Health care 'disproportionately affected' by data security incidents
Information Commissioner's Office shows sharp increase in data breach incidents in central government and courts sectors.
ICO releases four years' worth of data on security breaches - Photo credit: Tobias Felber/DPA/Press Association Images
Health care organisations made up almost half of data breaches in the four years to the end of December, according to new figures from the Information Commissioner’s Office.
Data covering private and public sectors shows that health care organisations suffered 2,447 incidents between January 2013 and December 2016 43% of the total.
The second highest sector for breaches was local government, with 642 reported incidents – just 11% of all incidents.
Commenting on the data, Tony Pepper, chief executive and co-founder of Egress Software Technologies, said: “Following the WannaCry exploit, the vulnerability of the healthcare industry, and the critical importance of improving its cybersecurity, has come into sharp focus.”
The data, collected by Egress, showed that human error was attributable to human error in more than half of the cases reported to the ICO.
Incidents down to theft or loss of paperwork made up 24% of incidents, while data posted or emailed to the incorrect recipient made up 28%. Failure to redact data accounted for 5%.
“While it’s clear there is a security problem in healthcare, these figures show that it is as much about internal activity as external threat,” Pepper said.
“There’s no doubt that someone inadvertently emailing a spreadsheet containing sensitive patient details to the wrong person isn’t as good a headline as a ransomware attack, but that does not diminish the threat it poses.”
The courts and justice sector has experienced the most significant increase in incidents, a 290% jump since 2014, placing it in the top five worst affected industries by the end of 2016.
Other significant increases were seen in the central government and finance industries, with 33% and 44% rises, respectively.
PHE also reveals outsourcers Serco and Sitel will process sensitive information and claims length of retention is ‘because Covid-19 is a new disease’
Health department says ‘all large-scale operations’ experience similar challenges
Minister and local MP cite success of ongoing trial on the Isle of Wight
No specific guidance has been issued for sector, but minister says department would ‘expect everyone to be aware’ of social distancing
PublicTechnology talks to Rich Turner about why organisations need to adopt a ‘risk-based approach’ to security – but first make sure they get the basics right
CyberArk's David Higgins explores the cyber risks of hiring independent contractors
CyberArk's John Hurst looks at the true cost of GDPR breaches