As the healthcare industry continues to be a target in cyberattacks focused on data breaches of patient health records, the latest data shows that cybercriminals are taking more than ever.
When the number of breaches doesn’t materially change from year to year, it’s a natural assumption that the impact of those breaches is equally similar.
But, according to new data in the 2019 Annual Breach Barometer Report from patient privacy monitoring vendor Protenus, the number of breaches rose from 477 breaches in 2017 to 503 in 2018, with the number of records nearly tripling year over year – from 5.6 million to a little under 15.1 million.
With breached records costing healthcare organizations an average of $408, the massive jump in the number of total records breaches incurs a significant cost.
Also according to the report, it took healthcare organizations 255 days to detect a breach. While down from 308 days in 2017, the 255 days still represents over 8 months of time with a breach remaining undetected.
Part of the issue is how these breaches are occurring – malware, hacking, and social engineering make up one-third of all data breaches in healthcare. All of these threat actions involve the user. In each scenario, the user needs to open an email, respond to a web form, click on a malicious link. And, also in each scenario, the user has the opportunity to scrutinize emails and websites they interact with, looking for and avoiding any content that could be considered suspicious.
Users that frequently undergo Security Awareness Training are taught to have a security-centric mindset while at work – one that incorporates the need to protect the organization from email- and web-borne attacks through tactics such as phishing and social engineering.
The bad guys are obviously getting better at taking more data from healthcare organizations. It’s time for these organizations to step up their cybersecurity stance and include users as part of the defense.