For the first time criminal hacking is the number one root cause of the of data breaches (45%), replacing the lost or stolen computing devices as the main cause(43%), as Ponemon Institute reports the results of a Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data survey funded by a data-breach response firm ID Experts.
According to the survey results, criminal cyber attacks grew 125 percent since 2015.
Despite only 43% of data breaches being due to the device theft and employee negligence, a swiping 70% of respondents listed it as one of their top security concerns. This dissonance suggests that an increase in hacks is yet to be fully realized by the users.
“The most-often reported root cause of a data breach is shifting from lost or stolen computing devices to criminal attacks,” the report mentioned. “At the same time, employee negligence remains a top concern when it comes to exposing patient data.”
Respondents included those that are subject to privacy provisions of the HIPAA – covered entities (CA) and their business associates (BA).
Survey findings are echoed by comments from private consultants and government regulators, who are in agreement that health care hacks are surging because patient files contain personally identifiable information (PII), such as Social Security numbers and insurance identification numbers, which can be misused by criminal elements.
Time for a change
The report found that billing and insurance records were the most likely type of data to be targeted successfully, followed by payment details, medical charts and prescription details.
“Even though organizations are slowly increasing their budgets and resources to protect health care data, they continue to believe not enough investment is being made to meet the changing threat landscape,” the survey said.
In 2014, SANS survey, sponsored by Cigital, Cloud Passage, FireEye, Qualys, RiskIQ, Tenable Network Security and Trend Micro, highlights the Security gains:
- 13% of respondents see slight budgetary increase in their IT budget (4-6% more money then in the past)
- 70% of respondents see controls closer to the data, rating applications and database security as effective or very effective
- 3% more of respondents incorporated security into the funded phases of the product development life cycle, compared to the 2013.
While many businesses have gained an increased awareness of the risks associated with their proprietary information stored and transmitted via computer systems and networks, others continue to believe such hacker attacks are likely limited to the major global corporations … and that an attack on their New Jersey-based small business is unlikely.
Related article: When Will a Hacker Attack a Small Business in New Jersey?
As a New Jersey-based IT company with most of our clients located in the state, we believe it’s not a question of “if” a New Jersey small business will be hacked … but “when”. According to a 2013 National Small Business Association survey, 44% of small businesses have been already attacked, with costs averaging $8,700 per incident. We believe the sophistication and prevalence of computer hacking will increase over time. This will require ongoing improvements in small business security measures, designed to reduce vulnerabilities and avert increasingly adept hackers.
Our area has a big number of healthcare organizations, for example Atlantic Health System, a network of healthcare facilities located in Morristown, Summit and Newton, New Jersey; Novo Nordisk a healthcare organization that is rapidly growing and expanding to different regions, including Plainsboro, NJ; Meridian Health is a health insurance provider that has clients located throughout our state.
These are just a few names that come to mind: in NJ alone, there were 72,756 small firms in healthcare and social assistance (according to the 2012 SBA data). Almost half of them are still vulnerable to the cyber crime, and with a growing increase of healthcare data breaches they must be prepared.
Small Businesses can prevent data, password, and credit card theft, computer malware and viruses, e-mail scams, and phishing.
Need to speak to our security experts?
Our managed services can keep your business data safe.
If you are looking for a reliable, professional IT security experts and tech support company in New Jersey, we can certainly help. You can also just give us a call directly at 201-493-1414.