We’re just passed the midway point of the year and if this were our own health report, we’d be failing miserably when it comes to data breach prevention.
According to a recent report from Protenus and Databreaches.net, over 31 million healthcare records were breached in the first six months of 2019. That is double the amount of 2018.
The information in these breaches was not caught and remediated quickly either. Patient data was ‘for sale’ and available for manipulation on the dark web for months before being discovered in the American Medical Collection Agency breach. With a confirmed 20 million records having been affected, the fallout from that will reveal itself in all of the days and months ahead – if not years.
So how did we get here?
Some of these were insider jobs – in fact, 60 of the incidents were a result of that. That means that over 3 million records were exposed because of existing employees. These aren’t the hackers lurking on the dark web or in airports stealing your Wi-Fi, these are KNOWN actors in a business. Hacking accounted for 60% of all incidents. This means that out of 168 data breaches, phishing took down 88 businesses, with ransomware and malware being deployed at 27 of those.
The statistics are staggering, but what is also something to take note of – aside from the revelation that insiders are putting your business at risk – is that it’s not direct healthcare entities that are always responsible. Yes, providers reported 72% of the breaches, but it was also health plans and business associates that are contributing to the overall numbers.
What does this mean?
It means that we can stand by and watch the numbers continue to elevate, the rate of increase continues to double and triple, or we can rework our approach, attack and react. We’ve said it before, but every business owner – regardless of the vertical or channel in which they operate, need to say, “It is no longer an option of IF I’m part of a breach, but a matter of WHEN I’m part of a breach.” Second to this must be the integration of cyber insurance into a business’s arsenal. Surviving the breach is one thing, but thriving afterward and even during a breach, is another.