Health care 'disproportionately affected' by data security incidents
Information Commissioner's Office shows sharp increase in data breach incidents in central government and courts sectors.
ICO releases four years' worth of data on security breaches - Photo credit: Tobias Felber/DPA/Press Association Images
Health care organisations made up almost half of data breaches in the four years to the end of December, according to new figures from the Information Commissioner’s Office.
Data covering private and public sectors shows that health care organisations suffered 2,447 incidents between January 2013 and December 2016 43% of the total.
The second highest sector for breaches was local government, with 642 reported incidents – just 11% of all incidents.
Commenting on the data, Tony Pepper, chief executive and co-founder of Egress Software Technologies, said: “Following the WannaCry exploit, the vulnerability of the healthcare industry, and the critical importance of improving its cybersecurity, has come into sharp focus.”
The data, collected by Egress, showed that human error was attributable to human error in more than half of the cases reported to the ICO.
Incidents down to theft or loss of paperwork made up 24% of incidents, while data posted or emailed to the incorrect recipient made up 28%. Failure to redact data accounted for 5%.
“While it’s clear there is a security problem in healthcare, these figures show that it is as much about internal activity as external threat,” Pepper said.
“There’s no doubt that someone inadvertently emailing a spreadsheet containing sensitive patient details to the wrong person isn’t as good a headline as a ransomware attack, but that does not diminish the threat it poses.”
The courts and justice sector has experienced the most significant increase in incidents, a 290% jump since 2014, placing it in the top five worst affected industries by the end of 2016.
Other significant increases were seen in the central government and finance industries, with 33% and 44% rises, respectively.
Immigration minister indicates that various courses of action will be examined before any legislation is passed
The UK remains to be hit by a cyberattack of the highest level of severity, but NCSC chief reiterates that we should ‘expect it at some point’
National Cyber Security Centre research reveals the most commonly breached passwords
After two breaches inside a week, department commissions independent assessment of compliance