The Verizon 2024 Data Breach Investigations Report (DBIR or Report) is a terrific read for non-technical people who want clarity about a confusing topic. It’s designed to simplify the complex world of cyber incidents, making it more accessible and less overwhelming.
The Report aims to “shine a light on the various Actor types, the tactics they utilize, and the targets they choose.”
The authors of the DBIR have not only made a technical subject accessible but also conducted a comprehensive analysis of over 30,000 cyber incidents from 20 industries. This in-depth research depicts industry trends and offers insights for resource prioritization. The Report’s 17-year publication history by Verizon further underscores its reliability and relevance.
Some things have changed over time, and some trends remain. Staying informed is crucial as the world of cyber incidents evolves.
From the Introduction:
“From year to year, we see new and innovative attacks as well as variations on tried- and-true attacks that still remain successful. From the exploitation of well-known and far-reaching zero-day vulnerabilities, such as the one that affected MOVEit, to the much more mundane but still incredibly effective Ransomware and Denial of Service (DoS) attacks, criminals continue to do their utmost to prove the old adage ‘crime does not pay’ wrong.”
While some tactics are nearly universal, such as Ransomware, the specific threats in each industry differ.
Note: Capitalized terms are defined in the report. The definitions are not repeated here, but you can see the Report for more. The analysis period was from November 1, 2022, to October 31, 2023.
Data Breaches in Healthcare
Insiders
The Insider threat is growing in healthcare.
The Report analyzed 1,378 incidents, 1,220 of which had confirmed data disclosures. The top patterns were Miscellaneous Errors, Privilege Misuse, and System Intrusion, representing 83% of breaches. The fourth pattern was Social Engineering.
“This year’s Healthcare sector analysis reveals significant shifts compared to previous years. Insiders deliberately causing breaches have surged back into second place after a steady decline since 2018.”
The pattern analysis is underscored by the types of actors who are threats. In healthcare, 70% of the Threat Actors are Insiders, while 30% are External.
The healthcare summary is striking compared to the Financial and Insurance industry, where Insiders were not a top threat; 69% of the Threat Actors were External, and 31% were Insiders. Privilege Misuse – the intentional acts – is not among the top three patterns in the Financial and Insurance Industry.
When you consider that a large proportion of the first pattern category in healthcare, Miscellaneous Errors, is caused by Insiders, it’s easy to see that the Insider threat in healthcare is worth paying attention to. The most common error is misdelivery (sending or giving information to the wrong recipient), followed by loss and speaking within the hearing of an unauthorized person.
Vigilance, workforce training, and sanctions can reduce these data breaches, whether deliberate or accidental.
External Actors
System Intrusion from External Actors is a pattern that has mostly stayed the same. According to the Report, the most sophisticated attacks are some form of System Intrusion and,
“They still largely consist of breaches and incidents in which the threat actor leverages a combination of Hacking techniques and Malware to penetrate the victim organization.”
Most often, these result in Ransomware, which accounts for 70% of the incidents within System Intrusion.
The Two Biggest Ransomware Attacks in History are Recent
The most significant cyber incident during the analyzed period was the MOVEit data breach in May 2023, which the Cl0p ransomware group deployed. While it attacked dozens of companies and organizations in finance, professional services, and education, healthcare was hit hard, and millions of people were affected.
The February 2024 Change HealthCare ransomware attack occurred after the period the Report analyzed and likely affected 1/3 of the American population, well over 100 million.
Social Engineering
It’s worth noting that the fourth threat pattern in healthcare was Social Engineering, which External Actors use through electronic communications, typically email. Examples of Social Engineering include phishing (using psychology to alter someone’s behavior and give information away) and pretexting (a fictional story designed to convince someone to give up valuable information).
Cybersecurity awareness training for the workforce is essential to reduce the chances of successful phishing and pretexting attacks.
HIPAA Compliance Can Reduce Data Breaches
- Conduct an annual HIPAA Risk Analysis and practice Risk Management year-round. Use the Security Rule Checklist to examine your cybersecurity defenses and ensure you stay current.
- Ransomware is a universal threat, so learning how to stop it should be a top priority. Visit StopRansomware.gov for the latest.
- Refresh your workforce cybersecurity awareness training. Trained and alert employees are the first defense against cyber attackers using phishing and pretexting.
