Verizon Report Says Internal Actors 'Figure Prominently' in Health Care Breaches

The vast majority of health care industry breaches were financially motivated in 2021 as ransomware attacks across all industries grew faster than ever before, according to Verizon’s Data Breach Investigation Report. Meanwhile, insider threats represent a critical issue for health care entities—more than in other industries, the report said.[1]

It likely will come as no surprise that ransomware continued its upward trend throughout 2021, with a 13% rise that was as big as the last five years combined. Ransomware was responsible for 25% of all breaches across all industries in 2021, the breach report noted.

Still, within health care, insider threats—whether malicious or benign—occur more frequently than they do in other industries, the report said. “Healthcare is the industry where the internal actor has figured prominently in breaches since we first began collecting and reporting data [in 2008],” according to the report. The makeup of insider breaches has moved “from being largely malicious” misuse incidents to more “benign” miscellaneous errors, but “we have always been able to rely on this industry to tell the insider threat story,” the report said.

Specific to the health care industry, the report analyzed 849 breach incidents that occurred in 2021, 571 of which had confirmed data disclosure. Web application attacks, miscellaneous errors and system intrusion represented 76% of total breaches, and the threat actors fell into two categories: external (responsible for 61% of breaches) and internal (responsible for 39% of breaches).

“Make no mistake…your employees are still causing breaches, but they are more than 2.5 times more likely to make an error than to maliciously misuse their access,” the report’s authors explained. “Misdelivery and Loss are the most common errors (and they are so close, we’d need a photo finish to determine a winner).”

This document is only available to subscribers. Please log in or purchase access.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field