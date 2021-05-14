Entertainment
External threat actors overtake insiders in health data breaches
– For the second year in a row, external threats caused the majority of health data breaches in 2020, compared to just 39% caused by insiders, either inadvertently or intentionally, according to the latest Verizon Data Breach Investigation Report (DBIR).
In total, data shows that 61% of global security incidents in 2020 were caused by outside actors, such as hacking and other harmful activities.
“When you read the contents of the report, it is tempting to think that a wide range of threats demand a radical and revolutionary solution,” Alex Pinto, lead author of the report, said in a statement. “However, the reality is much simpler.”
“The truth is that, while organizations must prepare to face exceptional circumstances, the foundation of their defenses must rest on solid fundamentals – addressing and mitigating the threats most relevant to them,” he said. he continued.
The annual DBIR is based on data sets from a variety of sources, including investigators from the Verizon Threat Research Advisory Center, external contributor reports, and publicly disclosed security incidents.
To compile the report, Verizon researchers analyzed a total of 29,0207 security incidents reported in 88 countries, of which 5,258 were confirmed data breaches, three times more than for the 2020 report. The DBIR also included responses from 83 contributing organizations.
For the healthcare sector, the researchers analyzed data from a total of 655 incidents, 472 with confirmed data disclosures: 45 from small entities, 31 from larger organizations, and 579 incidents of unknown sizes.
The vast majority (86%) of these breaches were caused by system intrusions, basic web application attacks, and various employee errors. Organized financially motivated hacking groups continue to attack the industry, with ransomware being the primary tactic.
Despite the continued threat from outside actors, the researchers stressed that insiders remain a major challenge for healthcare providers.
Human error is at the root of the majority of these violations, 36% of which are caused by delivery errors, whether through electronic or paper documents. Other causes include publishing errors and configuration errors (over 20% each), as well as data loss (around 15%) and disposal errors (around 10%).
However, the number of incidents caused by malicious insiders fell from the top three culprits for the second year in a row.
Interestingly, personal data was compromised more frequently than medical data, at 66% versus 55%.
“We have seen personal data more often compromised than medical in this sector,” wrote the authors of the report. “It seems strange to us, considering that this is the one area where you would expect to see medical information held most often.”
“However, with the increase in breaches by external actors, it may simply be that the data taken is of a more opportunistic nature,” they added. “If controls, for example, are stricter over medical data, an attacker may only be able to access personal data, which is always useful for financial fraud. Simply put, they can take what they can get and run. “
The report also sheds light on the violations faced by small and medium-sized entities – roughly 263 violations compared to 307 faced by large organizations. Hacking and malware, or intrusions into the system, were the main causes.
In terms of overall threats, the researchers found several consistent risks across all industries. Namely, phishing remains one of the most prevalent threats, as it has been over the past two years. Ransomware landed in third place for breach causes, at 10%.
Phishing accounted for 36% of overall breaches across all industries, compared to 25% in the last DBIR. Researchers believe that COVID-19 and associated phishing lures, as well as the increase in working from home, have contributed to the increase in phishing attacks.
The threat continues to be closely linked to the use of stolen credentials in these breaches, as it has done in previous years. But while researchers expected phishing breaches to spike due to the pandemic, the numbers remained relatively stable.
Finally, the researchers pointed out that threat actors are gaining ground thanks to older vulnerabilities, rather than newly revealed vulnerabilities, such as Eternal Blue. Eternal blue targets a flaw in the SMB protocol via port 445. MIcrosoft released the fix for the flaw long before May 2017 – and the WannaCry exploit.
The researchers noted that this highlights several key elements: The exploits occur on vulnerabilities based on the abilities an attacker can derive from the vulnerability exploit, as well as on the payload. It also means organizations need to “apply smarter, not harder patches, using vulnerability prioritization, not necessarily to improve security, but to improve organizational productivity.”
“Each patch that needs to be applied means you’re a lot further away from laying the keyboard down and taking the d-pad,” the researchers wrote. “Anything you can do to avoid patching vulnerabilities that don’t improve your security keeps you just as safe, but involves a lot less work (and less risk of employee burnout or burnout). service providers).
