News Feature | December 23, 2015

Healthcare Breaches Surpass All Other Industries

Christine Kern

By Christine Kern, contributing writer

Internal Threats Concern To Healthcare Providers

The Anthem Hack was the largest breach in 2015, exposing 78.8 million records.

Healthcare — along with government — has overtaken retail as the major sector under attack from hackers, and the biggest breach in the first half of 2015 was the identify theft attack on Anthem Insurance that exposed 78.8 million records, according to a Gemalto report.

The latest findings of the Breach Level Index reveal 888 data breaches across all industries occurred in the first six months of 2015, compromising 245.9 million records worldwide. And, while the number of breached records fell by 40 percent from the first half of 2014 and 61 percent from the second half of 2014, the total number of data records compromised so far this year is unknown for nearly half of the reported breaches.

“What we’re continuing to see is a large ROI for hackers with sophisticated attacks that expose massive amounts data records. Cyber criminals are still getting away with big and very valuable data sets. For instance, the average healthcare data breach in the first half of 2015 netted more than 450,000 data records, which is an increase of 200 percent compared to the same time last year,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto.

The healthcare sector experienced 187 of the 888 breaches reported by Gemalto, comprising 21 percent of the total number of breaches across all sectors. Healthcare also lost the most records at 88.4 million, 34 percent of the total. Despite the high number of breaches, the report showed incidents the first half of 2015 was actually down from the first half of 2014, which had 236 data breaches.

“It’s apparent that a new approach to data security is needed if organizations are to stay ahead of the attackers and more effectively protect against data breaches in the future,” Gemalto researchers conclude. “In today’s environment, the core of any security strategy needs to shift from breach prevention to breach acceptance. And, when one approaches security from a breach-acceptance viewpoint, the world becomes a relatively simple place where securing data, not the perimeter, is the top priority.”

“There is nothing wrong with network perimeter security technologies as an added layer of protection,” the report adds. “The problem is that many enterprises today rely on them as the foundation of their information security strategies, and, unfortunately, there is really no fool-proof way to prevent a breach from occurring. Alarmingly, market trends show that the lion’s share of organizations have no plans to change this approach.”

Gemalto cites research firm IDC, which recently reported that, of the $32.6 billion enterprises spent on security technology in 2014, 62 percent, or $20.2 billion, was invested in network and perimeter security.