Unintended disclosure accounts for a big chunk of data breaches in 2017, and spear phishing is on the rise

Security Breach
Unintended disclosures account for 41% of data breaches in 2017, according to a cyber liability insurance firm.

The most common cause of data breaches in 2017 doesn’t involve malicious hackers but simple human error.

More than 40% of healthcare data breaches through the first three quarters of 2017 were the result of unintended disclosures, according to a report released by Beazley Group, which provides cyber liability insurance. The statistics included incidents reported by healthcare clients through the first nine months of 2017.

The second most common data breach cause was hacking or malware at 19%, while 15% involved an insider. Previous Beazley reports show that ransomware incidents are up in 2017 compared to previous years.

RELATED: Anthem reports data breach impacting 18,500 members

Beazley’s data shows that incidents related to unintended disclosure—like health data sent to the wrong patient or a cloud server left open to the public—have increased over the last three years after accounting for 30% of breaches in 2015. But unintended disclosure is far easier to prevent compared to hacking or malware.

Last week, for example, analysts discovered that more than 316,000 blood tests were exposed by a home monitoring company after a cloud repository was misconfigured to allow public access.

Those statistics diverge from an analysis of breaches reported to the Department of Health and Human Services that shows hacking incidents against healthcare entities have increased in recent months and insiders are mostly to blame for breaches in 2017.

RELATED: More than 316,000 patient blood tests exposed in breach linked to home monitoring company

Another notable trend is a ninefold increase in social-engineering attacks, also known as “spear phishing,” in which attackers target employees by impersonating a trusted party like a hospital executive.

Both of these issues, the Beazley report notes, can be resolved through better employee training. Beazley points out that there has also been a slow and steady increase in investigations and resolutions through the Office for Civil Rights, along with larger settlements.