Friday, May 06, 2016

Human Error Is A Key Driver Of Health Information Leaks and Breaches It Seems.

This appeared last week:

Human element the weakest link in healthcare security, says Verizon report

The majority of threats to security are from external sources that prey on the bad habits of personnel.
April 26, 2016 09:47 AM
"Hackers are beginning to impersonate executives to get the data they want," said Suzanne Widup, senior analyst on the Verizon RISK team.
Stolen credentials, privilege misuse and miscellaneous errors were the three biggest causes for health data breaches in 2015, according to the 9th annual Verizon Data Breach Investigations Report released Tuesday.
The majority of threats come from outside of organizations rather than with internal actors.
Furthermore, there's an increasing trend of external culprits taking advantage of employees' missteps online.
"There's a pronounced trend of a combination of social engineering, like phishing that is followed by hacking actions," said Suzanne Widup, senior analyst on the Verizon RISK team. "Hackers are beginning to impersonate executives to get the data they want, for financial fraud and other kinds of information."
"We find the human element is really the weakest link," she added. "You can train people, but there are still employees that will click on the suspicious link. It's concerning to see that it's now become so mainstream."
According to the report, 30 percent of phishing messages were opened by the target and 12 percent of those targets actually clicked on the malicious link.
And while encryption can help protect against these types of attacks, Widup said. There's a strong hesitation to do so, as it slows down workflow.
Verizon studied more than 100,000 security incidents that occurred in 2015 across all industries to confirm data had been breached. However, lost data is prevalent in healthcare, which means it can't be verified as breached. Those incidents were not included on the report, said Widup, but it remains a serious problem in healthcare.
More here:
Nice to see what we all knew confirmed. What is not clear is just what exactly can be done to reduce / eliminate the risk.
Here is the link to the report:
Enjoy.
David.

No comments: