Healthcare Information Security

Cybersecurity News

Why Healthcare is a ‘Sitting Duck’ in Data Protection Measures

A recent Intel Security report found that the gap between data loss and breach discovery is getting larger, with healthcare organizations particularly vulnerable in data protection.

By Elizabeth Snell

Healthcare organizations and manufacturers are very vulnerable when it comes to their data protection measures, according to the Intel Security 2016 Data Protection Benchmark Study.  

Healthcare data protection lacking, recent survey shows

While the gap between data loss and breach discovery is increasing, healthcare organizations are “sitting ducks,” the report’s authors explained. Furthermore, the typical data loss prevention approach is increasingly ineffective against new theft targets.

For the survey, Intel Security interviewed respondents in security roles within small, medium, and large companies, across five verticals. These included financial services, healthcare, retail, government, and manufacturing. McAfee Labs, which is part of Intel Security, published a report on the findings.

“Not only is data getting outside of company control, it has probably been used or sold before the theft is noticed,” stated McAfee Labs Threats Report. “Discovering and preventing breaches internally requires a better understanding of who is behind these thefts, what they are most likely to steal, how they are getting the data out, and the most effective steps to take to improve data loss prevention systems and processes.”

Healthcare is likely a top target because it holds desireable information - PHI and intellectual property. At the same time, healthcare typically has weaker systems that can be easier for hackers to access.

READ MORE: Healthcare Ransomware Threat Leads to Data Security Incident

“Industries that hold significant amounts of payment card information have the most mature data loss prevention systems and practices,” McAfee reported. “As a result, industries that tend to have less mature systems, such as healthcare and manufacturing, are at significant risk.”  

Overall, larger companies reported the most daily security incidents. Organizations with more than 5,000 employees average 31 to 50 incidents per day, while firms with 1,000 to 3,000 employees average 11 to 20 per day.

Intel graph of data loss incidents per day

In healthcare specifically, the larger organizations also tend to experience more data loss incidents per day, averaging just over 20. This was slightly larger than the average number of incidents per day for all healthcare companies, which was just under 20 data loss incidents per day. However, the financial and retail sectors experienced the highest average amount of daily incidents.  

“Not only is data getting outside of company control, it has probably been used or sold before the theft is noticed,” the report’s authors explained. “Discovering and preventing breaches internally requires a better understanding of who is behind these thefts, what they are most likely to steal, how they are getting the data out, and the most effective steps to take to improve data loss prevention systems and processes.”

The study also found that the most common activities causing increases in security incidents were new project deployment, internal reorganization, new product launches, and corporate strategic planning activities.

Intel graph of activities causing security incidents

READ MORE: Hackers Access EHR Data in Potential Healthcare Data Breach

“In an interesting correlation, large organizations and those that report the highest numbers of incidents per day also report the biggest percentage increases in recorded incidents after most of these activities,” the report stated. “This could be due to insufficient planning, security training, or configuration updates prior to the event, as the newly available data enjoys a big spike in activity and a corresponding spike in outflows before it gets locked down.”  

Healthcare ransomware attacks are also increasing in frequency, which is also showing a shift in how these types of cyber attacks take place.

“Instead of using complex data-exfiltration techniques to steal information and then sell it in dark markets, attackers employ toolkits to deliver ransomware and force their victims to pay immediately,” the report’s authors argued. “The attackers benefit because they do not need to steal any data.”

Citing data from Ponemon’s Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, Intel reported that criminal attacks were the most common cause behind a healthcare data breach. A “third-party snafu” was the second most common reason for a breach, with a stolen computing device as the third.

According to the Intel Security data, a related group of Q1 targeted attacks on hospitals generated about $100,000 in ransom payments.

READ MORE: Can SSL Decryption Prevent Healthcare Data Breaches?

“The most important step to protect systems from ransomware is to be aware of the problem and the ways in which it spreads,” the report’s authors concluded.

This includes, but is not limited to having a plan of action in the event of an attack, keeping system patches up to date, protecting endpoints, and blocking unwanted or unneeded programs and traffic.

Image Credit: Intel Security

Dig Deeper:

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks