The UK health sector and local government accounted for a majority of reported security incidents between 2013 and 2016 with the number of incidents rising every year.
Data theft and loss of paperwork accounted for one in every four security incidents suffered by the health sector since 2013.
According to a recent report from the Information Commissioner’s Office, the UK health sector and the local government suffered 43 percent and 11 percent of all reported security incidents in the last three years respectively. While the health sector suffered 184 security incidents in the last quarter of 2014, the number rose to 221 in the last quarter of 2016.
A deeper analysis of the ICO report conducted by Egress Software Technologies has revealed the true nature of security incidents suffered by the health sector in the last three years. The analysis reveals that 24 percent of all security incidents were caused by theft or loss of paperwork, 19 percent due to data shared with incorrect recipients through fax or post, 9 percent due to data shared with incorrect recipients through e-mail and 5 percent due to failure to redact data after it was shared.
In total, the health sector suffered as many as 2,447 reported security incidents in the last three years. While the health sector continues to top the list of data breaches, it doesn’t mean there has been an improvement in other sectors. The Egress analysis shows that the total number of security incidents reported across all sectors increased by around 32% since 2014.
SMB vulnerabilities are major cause of WannaCry ransomware attacks: Malwarebytes
Despite various sectors moving towards automation and implementing checks and balances, the contribution of human error in security incidents actually increased from 44 percent in the last quarter of 2014 to 49 percent last year. Worryingly, the financial sector registered an increase of 44 percent in security incidents between 2014 and 2016, which means credit card frauds, loss of customer financial data and data stolen from banks have risen over the years and will continue to do so unless they are effectively curbed.
“We are all aware that security incidents are rising, but many may not suspect how large a proportion of these are down to error and lack of control over sensitive data. What the information from the ICO makes clear is that all businesses need to do more to better protect sensitive information,” said Tony Pepper, CEO and co-founder of Egress Software Technologies.
Suspected hackers exclusively targeting British MPs with phishing e-mails
“Meeting this challenge requires a combination of improved employee training and the communication of risks, and the deployment of the right technologies to minimise the number opportunities available for human error to take hold,” he added.
Following the WannaCry ransomware attacks which crippled many NHS hospitals and trusts, Health Secretary Jeremy Hunt has promised to update all NHS computers and other systems within the next ten months.
“Whilst many authorities now only use a small number of devices that run Windows XP, the transition to a newer operating system needs to happen as a matter of urgency. With the health sector accounting for the most data security breaches across all public sector departments, it is critical that up-to-date and secure software is in place to safeguard patient data against cyber attackers,” said Citrix director of sales for the UK and Ireland Jon Cook.