News Feature | March 12, 2015

Healthcare Accounted For Almost Half Of 2014 Client Breaches

Christine Kern

By Christine Kern, contributing writer

Retail Breaches

A Kroll study reveals an increase in malicious intent breaches among its ‘client events’ for 2014.

A Kroll study has found the healthcare industry accounted for 49 percent of the company’s “client events” during 2014, followed by business services (retail, insurance, and financial services) at 26 percent, and higher education at 11 percent. The study further found malicious intent breach events increased while those caused by human error declined.

Kroll notes that, for the second year in a row, these three industries accounted for more than two-thirds of all of their client events. They also warn that the “mega-breach” looms large, threatening nearly every organization regardless of industry. In addition, the report – Special Report: Business Services, Higher Education, and Healthcare Industries Were Top Cyber Targets In 2014 – provides lessons they can learn to help prevent breaches from occurring.

Approximately 45 percent of data breaches to which Kroll responded were caused by humans or organizations with malicious intent, representing a 10 percent increase over 2013. However, despite the increase, Kroll found only 18 percent of these breaches were directly attributable to hacking, although healthcare saw 30 percent of the hacks while retail experienced only 18 percent. In the non-malicious cases that made up the remaining 55 percent of breaches, exposure was largely due to lost laptops, negligence, accidents, and improper disposal.

“As a global leader in cyber investigations and incident response, Kroll aided a record number of clients with data breaches of all different severities, shapes, and constructs throughout 2014,” according to the company. And although recent retail breaches have dominated the headlines, Kroll feels healthcare and higher education are actually bigger targets for malicious activity.

“Both higher education and healthcare have massive amounts of information in their systems: grades, Social Security numbers, insurance information, medical diagnoses, and bank account information,” finds the report. “These organizations are treasure troves of diverse and valuable information for someone looking to sell data on the black market.”

As Health IT Outcomes notes, health data is emerging as a prime target for cybercriminals due to the value of the protected information available through health records, and it's not hard to figure out why: experts say hackers can profit more from medical data than credit card information – just another indication that protecting health data is more important than ever.

While most affected organizations offer credit monitoring services in the wake of a breach, Kroll argues that such services are not enough to protect victims, since more than 85 percent of identity theft is undetectable through credit monitoring or credit reports. “Our analysis has indicated that consumer awareness of these issues is becoming more sophisticated and nuanced – it is not enough for breached organizations to provide consumers with a token offering; specific risk factors must be weighed and addressed so that those affected will have the means to detect and properly remediate fraudulent activity.”