According to a recent publication by Verizon, 73 Percent of all data loss in healthcare organizations can be attributed to three factors. Those factors include Theft, Insider Misuse and Accidental Errors.
PHYSICAL THEFT AND LOSS
Accounted for 46 percent of all the security incidents that targeted healthcare organizations were thefts or losses of “information assets. These include laptops, USB drives, paper files, and backup discs. This doesn’t include situations where files and hard drives are improperly disposed of; these incidents come under Miscellaneous Errors.
INSIDER MISUSE
Insider and privilege misuse accounted for 15 Percent of incidents suffered by healthcare organizations. This category covers situations when employees, ex-employees and partners with access rights use their privileges to access data, either in person or over the network. Culprits can come from every level of the organization, even senior executives.
MISCELLANEOUS ERRORS
12 percent of healthcare incidents fell under Miscellaneous Errors. This category covers any mistake that compromises security, primarily:
- Posting of private data to public sites
- Sending of information to the wrong recipients (whether in the post or by email)
- Failing to dispose of assets securely — e.g., by shredding paper or wiping hard drives
MITIGATION
To mitigate these errors, Verizon suggest the following:
- Encrypt Devices
- Backup Data
- Lock Down Computers and Devices
- Review User Accounts
- Monitor Exits
- Implement Data Loss Prevention
- Strengthen Controls on Publishing
- Train Staff to be aware of Security
