Healthcare Listed as a Top Industry for Physical Data Theft and Loss
Data security breaches, no matter their size or industry, can be extremely damaging to a brand’s reputation as well as a business’ finances. Earlier in the year we wrote about the 5 biggest data breaches of 2013 under HIPAA, with over 4 million individuals affected in one case alone. In the Data Breach Investigations Report (DBIR) from Verizon, we see data security breaches covered in a far broader set of research parameters spanning 10 years worth of data.
The seventh in a series of annual reports by Verizon saw data analyzed from more than 1,300 confirmed data breaches as well as more than 63,000 reported security breaches. The incidents, analyzed from 10 years worth of data, can be summarized into nine basic attack patterns which vary from industry to industry;
- Cyber-Espionage
- Insider Misuse
- DOS Attacks
- Miscellaneous Errors
- Crimeware
- Physical Theft and Loss
- Web App Attacks
- Point-of-Sale Intrusions
- Payment card Skimmers
With a particular focus on the Physical Theft and Loss attack pattern, the report highlights key trends and findings affecting various industries, including Healthcare.
Key findings
Physical theft and loss accounts for “any incident where an information asset went missing, whether through misplacement or malice”. With a total of 9,704 incidents reported, interestingly the Healthcare industry was listed alongside Public and Mining as one of the industries where this category of data breach occurred the most. Physical theft and loss was in fact one of the most common causes of data loss reported. And for industries like healthcare, this includes potentially exposing sensitive data.
The findings showed evidence that it’s not just one type and size of organization that is affected by data loss. This just confirms that no one is excluded or safe from the pitfalls and traps of keeping data secure. A key finding showed that data loss is reported far more than theft by a 15-to-one difference. This suggests that it is important for companies to try and reduce the impact of data loss rather than prevent it all together, as people will always misplace belongings. Finally, and most worryingly, the report outlines that personal and medical information is most commonly compromised.
Recommendations
The report and its findings can help us to inform best practices with regards to data security. We have outlined three recommendations which may help to mitigate risk should there be an incident of data theft or loss in your organization.
1. In sight, in mind
Keeping valuable items like USB drives, laptops and mobile phones in sight at all times can dramatically reduce the risk for theft or it simply being left behind. Encourage locking valuables in the glove box or trunk of a car if they must be left in a vehicle or alternatively provide employees with practical solutions so they can carry the item with them easily without having to put them down.
2. Use the cloud for peace of mind
In the unfortunate and undesirable event of theft or loss of data, using a cloud fax service like Sfax can ensure that documents are protected because the sensitive information is securely stored in the cloud.
3. Lock it up to lock it down
The report shows a good proportion of thefts occur in the office, so you should consider securing removable fixtures and fittings. The majority of such thefts were documents taken from the filing cabinets and mobile devices (including laptops). This reiterates the recommendation to keep data securely stored and encrypted in the cloud rather than storing the data solely on one physical devices.
