Related Stories

  • RSA 2013: Malicious data breaches result in significantly higher costs
    New research from the Ponemon Institute confirms what many already suspected: malicious data breaches are far more costly than unintentional ones, to the tune of a 78% cost mark-up.
  • Educause hit with server-side data breach
    Educause, a non-profit community for IT professionals focused on the higher education vertical, is warning that a data breach has affected its 1,800 college and 300 corporate members.
  • Healthcare data breaches wane in 2012
    Healthcare breaches were among the most high-profile of data leakage incidents last year, but a new study in the US found that the damage is actually lessening year-over-year.
  • Retail sector leads the pack for worldwide data breaches
    Shopkeepers, beware: The retail industry is now the top target for cybercriminals, accounting for 45% of security firm Trustwave’s data breach investigations last year (a 15% increase from 2011). Overall in 2012, nearly every industry, country and type of data was involved in a breach of some kind, with cybersecurity threats increasing as quickly as businesses can implement measures against them.
  • Data breach incidents more than double, but record exposure declines
    The number of global data breaches reached 2,644 last year, more than doubling the number of incidents in 2011. Despite the rise in frequency, they accounted for the exposure of 267 million records – a significant improvement over the 412 million records exposed in 2011.

Top 5 Stories


Healthcare data breach information is the 'new oil'

25 March 2013

A full 94% of healthcare organizations were breached in the last two years, a trend recently highlighted by For its part, Varonis Systems says this highlights the fact that data has become the “new oil,” offering tremendous economic value.

David Gibson, vice president at the data governance specialist, says that healthcare data – particularly in the US – has become highly prized, “though not for the reasons you might think.”

“Data attacks are increasingly being carried out to gain access to information, which can then be used – and re-used again and again – sometimes even for marketing purposes,” he noted in an emailed comment. “The irony of this situation is that, although the initial breach is carried out by people operating on the wrong side of the law, once the data is passed along – usually generating money in the process – the recipients are usually unaware of its origins,” he said.

“Obviously, if someone presents you with an intimate database on several tens of thousands of people, you would be suspicious as to its origin, but if the data is only partially revealed, then it will be classed as normal – and permission-based – marketing information,” he added.

The owner of the healthcare data – and, of course, the patient themselves – would strongly think otherwise, Gibson went on to say, but the reality is that information can be partially and wholly replicated many times over, without the original owner being any the wiser.

In Varonis’ research released earlier this month, researchers found that found that half of companies have lost a device with important company data on it, causing security implications for more than a fifth of organizations.

Further, 57% of employees believe that the bring-your-own device (BYOD) trend puts their personal data at risk, even though almost three quarters of employees are now allowed to access company data from their personal devices.

This growing trend to work remotely is likely to have an impact on breaches and data leakages as mobile devices continue to have major security implications. Half of respondents stated that someone within their company has lost a device with important company data on it – and over a fifth admitted that a lost device had created a security implication for their company. The study also found that implementing a BYOD policy seems to have a small, though arguably statistically insignificant, positive effect on security as illustrated by a 5% drop in incidents at companies that have a BYOD policy.

By far the most popular method to secure mobile devices is password protection (57%), followed by 35% who wipe devices remotely, and 24% who use encryption.

“Our research revealed that 86% of respondents use their devices for work all day and night,” Gibson said. “And with 44% working their way through meal breaks with their handsets, it’s hardly any surprise that our colleagues at have revealed the high incidence of data breaches in the healthcare sector.”

He added that what healthcare organizations – and all companies – really need is to have a 360-degree view of all of their data.

“By making sure that only the right users have access to the right information from the right devices, use is monitored, and abuse is flagged they can quickly spot when anything untoward starts happening, and lock down their information accordingly,” Gibson said.


Editor's Note
Data in this article referenced by comes from the Ponemon Institute's Third Annual Patient Privacy & Data Security Study, sponsored by ID Experts.


This article is featured in:
Data Loss  •  Identity and Access Management  •  Industry News  •  Wireless and Mobile Security



ID Experts says:

26 March 2013 is not the original source of the survey data. These numbers come from the Third Annual Patient Privacy & Data Security Study conducted by the Ponemon Institute and sponsored by ID Experts. Not sure how got to be credited with the information but it looks like they might be passing it off as their own. It would be nice if you made the correction. For the full report you can visit the Ponemon website:

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×