Majority of healthcare breaches come from inside the organizations: report

Within the healthcare industry, employees, whether nurses, doctors or administrative staff, are granted access to patients' data in order to do their jobs. But an alarming number of employees may be abusing this privileged access or committing errors that lead to data breaches.

Insider attacks were responsible for the majority of healthcare data breaches (59%) in 2018 versus external attacks (42%), according to a new data breach investigations report from Verizon. The healthcare industry is the only sector to show a greater number of insider attacks than external, according to Verizon's analysis more than 20 industries.

Across all industries, external threat actors are still the primary force behind attacks (69% of breaches) with insiders accounting for 34%.

Verizon analyzed more than 41,000 cybersecurity incidents and over 2,000 data breaches from 86 countries to take a look at cyber attacks from malware to insider threats to cyber espionage and identify trends.

According to Verizon's analysis, there were 466 cybersecurity incidents in healthcare last year, 304 incidents with confirmed data disclosure.

RELATED: Health systems get failing grade when it comes to NIST cybersecurity best practices: report

The top three patterns among cybersecurity incidents were miscellaneous errors, privilege misuse, and web applications represent 81% of incidents within healthcare. The majority of healthcare cyber attacks were financially motivated, according to the report, while some bad actors or hackers did it for fun (6% of incidents), for convenience (3%), because of a grudge (3%) or for espionage (2%).

Unsurprisingly, medical data is 18 times more likely to be compromised in this industry, and when an internal actor is involved, it is 14 times more likely to be a medical professional such as a doctor or nurse, according to the report.

Looking at who is carrying out cyber attacks and what assets they are going after, the two biggest threats in healthcare appear to be hackers using stolen credentials to servers and email and employees, or insider actors, abusing their privileged access to get access to databases, according to the report. Another significant threat is phishing emails sent to dupe users into clicking and entering their email credentials on a phony site. The freshly stolen login information is then used to access the user’s cloud-based mail account, and any patient data in the user's inbox or other folders is considered compromised.

"Effectively monitoring and flagging unusual and/or inappropriate access to data that is not necessary for valid business use or required for patient care is a matter of real concern for this vertical. Across all industries, internal actor breaches have been more difficult to detect, more often taking years to detect than do those breaches involving external actor," the report said.

RELATED: Data of 45,000 Rush patients exposed due to third-party breach

Misdelivery, sending data to the wrong recipient, is a significant problem that plagues the healthcare industry, according to the report. It is the most common error type that leads to data breaches. This could be due to errors in mailing paperwork to the patient’s home address or by the issuance of discharge papers or other medical records to the wrong recipient. 

    The report also highlighted key cybersecurity trends across all industries:

    1. C-level executives who have access to a company’s most sensitive information are now the major focus for social engineering attacks. Senior executives are 12x more likely to be the target of social incidents and 9x more likely to be the target of social breaches than in previous years—and financial motivation remains the key driver. Successful pretexting attack on senior executives can reap large dividends as a result of their, often unchallenged, approval authority, and privileged access into critical systems, the report said.

    2. There was a substantial shift towards the compromisation of cloud-based email accounts via the use of stolen credentials last year. In addition, publishing errors in the cloud are increasing year-over-year. Misconfiguration led to a number of massive, cloud-based file storage breaches, accounting for 21% of breaches caused by errors.

    3. Ransomware attacks are still going strong: They account for nearly 24 percent of incidents where malware was used. Ransomware has become so commonplace that it is less frequently mentioned in the specialized media unless there is a high-profile target.

    "Even though we see specific targets and attack locations change, ultimately the tactics used by the criminals remain the same. There is an urgent need for businesses—large and small—to put the security of their business and protection of customer data first. Often even basic security practices and common sense deter cybercrime,” Bryan Sartin, executive director of security professional services at Verizon, said in a statement.

    The report also offers three recommendations for healthcare security leaders to address the biggest threats seen in the healthcare industry:

    • Monitor access. Know where your major data stores are, limit necessary access, and track all access attempts. Start with monitoring the users who have a lot of access that might not be necessary to perform their jobs and make a goal of finding any unnecessary lookups
    • Encourage reporting. Work on improving phishing reporting to more quickly respond to early clickers and prevent late clickers. Think about reward-based motivation if you can.
    • Improve processes. Know which processes deliver, publish or dispose of personal or medical information and ensure they include checks so that one mistake doesn’t equate to one breach.