- Health data breaches continued to account for the most amount of data breaches for the first half of 2015, according to Gemalto’s Breach Level Index.
Specifically, health data breaches accounted for 21.1 percent of the total number of incidents, and a total of 187 breaches. The financial services industry had the next highest number of breaches with 143, accounting for 16.1 percent of the total. Government was the third highest sector, accounting for 15.8 percent of breaches with 140 incidents total.
"What we're continuing to see is a large ROI for hackers with sophisticated attacks that expose massive amounts of data records,” Gemalto VP and Chief Technology Officer Jason Hart said in a statement. “Cyber criminals are still getting away with big and very valuable data sets. For instance, the average healthcare data breach in the first half of 2015 netted more than 450,000 data records, which is an increase of 200 percent compared to the same time last year."
Healthcare also led the way in number of records breached by industry with 84.4 million records or 34 percent of the total. The second highest industry was government, accounting for 31.4 percent of the total with 77.2 million records lost.
“This represents a dramatic shift from the past few years when both healthcare and government had relatively small numbers of records involved in data breaches,” the report stated. “For example, in the second half of 2014, healthcare accounted for only 5.2 percent of stolen records and government accounted for only 2.8 percent.”
While healthcare has typically led in the number of breach incidents by industry over time, it did see a decrease in incidents between H1 2014 and H1 2015, dropping from 236 incidents to 186. The financial services industry on the other hand has continued to increase over time, rising from 85 incidents in H1 2014 to 125 incidents in H2 2014 and reaching 143 incidents in the most recent report.
“Security is consuming a larger share of total IT spending, but security effectiveness against the data-breach epidemic is not improving at all,” the report explained. “Enterprises are not investing in security based on reality as it is; they’re investing in security based on reality as it was: a bygone era where hackers were glory-seeking vandals, sensitive data was centralized, and the edge of the enterprise was a desktop PC in a known location.”
The report also showed that identity theft was the leading type of data breach for the first half of 2015, accounting for 53.2 percent of attacks and 74.9 percent of compromised data records. Moreover, five of the top 10 breaches in that time period were identity theft breaches. Financial access to data was the second most common type of data breach for the first half of 2015, with 197 breaches and approximately 22 percent of the total number of incidents.
It is important for companies to control the access and authentication of users, according to the report’s authors. Encrypting all sensitive data - both at-rest and in-motion - is also essential, as well as securely storing and managing all encryption keys.
“By implementing each of these three steps into your IT infrastructure, companies can effectively prepare for a breach and avoid falling victim to one,” according to the report.
Editorial note: Photo credits to Gemalto