By Ryan Ward, CISO, Avatier
Every year the Verizon Data Breach Investigations Report researches data breaches that occurred throughout the year along with trends and reasons behind those breaches. We all know that breaches are on the rise since the press is now reporting them and actually comprehending their impacts much more than in the past. The report cites nine incident classification patterns and just three of these nine patterns cover over 73% of all security incidents experienced by health care organizations. Data on health care is perhaps more reliable because reporting is mandatory. The three incidents include theft/loss; insider and privilege misuse; and miscellaneous errors (posting of private data to public sites, sending information to the wrong recipients (whether in the post or by email); and failing to dispose of assets securely (shredding paper or wiping hard drives). Nearly half of all the security incidents targeting health care were from thefts or losses of unprotected “information assets”.
What was particularly interesting to me was the fact that, despite all the money being spent on health care security measures from encryption, back up, physical lockdown, network endpoints to data leak prevention, and database security, the single largest vulnerability continues to be passwords. To be specific, 76% of all industry breaches over the past few years were based on weak or stolen password credentials. In health care, the large number of legacy (often proprietary) systems exacerbates the problem. In addition, with so many changes in physician, nurse, clerical and vendor personnel, keeping up with adequate password provisioning and deprovisioning can be a nightmare.
Please log in or register below to read the full article.