Over the past year, the number of data breaches from either malware or hacking have risen substantially according to London-based Beazley, a provider of data breach response insurance.
“We saw a significant rise in incidents caused by hacking or malware in the past year,” said Katherine Keefe, global head of Beazley's breach response services unit. “This was especially noticeable in healthcare, where the percentage of data breaches caused by hacking or malware more than doubled.” Breaches in the financial services and higher education sectors also increased.
The unit responded to 60% more data breaches in 2015 compared with the previous year. The company says that 32% of all incidents in 2015 were caused by hacking or malware, compared with only 18% in 2014.
The number of breaches involving third-party vendors tripled from 6% in 2014 to 18% in 2015. The loss of non-electronic physical records remained the same at 16%.
The good news is that there was a slight drop in the number of incidents involving the unintended disclosure of records through errors such as misdirected e-mails, which went from 32% in 2014 to 24% in 2015. Beazley’s data breach statistics were based on 777 incidents in 2014 and 1,249 in 2015.
As hackers show an increased interest in healthcare records, Hollywood Presbyterian Hospital reported a ransomware attack last month that ultimately had the hospital paying a ransom of $17,000 in Bitcoin, which is nearly untraceable. Ransomware attacks literally hold an institution’s information hostage until the ransom is paid. Beazley projects ransomware attacks will increase 670% from 2014 to 2016.
“Healthcare is a big target for hackers because of the richness of medical records for identity theft and other crimes,” explained Paul Nikhinson, privacy breach response services manager for Beazley. “In fact, a medical record is worth over 16 times more than a credit card record.”
Hackers will use Trojans, ransomware and other programs to access information. (Photo: Thinkstock)
Healthcare is not the only sector being targeted by hackers.
Colleges and universities have reported increasing incidents of “spear phishing,” where hackers send personalized, seemingly legitimate e-mails that include harmful links or attachments. Because so many students and educators have access to campus IT systems and use social media, schools are particularly vulnerable to hackers.
Another target of hackers is the financial services industry, which saw a slight increase in 2015, up to 27% vs. 23% in 2014. Beazley’s data shows that Trojan programs were a frequent mode of access.
The weakest link for most businesses and institutions continues to be their employees. However, companies can take steps to protect their data including:
- Training employees on the importance of protecting personally identifiable information and protected health information and how to avoid phishing attacks that might be used to access that data.
- Creating an incident response plan and testing it to identify vulnerabilities in the system. Plans need to be developed and practiced ahead of time from the initial intrusion to who will be notified and how the forensic investigation will be conducted.
- Beazley recommends categorizing data risks by threat level, since over-reacting to a breach can be as harmful as under-reacting. Different breach events will require a tailored response to that threat.
- Taking a careful look at supplier contracts for any companies that handle or have access to your customers’ data. It should be protected by anyone with access and your company could still be liable if there is a data breach.
- Password protecting computers and mobile devices, and encrypting data on any devices including thumb-drives and laptops.
Don’t forget to give us a like on Facebook.
Want to know more about cybercrime? Then join us at America's Claims Event (ACE), June 22-24, where you'll find solutions to the challenges you and your team face daily. From technology to customer service to fraud and litigation, this two-day networking and educational conference is designed for claims professionals. Register to attend and save $350.