News Feature | April 25, 2016

Healthcare In Top Spot For Number Of Data Breaches

Christine Kern

By Christine Kern, contributing writer

Retail Breaches

Malware and unauthorized access remain key dangers for the security of healthcare data.

Healthcare saw the highest volume of data breaches in 2015but, while malicious actors still hold an advantage, progress is being made according to IBM X-Force’s 2016 Cyber Security Intelligence Index. The annual report reviews events of 2015 based on IBM Security Services’ operational and investigative data of billions of security events across more than 1,000 companies in 100 countries to provide an interesting snapshot into the security “arms race” between adversaries and defenders. 

The fact healthcare was thrust into the top spot for 2015 should be no surprise, given IBM dubbed 2015 “The Year of the Healthcare Breach.”The 2016 IBM X-Force Cyber Security Intelligence Index offers a high-level overview of the major threats to IBM client worldwide over the previous year,offering a detailed look at the volume of attacks, the industries most affected, the most prevalent types of attacks and attackers, and the key factors enabling them. Among the highlights of the report:

  • Retail Drops Out Of Top 5; Industry Targets Shift
    Healthcare moved into first place as the most-attacked industry in 2015, followed by manufacturing, financial services, government, and transportation. Five of the eight largest healthcare security breaches since 2010 occurred during the first six months of 2015, and over 100 million healthcare records were compromised in 2015.
  • Extortion On The Rise
    The number of breaches in the financial services industry that involved extortion tactics or theft of currency rose by 80 percentin 2015, but ransomware is not limited to attacks on financial institutions as the recent attacks on Hollywood Presbyterian Hospital and others demonstrate.
  • Analytics Significantly Decreased False Positives
    Better tools, tuning, and analytics are improving signal-to-noise ratio and sharpening focus. The mass of security events an average organization has to deal with dropped 35 percent from 81 million to 53 million annually. At the same time, our average client company experienced 1,157 attacks in 2015, down 90 percent from 12,017 the year before.
  • Security Incidents Increased 64 Percent
    There were 178 security incidents (the most serious of the three, requiring deeper investigation) in 2015, up 66 percent from 109 in 2014.
  • Insiders Are Still A Big Problem
    Sixty percent (up from 55 percent) of attacks were initiated by insiders, of those 33 percentwere carried out by inadvertent actors (down from 50 percent in 2014) A sign of change in employee education and security policies.

“It has become painfully clear to the market that businesses, governments, and critical infrastructure are under-spending on cyber defense,”noted BVP Partner David Cowan, who heads up the firm’s cyber practice and authored Security for Startups. “With IT security budgets approaching 10 percent annual growth rates, the market is projected to double over the coming five years, reaching nearly $200 billion in sales.”

The recent BVP Cyber Index found thatthere are intense periods of out-performance in the weeks following news reports of major breaches. “Every one of these attacks is a wakeup call that existing defenses simply cannot withstand nation-state capabilities,” observed Nathaniel Fick, CEO of Endgame. “Industry and government need to expand their focus from common malware intrusions to the much more devastating targeted attacks by sophisticated, patient, human adversaries.”