No person is perfect, and human error is cause for concern when it comes to security across most sectors--the healthcare industry being no exception, a Verizon Enterprise Solutions report finds.
In healthcare, insider and privilege misuse, employee error and physical theft or loss have been top factors leading to security incidents. The report spans all industries, examining breaches and security incidents experienced in the past 11 years. The data includes more than 100,000 incidents, with 3,141 of them confirmed data breaches.
Phishing saw the largest jump in attacks from the year before, the report found. The researchers found that about 30 percent of phishing emails were opened, an increase from the 23 percent reported in 2015. Most of the time the attack was implemented to steal employee credentials, according to the report.
"You might say our findings boil down to one common theme--the human element," Bryan Sartin, executive director of global security services at Verizon Enterprise Solutions, says in an announcement. "Despite advances in information security research and cyberdetection solutions and tools, we continue to see many of the same errors we've known about for more than a decade now."
Ransomware also is on the rise--as the healthcare industry knows all too well--with such attacks increasing by 16 percent from 2015, the report's authors add.
Other findings include:
- The top 10 known vulnerabilities were responsible for 85 percent of successful attacks
- Most attacks were motivated by money or espionage intent
- 63 percent of attacks involved weak, default or stolen passwords
- In almost all cases, attackers needed only minutes to compromise systems
The researchers say that even the most basic of security protocols can help keep organizations safe, including two-factor authentication, prompt patching of systems, constant monitoring for malicious activity, employee education and encryption.