Topics
More on Risk Management

Healthcare most hit with data breaches in 2015, ransomware gaining popularity among hackers

Symantec report claims 16.6 percent of the 245.2 million stolen records that exposed Social Security numbers since 2005 were healthcare-related.

Jessica Davis, Associate Editor

Hollywood Presbyterian paid $17,000 ransom after its systems were hacked in February.

The healthcare industry accounted for the highest number of data breaches among service industries in 2015, according to a new 2016 Internet Security Threat Report from Symantec that also found ransomware on the rise and increasingly sophisticated attack tactics being perpetrated by organized criminals with extensive resources.

The same report recorded nine mega breaches and half a billion stolen personal records, with ransomware attacks growing by 35 percent in 2015.

Criminals are becoming more sophisticated - even establishing professional businesses and adopting best business practices, the report found. And this evolution has increased the reach of these cybercriminals and supported the explosion of these types of online crimes.

[Also: Hollywood Presbyterian pays $17,000 ransom to regain control over systems from hackers]

"Advanced criminal attack groups now echo the skill sets of nation-state attackers," Kevin Haley, director, Symantec Security Response, said in a statement. "They have extensive resources and a highly-skilled technical staff that operate with such efficiency they maintain normal business hours and even take the weekends and holidays off."

"We're even seeing low-level criminal attackers create call-center operations to increase the impact of their scams," he added.

Healthcare is a major contributor to these attacks: 16.6 percent of the 245.2 million stolen records that exposed Social Security numbers since 2005 were healthcare-related, according to a report released Tuesday by the Identity Theft Resource Center. The group is sponsored by IDT911, an identity theft protection firm.

[Also: Hospitals in California, Indiana hit with ransomware attack]

Of the 176.5 million medical and healthcare records exposed since 2005, 1.5 million have occurred since 2014 and 17.2 million have been exposed by "Data on the Move," according to the ITRC report. And employee error, negligence and insider theft were responsible for 371 healthcare-related breaches.

In just this year alone, almost 6.2 million records have been left vulnerable, the report found. Furthermore, the IRS reported a 400 percent surge in tax-related phishing and malware incidents in just January and February of this year.

"Tax refund fraud continues to rise, creating almost unbearable issues for victims nationwide," Eva Velasquez, CEO of ITRC, said in a statement. "It's our belief the 575 healthcare breaches since 2010 - that have exposed more than 142 million social security numbers - are contributing to this increase."

[Also: FTC, others call for action on ransomware in healthcare, improved cybersecurity preparedness]

Advanced criminal groups first exploit vulnerabilities and use these weaknesses to their advantage, according to the Symantec report. Some of these criminals sell the data to lower-level players on the black market. 

The amount of malware attacks alone, with over 430 million new malware variants discovered last year, demonstrates the rising tide of the professional cybercriminals to exploit weaknesses and cripple and penetrate corporate networks.

"Data breaches have become the third certainty in life - disrupting and endangering lives as well as damaging the reputations and balance sheets of countless organizations," said Adam Levin, IDT911 chairman and founder, in a statement.

"Companies need to create a culture of privacy and security from the mailroom to the boardroom," he said. "That means making the necessary investment in hardware, software and training."

Learn more at the upcoming Privacy and Security Forum, May 11-12, 2016, in Los Angeles. Register here. 

Twitter: @JessieFDavis