It's easier to steal sensitive medical information than we thought, according to a new report from Verizon.
It turns out that 90 percent of organisations outside of healthcare store sensitive medical information about their employees. Most organisations outside of the healthcare industry are unaware they have protected health information such as information for wellness programmes and employee records.
Despite the fact that most attackers usually go after personally identifiable information (PII), Verizon's 2015 Protected Health Information Data Breach Report reveals that when it comes to Protected Health Information (PHI) breaches, medical record data is more often than not accessed with malevolent intent. The results were collected from confirmed PHI breaches in nearly 2000 incidents from 25 countries.
The most frequent types of breaches add up to 86 percent of all incidents. Theft or loss of portable devices (laptops, tablets) make up the most frequent type of breach with 45.4 percent. The second is misuse – when an employee abuses their access to patient information, making up 20.3 percent. And third (at 20.1 percent) is error such as sending medical report to the incorrect person or loss of a portable device.
Verizon found that 33.2 percent of breaches can go for months without detection and 18.5 percent are not found for years.
The report also found that many people withhold information from their healthcare providers due to their fear of data breaches. Not wanting to share this information could potentially delay treatment for a communicable disease.
Suzanne Widup, senior analyst at Verizon said, “Many organisations are not doing enough to protect this highly sensitive and confidential data. This can lead to significant consequences impacting an individual and their family and increasing healthcare costs for governments, organisations and individuals. Protected health information is highly coveted by today's cyber-criminals.”