- Healthcare continues to lag behind other regulated industries with security measures, according to recent research, with healthcare data security incidents ranking second for the services industry in 2016.
Symantec’s 2017 Internet Security Threat Report (ISTR) found that reported breach incidents increased by 22 percent last year, rising to 328 from 269 in 2015.
Healthcare is second to Business Services in the Services industry group, according to the ISTR Healthcare report. Healthcare also contributes to the high number of incidents that occurred in that sector in 2016.
The Healthcare report also noted that the number of total breached records decreased significantly from 113.3 million (2015) to 16.7 million (2016). However, researchers noted that the six large breaches from 2015 accounted for 109.3 million breached records. The largest data breach itself accounted for 78.8 million records.
In comparison, the largest data breach in 2016 accounted for 9.3 million records.
“Even though there seems to be a downward trend in the number of breached records, this is mainly driven by a few events and statistical outliers,” the report authors explained. “The overall number of breach events as well as the median number for records breached in a given year has trended up.”
Healthcare saw a large threat factor from email in 2016, Symantec found. Just over half of emails – 54 percent – contained spam. This was fairly in line with the larger Services sector, which had 53 percent of emails containing spam.
The healthcare phishing attempt ratio was slightly lower than the Services sector, the report stated. Healthcare had one in 4,375 emails being a phishing attempt, while Services had a phishing email ratio of one in 3,091.
Researchers pointed out though that these slightly lower ratios did not mean that healthcare had a “better year.”
“In fact, healthcare organizations were also victims of the increase in email-borne ransomware,” the report authors explained. “Once the underground criminals understood that there was easy money to be made in healthcare, the industry experienced a dramatic increase of attacks over the previous year, leading to loss of data, shutdown of services, or payment of ransom to restore services.”
Overall, ransomware is becoming an increasingly critical issue for numerous industries. Symantec’s ISTR found that the average ransom spiked 266 percent in 2016, with criminals demanding an average of $1,077 per victim. This is an increase from the $294 demanded per victim in 2015.
There were a total of 463,841 ransomware threat detections in 2016, an increase from the 340,665 such detections in 2015.
The number of ransomware families nearly tripled in that same time frame, increasing from 30 reported to 101.
For general email attacks, Symantec also found that email is an increasingly popular infection point.
Specifically, 131 emails contained a malicious link or attachment, which is the highest rate in five years. Business Email Compromise (BEC) scams also scammed more than three billion dollars from businesses over the last three years.
Cloud security may also be a key issue that organizations should pay attention to, as they are using cloud applications more frequently, the report found.
CIOs also tend to lose track of how many cloud apps their organization is actually utilizing, the report found. Executives reported that their entity uses up to 40 cloud apps, while the real numbers were near 1,000.
From July to December 2016 the average number of cloud apps used per organization was 928, an increase from the 841 average between January and June 2016.
That disparity could be dangerous, researchers noted. This may create a lack of policies and procedures for how employees access cloud services.
“New sophistication and innovation are the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus,” Symantec Security Response Director Kevin Haley said in a statement. “The world saw specific nation states double down on political manipulation and straight sabotage. Meanwhile, cyber criminals caused unprecedented levels of disruption by focusing their exploits on relatively simple IT tools and cloud services.”