data Breaches in 2018

Posted May 15, 2019

Internal actors within the healthcare industry were responsible for the majority of data breaches occurring in 2018, according to an investigations report from Verizon.

Of the 466 healthcare cybersecurity incidents last year reported by Verizons, 304 involved confirmed data disclosure. The majority (59%) of these data breaches were internal attacks, indicating that a startling number of healthcare personnel may be abusing their access to patient data or committing errors that lead to breaches.

Healthcare was the only industry with a greater number of internal versus external attacks, according to the analysis of more than 20 industries. Looking at all industries, external actors were responsible for 69% of breaches, while insiders were identified as the source in 34% of breaches.

Notably, this study did not count ransomware incidents as breaches because of a “lack of the required confirmation of data loss.” If ransomware incidents—which the healthcare industry must disclose in keeping with U.S. regulatory requirements—were counted, it’s likely that the breakdown between internal and external attacks would be different.

According to Verizon’s' executive summary, the overall analysis was based on "real-world data from 41,686 security incidents and 2,013 data breaches provided by 73 data sources, both public and private entities, spanning 86 countries worldwide."

Miscellaneous errors, privilege misuse, and web applications accounted for 81% of incidents within healthcare. Verizon further reported motives for cyber breaches, with 83% of incidents being financially motivated, while the remaining breaches were categorized as being motivated by fun (6%), convenience (3%), grudge (3%), and espionage (2%).

The top three threat actions facing healthcare, according to the report, were hacking breaches involving stolen credentials to servers, privilege abuse involving databases, and phishing emails.

To improve cybersecurity, Verizons recommended that healthcare leaders monitor access, encourage reporting, and improve processes.

AAMI offers a variety of resources to help improve cyber defenses, including Medical Device Cybersecurity: A Guide for HTM Professionals; TIR57, Principles for Medical Device Security—Risk Management; and the TIR 80001 series on the application of risk management for IT networks incorporating medical devices.