Nearly half the population of the United States has been affected by breaches of protected health information (PHI) over the past 10+ years, according to a new report from Verizon.
The firm analysed data from numerous sources to produce its Protected Health Information Data Breach Report, looking at ambulance services; hospitals, nursing and residential care; and social assistance across North America, Europe and Asia Pacific.
Most of the incidents occurred between 2004 and 2014, with over 392 million records disclosed in almost 2,000 incidents across 25 countries. However, the number could be much higher given that a quarter of companies involved didn’t provide a concrete number of how many records were stolen.
Although healthcare was naturally the top industry affected, it wasn’t the only one: 18 out of the 20 industries studied were hit by stolen medical information, yet many had no idea they held this type of data, Verizon said.
Insider abuse is a major threat: it accounted for 791 incidents compared to 903 external breaches.
However, it is often the financial or PII data that hackers are really after, rather than their medical records, the report found.
Theft of lost laptop, tablets, USB sticks and other portable devices was the number one cause of breaches, followed by human error. Next came employees abusing their access to the information. These three actions accounted for 86% of all breaches of PHI data.
Laurance Dine, managing principal for the Verizon Investigative Response Unit, said there’s no silver bullet for firms looking to reduce the chances of suffering a breach.
“Just as a doctor might counsel a patient that there is no ‘miracle pill’ and that they should just eat better, exercise more, and maintain a proper sleep schedule, the same is true for ensuring confidentiality, integrity and availability of these records,” he told Infosecurity.
“Assess processes, procedures and technologies that will affect the security of these records and prescribe a proactive treatment that will help the ‘cyber immune system’ better protect the data entrusted to them.”