Data breach figures continue
to rise, according to figures
By Patricia L. Harman, PropertyCasualty360.com
Over the past year, the number of data breaches from either malware or hacking have risen substantially according
to Beazley, a provider of data breach response insurance.
“We saw a significant rise in incidents
caused by hacking or malware in the past
year,” said Katherine Keefe, global head of
the Beazley Breach Response (BBR) Services unit. “This was especially noticeable
in healthcare, where the percentage of
data breaches caused by hacking or malware more than doubled.” Breaches in the
financial services and higher education
sectors also increased.
The BBR unit responded to 60 percent
more data breaches in 2015 compared to
the previous year. The company says that
32 percent of all incidents in 2015 were
caused by hacking or malware, compared
to only 18 percent in 2014.
The number of breaches involving
third-party vendors tripled from 6 per-
cent in 2014 to 18 percent in 2015. The
loss of non-electronic physical records
remained the same at 16 percent.
The good news is that there was a slight
drop in the number of incidents involving the unintended disclosure of records
through errors like misdirected e-mails,
which went from 32 percent in 2014 to
24 percent in 2015. Beazley’s data breach
statistics were based on 777 incidents in
2014 and 1,249 in 2015.
As hackers show an increased interest in
healthcare records, Hollywood Presbyterian Hospital reported a ransomware attack
in February that ultimately had the hospital paying a ransom of $17,000 in Bitcoin,
which is nearly untraceable. Ransomware
attacks literally hold an institution’s information hostage until the ransom is paid.
Beazley projects ransomware attacks will
increase 670 percent from 2014 to 2016.
“Healthcare is a big target for hackers
because of the richness of medical records
for identity theft and other crimes,” ex-
plained Paul Nikhinson, privacy breach
response services manager for BBR Servic-
es. “In fact, a medical record is worth over
16 times more than a credit card record.”
Healthcare is not the only sector being
targeted by hackers. Colleges and uni-
versities have reported increasing inci-
dents of “spear phishing,” where hackers
send personalized, seemingly legitimate
e-mails that include harmful links or at-
tachments. Because so many students
and educators have access to campus IT
systems and utilize social media, schools
are particularly vulnerable to hackers.
Another target of hackers is the financial services industry, which saw a slight
increase in 2015, up to 27 percent vs. 23
percent in 2014. Beazley’s data shows
that Trojan programs were a frequent
mode of access.
The weakest link for most businesses
and institutions continues to be their
employees. However, companies can take
steps to protect their data including:
• Training employees on the importance
of protecting personally identifiable
information (PII) and protected health
information (PHI) and how to avoid
phishing attacks that might be used to
access that data.
• Creating an incident response plan and
testing it to identify vulnerabilities in
the system. Plans need to be developed
and practiced ahead of time from the
initial intrusion to who will be notified
and how the forensic investigation will
• Beazley recommends categorizing data
risks by threat level, since over-reacting
to a breach can be as harmful as under-reacting. Different breach events will require a tailored response to that threat.
• Take a careful look at supplier contracts
for any companies that handle or have
access to your customers’ data. It should
be protected by anyone with access and
your company could still be liable if
there is a data breach.
• Password protect computers and mobile
devices, and encrypt data on any devices
including thumb-drives and laptops.