David Hood

by David Hood

Director, Technology Marketing, Mimecast

Posted Sep 26, 2018

Email security at healthcare companies is trending in the wrong direction.

Email has been the top source of data breaches in the healthcare industry three of the last four quarters, according to HHS Breach Portal. Unfortunately, this trend does not appear to be changing with email holding a considerable lead through the first two months of the third quarter.

A logical question to ask is why? While it would be impossible to definitively say, my hypothesis is that a couple of factors are represented.

  1. Healthcare breaches are caused by external actors and internal employees. According to the Verizon 2018 Data Breach Report, healthcare was the only industry where most breaches were caused by employees. Don’t celebrate too quickly, as external actors still accounted for 44%. While a small subset of the internal breaches are malicious, most can be attributed to careless or compromised employees. During a recent conversation, a senior leader at a healthcare provider put it this way: “healthcare is unique in that almost every employee has access to highly regulated data.”
  2. Healthcare presents a big target for breaches. Research and reviewing recent media headlines shows that healthcare continues to be a favorite target for cybercriminals. Attacks such as phishing, spear-phishing and ransomware are succeeding far too frequently in an industry that holds such sensitive information.

Healthcare Data Breach Statistics

Let’s look at the data breach statistics in a little more depth. The chart below shows that the number of breaches has risen steadily from a low of 22 in Q1 of 2017 to a high of 99 in Q2 of 2018. More troubling the total number of individuals impacted has also risen. With over 2.5 million patient records exposed from April 1 to June 30, 2018 and over 2.9 million records through the first two months of the third quarter. The industry is not trending in the right direction.

Health Data Breach Statistic

It’s also possible to isolate the source for the data breaches. In the second chart, the sources of the data breaches are shown by quarter. Email is marked with an arrow and it’s clear at least in four of the last five quarters, email has overtaken network servers and other categories for the total number of breaches.

This data provides hard numbers to the sentiment expressed in a Mimecast and HIMSS Analytics survey released in early 2018. The survey found CIOs and IT directors felt email was the most likely source for a breach, receiving more first place votes than all other categories combined.

Sources for Data Breaches Statistic

Given the importance that email plays in communication and the potential threat it poses, it’s important to stay current on the threats to the healthcare industry. This isn’t just a technology problem. Employees at healthcare providers are frequent targets because humans a weak link in any security program.

Consider the following data breach headlines:

With the numbers showing that data breaches continue to rise, email being the most likely source for a breach and that employees are responsible for more than 50% of the breaches in healthcare, it’s clear the industry can do more to protect patient health information.

To be clear this isn’t just a technology or human problem. Only by combining both can the industry better protect sensitive records and provide patients the same peace of mind as when they walk through the front doors for care.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

David Hood

by David Hood

Director, Technology Marketing, Mimecast

Posted Sep 26, 2018

You may also like:

How Does the GDPR Data Breach Notification Work?

The way you prevented data breaches has …

The way you prevented data breaches has changed forever. The… Read More >

Jake O'Donnell

by Jake O'Donnell

Global Editorial Content Manager

Posted Jun 06, 2018

How Quickly Will You Recover from A Cyber Attack?

Cyber resilience shifts focus from just …

Cyber resilience shifts focus from just preventing an attack… Read More >

Garrett O'Hara

by Garrett O'Hara

Principal Technical Consultant

Posted Mar 01, 2018

Healthcare Data Breaches due to Email Attacks Continue to Increase

By the Numbers – Breaking Down the HHS B…

By the Numbers – Breaking Down the HHS Breach Database Alth… Read More >

David Hood

by David Hood

Director, Technology Marketing, Mimecast

Posted Feb 14, 2018