According to the latest Verizon Data Breach Investigations Report, the insider threat remains the greatest threat to healthcare providers

Healthcare is the only industry, across nine surveyed, in which internal actors are the biggest threat to an organization. Human error remains a major contributor to healthcare risks.

Nearly 58% of the sector’s breaches were caused by internal threat actors, while 42% were caused by external risks. 

Computerized-reasoning-and-its-Applications-in-Healthcare.jpg

For the report, Verizon analyzed 53,000-plus cybersecurity incidents from the past 12 months, including more than 2,200 breaches, across 67 contributing organizations in 65 countries. The organizations were from nine key industries, including healthcare, which comprised 750 incidents and 536 breaches.

System misuse caused 24% of internal breaches. These are incidents involving unapproved or malicious use of organizational resources. These mainly involve insider only misuse, but outsiders (due to collusion) and partners (granted privileges) are included as well. In 31% of incidents related to system misuse, employees attributed the breach to "curiosity" — for example, if a celebrity had recently been a patient.

35% of internal breaches were caused by user error. These were incidents in which unintentional actions directly compromised an attribute of a security asset. This doesn’t include lost devices, which are grouped with theft.

The most frequently targeted types of data in the healthcare industry were medical records at 79%. Personally identifiable information (e.g. Social Security numbers, name, date of birth) was targeted 37% of the time, and payment information was targeted least at 4%.

Also significant was that 87% of breaches took minutes or less to achieve; and more than two-thirds of breaches went undiscovered for months or longer.

“[Cybercriminals] don’t need much time to extract valuable data – they usually have much more than they need as it typically takes organizations weeks or months to discover a breach,” the report authors wrote.

According to the report, healthcare organizations need to routinely monitor log files and change management systems to detect a security compromise, while training employees to spot signs of an attack. Additionally, organizations should limit who has access to sensitive data only to those who need it.

An overall incident response plan should also be established and include both internal stakeholders as well as external partners in areas of legal guidance and forensic investigative assistance. 

“What’s interesting to us is that businesses are still not investing in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom,” Bryan Sartin, Verizon’s executive director of security professional services, said in a statement.

Organizations from all industries need to develop more proactive approaches to security, and better understand threats, while putting solutions in place to protect themselves. However, with the sizable amount of personal information healthcare organizations store - and the frequency at which they are targeted by cybercriminals - there is an added burden on providers to secure patient information. 


Breadcrumb is a cybersecurity and executive advisory firm. Located in Central California, we partner with organizations throughout the US, protecting their critical assets from cyber breach. Contact us today for a no-obligation consultation.