Healthcare Data Breaches Lag Other Industries
Other notable numbers from the report include:
- 48% involved privilege misuse
- 40% resulted from hacking
- 38% utilized malware
- 28% employed social tactics
- 15% comprised physical attacks
- 98% of all data breached came from servers
- 85% of attacks were not considered highly difficult
- 96% of breaches were avoidable through simple or immediate controls
In all, the report surmises that the biggest problem may be stolen and/or weak credentials.
"The amount of breaches that exploit authentication in some manner is a problem," the report says. "In our last report it was default credentials; this year it's stolen and/or weak credentials. Perhaps this is because attackers know most users are over-privileged. Perhaps it's because they know we don't monitor user activity very well. Perhaps it's just the easiest way in the door. Whatever the reason, we have some work to do here. It doesn't matter how hardened our defenses are if we can't distinguish the good guys from the bad guys."
Verizon and the Secret Service also offered these data security tips:
- Restrict and monitor privileged users. "Insiders, especially highly privileged ones can be difficult to control but there are some proven strategies. Trust but verify," the report says. "Use pre-employment screening to eliminate the problem before it starts. Don't give users more privileges than they need (this is a biggie) and use separation of duties."
- Watch for "minor" policy violations. Actively search for such indicators rather than just handling them as they pop up. They could lead to major violations.
- Implement measures to thwart stolen credentials: Keep credential-capturing malware off systems. That's "priority number one." Consider two-factor authentication where appropriate.
- CVS Ramps Up Retail Clinics with Provider Affiliations
- 4 Tectonic Shifts Shaking Up Healthcare
- Contradictory Obamacare Rulings Issued by Appellate Courts
- Study Puts Spotlight on Preventing Fall-Related Injuries
- As HIPAA Breaches Accelerate, Tools Lag
- Wanted: Nurse PhDs
- Roundtable: Life After a Healthcare Organization Acquisition
- Medical Errors Third Leading Cause of Death, Senators Told
- As States Regulate Provider Competition, Common Threads Emerge
- Drug Pricing 'Tantamount to Greed,' Lawmaker Says