Verizon recently issued its Protected Health Information (PHI) Data Breach Report, which is always an interesting read. Not surprisingly, Verizon’s report concludes that based upon analysis of 1,360 security incidents involving the health care sector, 58 percent of the incidents were caused by insiders and 42 percent were caused by external threats.
Insider threats can include wrongdoers—those who are stealing patient records to sell them on the dark web, use patient data to open credit cards or commit tax fraud. Insider threats can also include employees who commit unintentional errors. The Verizon report shows that unintentional errors caused 458 of the breaches that were included in the analysis. The biggest error found was that information is incorrectly transmitted or mailed to the wrong person, or failing to dispose of sensitive information in a secure way.
Further, the report confirms what we already know—that ransomware attacks continue to plague the health care industry.
Not surprisingly, the Report states “Basic security measures are still not being implemented. Lost and stolen laptops with unencrypted PHI continue to be the cause of breach notifications.”
Finally, the publishing of protected health information on public websites and the delivery of sensitive data via email to the wrong recipient continue to be a problem.