Health Care Industry Most Vulnerable to Data Breaches | eWeek

Health Care Industry Most Vulnerable to Data Breaches

health it and security
Écrit par
Nathan Eddy
Nathan Eddy
Apr 4, 2016
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Incidents relating to phishing, hacking and malware were the cause of 31 percent of data security incidents during 2015, revealing a shift from 2014 when human error was the leading cause, according to a new report.

Produced by the privacy and data protection team at BakerHostetler, the report analyzes data from more than 300 incidents on which the firm advised in 2015.

The report looks at causes of incidents, industries most affected, and what happens after a security incident is detected–from containment, to notification, to regulatory investigations and even lawsuits.

“The most concerning finding was to see that hacking/phishing/malware was the leading cause of incidents last year, especially the increase we saw in health care incidents,” Lynn Sessions, partner with BakerHostetler’s privacy and data protection, told eWEEK. “We could feel the tide begin to turn in 2014, which continued into 2015. However, with the number of incidents we handle, it was surprising to see that was the leading cause.”

The health care industry (23 percent) was affected more than any other. Rounding out the top three are financial services (18 percent) and education (16 percent).

“Health care organizations are in the business of taking care of patients or supporting patient care in some fashion,” Sessions explained. “They have not traditionally needed the level of data security that is required today. You also hear about more health care breaches because HIPAA requires notification, and media release with a low threshold.”

She explained that with the advent of electronic health records and more and more patient information being stored electronically, health care organizations have become targets just as the need for more stringent and sophisticated data security becomes apparent.

“Health care providers and health plans have a gold mine of information that criminals can monetize – such as SSNs, health insurance information, and general health information,” she noted. “There has been a lag with the implementation of the HIPAA security rule in 2005 and the enforcement that came along with HITECH in 2009.”

For incidents in 2015 where notification was made, the average number of individuals notified was 269,609 and the median was 190,000, the report found.

The time from when an incident first began until it was detected – ranged from zero days to more than 400 days, and the average amount of time from incident to discovery for all industries was 69 days, with health care taking nearly twice as long as other industries. The average amount of time from discovery to containment was seven days.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.