(800) 570-5879

Logo featuring thumbprint badge and text
geometric 1

Verizon Report: Cybercrime is Flourishing

A cyberattack forced the shutdown of a major U.S. fuel pipeline last week, showing how vulnerable the nation’s critical infrastructure is. The oil company investigated, and later reported paying a $4.4 million ransom to the attackers to retrieve access to its IT operations and reopen. The healthcare industry is also vulnerable, as cybercrime continues to rise.  In the past year, the pandemic fueled more attacks than ever.

How much do we know about cybercrime and data breaches? Are things getting better or worse? Security experts who monitor cybercrime say that incidents are increasing, but the problems are different among different industries.

Every year Verizon publishes a Data Breach Investigations Report (DBIR) which analyzes security incidents and data breaches across twenty industries worldwide. The 119-page report is surprisingly readable, both full of detail and easy-to-read summaries.

The report is also candid about its limitations, explaining that data is not uniformly reported across industries or regions. Even with limitations though, the DBIR is one of the most comprehensive reports of its kind and a valuable resource for experts and non-experts concerned about cybersecurity.

Key Takeaways from the Verizon DBIR

  • Cybercriminals took advantage of the pandemic exploiting fear and remote work
  • Phishing attacks increased by 11 percent
  • Ransomware rose by 6 percent
  • 85 percent of breaches involved a human element, while over 80 percent of breaches were discovered by external parties
  • Organizations need to know their own vulnerabilities to secure their own systems – there is no “one size fits all”

What About Data Breaches in Healthcare?

  • Ransomware is a favored tactic among financially motivated organized criminal groups targeting healthcare
  • Basic human error continues to be a major problem
  • The most common error continues to be misdelivery (36%), whether electronic or of paper documents
  • Malicious internal actions have dropped from the top three for the second year in a row

Experts Recommend

Prevention is less expensive than loss, whether by accident or intentional theft.  We have written recently about preventing data breaches and mentioned guidance on cybersecurity that’s available from law enforcement and security agencies, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).

In healthcare, we know the best prevention is HIPAA Risk Analysis and Risk Management. Among other measures, a HIPAA Risk Analysis includes the three top protective controls the Verizon DBIR advises for healthcare:

  1. Security awareness training for staff
  2. Access management, and
  3. The secure configuration of enterprise assets and software

There is more to a full Risk Analysis, also called a security risk assessment, than the top three controls. At The HIPAA E-Tool®, we include a Security Rule Checklist to navigate every requirement of the HIPAA Security Rule. Also included are controls applicable to healthcare in the latest revision to the National Institute of Standards and Technology (NIST) document SP800-53.

Finally, to tie it all together, the step-by-step interactive Risk Analysis builds the Risk Management Plan and documents actions taken as required by HIPAA for all covered entities and business associates.

Share This Post

Maggie Hales

Maggie Hales is a lawyer focusing on health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2023 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job® are registered trademarks of ET&C Group LLC

Terms & Conditions | Privacy Policy | Cookies Policy | Privacy Settings

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

8820 Ladue Road Suite 200
St. Louis, MO 63124