Healthcare Information Security

Cybersecurity News

2016 Record Data Breach Year, Attackers Less Healthcare-Focused

A recent IBM report found that while 2016 was a historic year for data breaches, cyber criminals became more focused on financial services than healthcare.

Data breaches increased in 2016, but there was a greater focus on financial services than healthcare.

Source: Thinkstock

- There were a record number of records compromised from data breaches in 2016, growing 566 percent in 2016 from 600 million to more than 4 billion, according to a recent IBM report.

The 2017 IBM X-Force Threat Intelligence Index also found that healthcare is also no longer the most attacked industry, as cyber criminals have started to place a larger focus back on the financial services industry.

Specifically, 12 million records were compromised in healthcare in 2016, which kept it out of the top five most-breached industries. In 2015, approximately 100 million healthcare records were compromised, which is an 88 percent drop from 2015 to 2016.

For the report, IBM took responses from more than 8,000 monitored security clients in 100 countries, along with data from non-customer assets (i.e. spam sensors and honeynets).

IBM Security Vice President of Threat Intelligence Caleb Barlow explained that 2016 was an innovative year for cyber criminals, as ransomware and other threats became greater threats.

"While the volume of records compromised last year reached historic highs, we see this shift to unstructured data as a seminal moment,” Barlow said in a statement. “The value of structured data to cybercriminals is beginning to wane as the supply outstrips the demand. Unstructured data is big-game hunting for hackers and we expect to see them monetize it this year in new ways."

The threat index did show though a 12 percent decrease year-over-year in attacks, and that the number of incidents overall dropped 48 percent in 2016.

Furthermore, the average security client organization had more than 54 million security events in 2016, which is 3 percent more events than 2015.

For ransomware attacks, IBM cited data from an earlier report that found that 70 percent of businesses impacted by ransomware paid over $10,000 to regain access to business data and systems.

The FBI estimated that cybercriminals were paid $209 million from ransomware in the first three months of 2016.

Ransomware attacks in 2016 also had a 400 percent increase in spam year over year, with nearly 44 percent of spam having malicious attachments, according to IBM.

Even though the IBM Threat Intelligence Index showed that cyber criminals were not as greatly focused on the healthcare industry, ransomware attacks are increasingly a key data security issue for the sector.

Toward the end of 2016, IDC Futurescape predicted that healthcare ransomware attacks would in fact double by 2018.

The IDC FutureScape: Worldwide Healthcare IT 2017 Predictions stated that the next three years will be focused on the adoption of disruptive technologies that will enable healthcare digital transformation. An increase in internet of things (IoT) technology will also lead to the convergence of mobile, social, and sensors, IDC maintained. This will help fuel the increase in healthcare ransomware attacks.

“Retail and financial services have battened down their hatches,” IDC Health Insights Research President Lynne Dunbrack told HealthITSecurity.com in a 2016 interview. “Now the cyber criminals might still be nipping at those heels, but they are looking at other targets, healthcare being one of them.”

Overall, cybersecurity attacks have become a larger threat to the healthcare industry. Redspin found in a 2017 report that 81 percent of the breached healthcare records in 2016 came from hacking attacks. Furthermore, there was an overall increase in healthcare cybersecurity attacks coming from hackers of 320 percent.

There were also a total of 325 large-scale PHI data breaches, compromising 16,612,985 individual patient records.

CynergisTek Vice President Dan Berger said in a statement that attacks against healthcare organizations are becoming increasingly sophisticated and more damaging to entities.  

“The dramatic increase in hacking attacks in 2016, coupled with the large number of patient records compromised in those incidents, points to a pressing need for providers to take a much more proactive and comprehensive approach to protecting their information assets in 2017 and beyond,” Berger stated.

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks