Initial findings from Verizon’s inaugural Protected Health Information Data Breach Report suggests securing PHI Data is a much more expansive undertaking
Verizon Enterprise Solutions unveiled select initial findings from its inaugural 2015 Protected Health Information (PHI) Data Breach Report at the Connected Health Summit in Washington, D.C. this week. The 2015 report will examine how PHI breaches are affecting the doctor-patient relationship, how PHI breaches are happening, how long it takes to discover a breach, and how to mitigate the risks. PHI is defined as personally identifiable health information on an individual, and is covered by one of the state, federal or international data breach disclosure laws.
The initial swipe of the data indicates that a whopping 90 percent of industries experienced a PHI data breach and that this type of data breach has widespread implications across many sectors besides healthcare. Of 20 sectors studied, only the utilities and management industries had no reported PHI breaches.
The Data Breach Investigations Report team examined incidents from 25 countries to produce this report including detailed analysis of confirmed breaches involving more than 392 million records and 1,931 incidents.
Verizon’s data breach research has consistently shown that hackers’ tactics are influenced by what data they are after and where that data is stored and processed. The country where the data resides and the size of the company are not significant factors.
One area of difference for PHI data breaches versus all kinds of data breaches is who is carrying out the attacks. The number of external and internal bad actors is nearly equal with 5 percentage points difference, meaning there is a lot of insider misuse of PHI.
“Protected Health Information is gold for today’s cybercriminal,” said Suzanne Widup, lead author for the Verizon Enterprise Solutions report. “What makes our findings even more troubling is that many sectors – especially those outside of the healthcare industry – aren’t even aware that they hold this type of data. The ramifications for stolen medical information can literally be a life and death situation.”
According to the report’s findings, medical record data is often taken with malicious intent; however, it is frequently the personable identifiable information (PII) that attackers are really after.
“This data can be extremely damaging in the hands of those wanting to commit various types of financial fraud,” added Widup.
Slated to be released in its entirety in December, the report is aimed at helping organizations across all sectors understand the importance of identifying and protecting this information before a data breach occurs.