June 1, 2022
When cyber breaches occur in healthcare, there is a common source of the security failure. According to a recent study, employees are usually the reason the breach occurred, according to reporting by Rebecca Pifer in Healthcare Dive, which synthesized findings of Verizon’s Data Breach Investigations Report.
The report relies on data collected from organizations that were victims of cyber incidents from November 2020 through October 2021.
Employees were responsible for 39 percent of healthcare breaches last year. That’s compared to just 18 percent across all industries, Verizon found.
Other Articles to Explore
The makeup of the insider breach has shifted from generally malicious misuse incidents to miscellaneous errors, with employees being more than 2.5 times more likely to make an error than purposefully misuse their access. Data mis-delivery — like sending an e-mail to the wrong person — along with device or document loss are the most common employee errors in healthcare, according to the report.
“Despite not being a driving factor in a large volume of incidents, privilege abuse — incidents driven by unapproved or malicious use of legitimate privileges by employees — is three times more likely in healthcare breaches than in other industries, Verizon found,” Pifer writes. “Nearly 60 percent of the data compromised in healthcare breaches was personal data, while 46 percent was medical. Personal data was compromised more often than medical for the second year in a row, Verizon found.”