Slideshow 4 Lessons on Healthcare Breaches Learned in 2014

  • February 26 2015, 9:14pm EST
6 Images Total

4 Lessons on Healthcare Breaches Learned in 2014

Risk management firm Kroll has a new report out on top cyber targets in 2014: business services, higher education and healthcare. “As a global leader in cyber investigations and incident response, Kroll aided a record number of clients with data breaches of all different severities, shapes and constructs throughout 2014,” according to the company. Here is what they learned. (Photo: Fotolia)

Red Flags

The healthcare industry accounted for 49% of Kroll’s “client events” in 2014, with business services (retail, insurance & financial services) at 26% and higher education at 11%. Kroll saw an increase in malicious intent breach events and a decrease in breaches caused by human error. It also saw concerted efforts in higher education to improve security.

Content Continues Below

Causing Harm

About 45% of data breaches that Kroll responded to in 2014 were caused by an individual or organization attempting to cause harm, a 10% increase from 2013. Despite the increase, only 18% of these breaches were attributed specifically to hacking. Healthcare, however, counted for 30 percent of the hacks, compared with 18% for retail. Non-malicious cases in the remaining 55% of breaches were caused by lost laptops, negligence, accidents and improper disposal, among other reasons. (Photo: Fotolia)

In the news

Retail breaches in recent years have caught the headlines, but Kroll sees healthcare and higher education as bigger targets for malicious activity. “Both higher education and healthcare have massive amounts of information in their systems: grades, Social Security numbers, insurance information, medical diagnoses and bank account information,” according to the report. “These organizations are treasure troves of diverse and valuable information for someone looking to sell data on the black market.” (Photo: Fotolia)

Offering Protection

Credit monitoring services often offered following a breach do not provide sufficient protection to affected consumers, as more than 85% of identity theft is undetectable through credit monitoring or credit reports, according to Kroll. “Our analysis has indicated that consumer awareness of these issues is becoming more sophisticated and nuanced--it is not enough for breached organizations to provide consumers with a token offering; specific risk factors must be weighed and addressed so that those affected will have the means to detect and properly remediate fraudulent activity.” (Photo: Fotolia)

Content Continues Below

The full report from Kroll is available here. (Photo: Fotolia)