The healthcare industry accounted for 21.1 percent of data breaches in the first half of 2015—the highest percentage of any industry, and remains the most vulnerable sector to cyber attacks.

Those are among the findings of the latest Breach Level Index from digital security vendor Gemalto.

Of 888 data breaches tracked worldwide in the first six months of this year, healthcare accounted for 187 breaches, which was actually down from recent half-year periods. Nonetheless, healthcare had the dubious honor of taking the top spot in terms of number of records breached by industry with 84.4 million records, or 34 percent of the total. This represents a dramatic shift from the past few years when healthcare had relatively small numbers of records involved in data breaches.

The largest breach in the first half of 2015—which scored a 10 in terms of severity on the Breach Level Index—was an identity theft attack on Anthem Insurance that exposed 78.8 million records, representing almost a third of the total data records compromised. According to Anthem, the data breach extended into multiple brands that the health insurer uses to market its healthcare plans including: Amerigroup, Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Caremore, Empire Blue Cross and Blue Shield, and UniCare.

The dire report from Gemalto about health data breaches in the first half of the year comes as Excellus BlueCross BlueShield in New York announced last week that it was the victim of a cyber attack affecting up to 10 million individuals. The Blues plan learned of the attack on August 5 and publicly disclosed the breach last week.

Also See: Excellus Cyber Attack Rings a Familiar Tune

​“What we’re continuing to see is a large return on investment for hackers with sophisticated attacks that expose massive amounts data records,” says Jason Hart, vice president and chief technology officer for data protection at Gemalto. “Cyber criminals are still getting away with big and very valuable data sets. For instance, the average healthcare data breach in the first half of 2015 netted more than 450,000 data records, which is an increase of 200 percent compared to the same time last year.”

Gemalto recommends three steps that organizations should take to mitigate the overall cost and adverse consequences that result from a data breach: control access and authentication of users; encrypt all sensitive data at rest and in motion; and securely store and manage all encryption keys.

“By implementing each of these three steps into your IT infrastructure, companies can effectively prepare for a breach and avoid falling victim to one,” concludes the security vendor.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access