Healthcare sector accounts for 43 percent of all UK data breaches
Data security services company Egress has released data from the UK's Information Commissioner's Office (ICO) which shows that the health sector accounts for nearly half (43 percent) of all data breaches.
It also shows that human error, rather than external threats, is the main cause of incidents across every sector. Staff mistakes accounted for 49 percent of all breach incidents in the last quarter of 2016.
UK healthcare organisations suffered 2,447 data breaches between January 2014 and December 2016. This is almost four times more than the second highest sector (local government). The number of incidents is also rising, with a 20 percent increase from 184 incidents in the last quarter of 2014, to 221 in the last quarter of 2016.
Of the 221 incidents occurring between October and December 2016, human error was the main cause. These incidents are not all IT related, they include loss of paperwork (24 percent), data faxed or posted to the wrong participant (19 percent), data sent by email to incorrect recipient (nine percent), and failure to redact data (five percent). Data shared in error is the single highest contributor to breaches year-on-year, causing roughly one-third of incidents (31 percent in 2014, 34 percent in 2015, and 31 percent in 2016).
"Following the WannaCry exploit, the vulnerability of the healthcare industry, and the critical importance of improving its cybersecurity, has come into sharp focus," says Tony Pepper, CEO and co-founder of Egress Software Technologies. "While it's clear there is a security problem in healthcare, these figures show that it is as much about internal activity as external threat. There’s no doubt that someone inadvertently emailing a spreadsheet containing sensitive patient details to the wrong person isn’t as good a headline as a ransomware attack, but that does not diminish the threat it poses."
Among other findings are that the courts and justice sector has experienced the most significant increase in incidents, a 290 percent rise since 2014, placing it in the top five worst affected industries by the last quarter of 2016. Other significant increases can be seen in the central government and finance industries, with 33 percent and 44 percent increases, respectively.
Pepper concludes, "What the information from the ICO makes clear is that all businesses need to do more to better protect sensitive information. Meeting this challenge requires a combination of improved employee training and the communication of risks, and the deployment of the right technologies to minimise the number opportunities available for human error to take hold."