Verizon PHI Breach Report Substantiates Healthcare Has Main Problem with Insider Breaches


Verizon has announced its annual PHI Breach Report which examines deep into the main reasons of breaches, why they happen, the motives of internal and external threat actors, and the main dangers to the integrity, confidentiality, and availability of PHI.

For the report, Verizon examined 1,368 healthcare data breaches and occurrences where PHI was disclosed but not necessarily undermined. The data came from 27 states, even though three-quarters of the breached units were located in the United States where there are stricter necessities for reporting PHI occurrences.

Contrary to all other industry sectors, the healthcare industry is exceptional as the largest security danger comes from within. Insiders were accountable for nearly 58% of all breaches with external actors verified as accountable for only 42% of occurrences.

The key cause of insider breaches is a financial advantage. PHI is stolen to carry out identity theft, credit card scam, insurance scam, and tax scam. Verizon concluded that 48% of all internal occurrences were carried out for financial benefit. 31% involved retrieving medical data out of curiosity or for fun, 10% of occurrences were attributed to easy access to data, with 3% of occurrences occurring because of a grudge and a further 3% for spying. External attacks are mainly carried out for financial benefit – blackmail and the theft and sale of data.

Verizon also examined at the actions that result in PHI occurrences and data breaches, with the most general problem being mistakes. Mistakes were behind 33.5% of occurrences within this category, which included the misdelivery of electronic mails and mailings, mistakes made arranging of PHI, publishing mistakes, loss of PHI, misconfigurations, programming errors and data entry mistakes. The main occurrence reason was misdelivery of documents, which consisted of 20% of all occurrences in the mistake category.

The second largest breach category is abuse, accounting for 29.5% of all occurrences. 66% of occurrences in this category were attributed to privilege misuse – retrieving records without permission. Data mismanagement was behind 21.6% of occurrences and possession misuse – the abuse of access to physical files – was behind 16.9% of occurrences in the abuse category.

The physical category includes theft of devices and records, prying, disabled controls, tampering, and surveillance. 16.3% of all healthcare PHI occurrences were placed in this category, with theft accounting for 95.2% of all occurrences. The theft of laptops was the main occurrence type. Nearly half (47%) of laptop theft occurrences involved the appliances being taken from workers’ automobiles. The use of encryption would avoid the majority of these occurrences from exposing PHI.

Hacking might make the headings, but it accounted for comparatively few breaches – only 14.8% of all healthcare PHI occurrences were placed in this category. The main reason of breaches in the hacking category was the use of stolen identifications (49.3% of incidents), with identifications often stolen through phishing attacks. Brute force attacks taking advantage of vulnerable passwords were behind 20.9% of occurrences. 17.9% of hacking breaches involved the use of entrances.

The malware was involved in 10.8% of all PHI occurrences. While there were a wide variety of malware variants and types used in attacks, by far the largest category was ransomware, which accounted for 70.5% of attacks.

Social attacks accounted for 8% of all occurrences. This category involves attacks on workers. Phishing was involved in 69.9% of occurrences in this category, followed by pretexting (11.7%), and bribery (7.8%). Pretexting is the next phase of phishing when access to electronic mail accounts is used to send further electronic mails – BEC attacks for instance.

Verizon offers three proposals which in the short term will assist to decrease the number of PHI related occurrences and data breaches.

Full disk encryption must be installed on all moveable electronic appliances used to save PHI. This simple measure would avert PHI from being accessed in the case of loss or theft of an electronic appliance.

The usual checking of medical record access – a condition of HIPAA – will not stop breaches, however, it will decrease the harshness of insider occurrences and let healthcare companies take remedial action swiftly. When workers are conscious that files are regularly checked it can also act as a prevention and decrease theft and illegal access occurrences.

The final course of action is to apply solutions to fight malware and ransomware. Although fortifications can and should involve the use of web filters and spam filters, simple steps can also be taken such as not letting laptops to access the Internet if they are used to save large quantities of PHI.