A surprising 90 per cent of all industries experience breaches leading to stolen medical records, proving patient data theft is an issue that stems beyond the health sector, a new report said.
The Verizon Enterprise Solutions’ inaugural Protect Health Information (PHI) Data Breach Report found more than 392 million medical records were disclosed during 1,931 data breaches over the past 20 years across many market sectors and businesses worldwide. The oldest report is from 1994 but most incidents occurred between 2004 and 2014, the company said.
Industries that suffered such breaches included agriculture, manufacturing, retail, finance, education and public services, the report found.
Attackers were largely financially motivated, accessing credit card or social security details. Gaining access to detailed health records make it easier for criminals to engage in both identity theft and medical billing fraud, the report said.
Common sources of protected health information include employee records (including workers’ compensation claims) or information for wellness programs.
Primary attacks were due to theft of portable devices like tablets, laptops or thumb drivers, followed by human error such as sending medical reports to the wrong person or lost devices. These two actions, combined with the misuse of sensitive medical data by employees, made up 86 per cent of all health information breaches.
Many breaches went undiscovered for years following attack and these were three times more likely to be caused by an insider abusing their LAN access privileges, and twice as likely to be targeting a particular sever or database, the report said.
According to Suzanne Widup, senior Verizon analyst and lead author for the report, most organisations outside of the healthcare sector do not realise they even hold this type of data, which is highly coveted by today’s cybercriminals.
“Many organisations are not doing enough to protect this highly sensitive and confidential data," said Widup.
"This can lead to significant consequences impacting an individual and their family and increasing healthcare costs for governments, organisations and individuals.”
Sign up for Computerworld eNewsletters.