As of September 29th, the number of overall breaches for 2015 reported to the ITRC has thus far slightly dipped below the 2014 figures, at 563 data breaches, but the number of breached records has already outstripped total 2014 figures, at over 155 million records exposed versus the 81.5 million exposed records in 2014. What’s even more surprising is that the healthcare industry no longer leads in terms of most known breaches. As of the end of the recorded third quarter, healthcare accounts for 35.7% of data breaches, while business accounts for 39.2%. In contrast, healthcare accounted for 42.5% of breaches last year.
When we talk about data breaches, figures can be skewed in many ways. We can look at number of data breaches; at face value, healthcare seems to be making progress in protecting data. We can contrast that with number of breached records; healthcare may only have 35.7% of data breaches, but those breaches make up 76.9% of breached records – the average data breach in healthcare is larger than ever before. We can talk about how the majority of data breaches take at least a year to discover, affecting the insights we draw. Or that fraud related to breaches, particularly healthcare breaches, can be hidden for years as well. We can also talk about how the cost of data breaches keeps rising year over year, making each single data breach more costly than before, and that the healthcare industry faces the highest cost of any other.
The truth behind these figures is that every breach is important. Every breach affects real people and comes with real costs. While not all breaches are preventable, many are; where they are not, tangible actions can go a long way to mitigating the impact to those affected as well as to the organization itself. Healthcare can no longer afford the mistakes that lead to data breaches, nor the mistakes that allow them to go undetected. With most organizations facing multiple data breaches per year, and these breaches costing millions of dollars, it’s time to be more proactive.
In our whitepaper, Best Practices for Healthcare Data Breach Prevention, we discuss many specific ways you can achieve data protection and compliance, including policy, process and layered-technology defences. As part of your preparedness, we recently launched Absolute DDS for Healthcare, a comprehensive onboarding program which pairs the highest level of endpoint security with expert forensic support to respond to and contain security incidents. Learn more at Absolute.com