The Identity Theft Resource Center has published a report that says reported data breaches are up 40 percent since 2015. For context, there were 16 reported in 2005. Researchers identified hacking as the main source of data theft in the healthcare industry. But not far behind were employee theft and negligence.
The leading source of data breaches in the healthcare industry is hacking, this report says.
A recent report by the Identity Theft Resource Center paints a bleak picture about just how safe your dental patients’ data may be. The TRC’s latest look at patient data security shows that since 2015, the number of reported breaches has increased by 40 percent. That figure represents an all-time high.
Data breaches happen when an individual’s name, Social Security number, driver’s license number, or medical or financial record is put at risk because of exposure, either in electronic or paper format. Not all data breaches are alike, but what they all have in common is that they typically contain personal identifying information that is not encrypted.
RELATED: More Dentist’s Money Digest® Data Security Coverage
· Under Attack: Dentistry Faces Growing Cybersecurity Threat
· Does Your Practice Meet HIPAA Compliance Standards?
· 5 Ways to Stop Cyber Crime in its Tracks
The ITRC’s report focused on five industries, including business, education, medical/healthcare, government/military, and banking/credit/financial. In total, the medical/healthcare industry, which includes dental practices, organizations, and schools, represented 34.5 percent of the overall number of breaches.
The number of data breaches has grown steadily since 2005, when only 16 breaches were reported for the year. In looking at this year’s data, the ITRC notes that it is hard to tell whether there are more breaches that are occurring each year, or whether there are simply more reported data breaches.
For the healthcare industry, hacking was identified as the most common source of data breaches. The second most common source of breaches was determined to be insider theft and employee error or negligence. In fact, insider theft has been a bigger problem for the healthcare industry than for the other industries studied.
Spear phishing was also shown to be a common method of obtaining personal information. This scheme uses email that appears to be sent from company executives or other high-ranking personnel. In March 2016, the Internal Revenue Service reported a 400 percent increase in phishing and malware incidents. Using this method, thieves trick employees into giving over private personal information, like W2s or Social Security numbers.
Karen Barney, director of research and publications at ITRC, says, “In general, privacy laws typically seem to not necessarily keep pace (with the security demands of newer technologies). There's a great need for corporate protocols and best practices to be in place.”