In the past five years or so, a wealth of research and analysis has been released regarding the most common causes of data breach, as well as the associated costs of experiencing one of these events and how many entities have been impacted. What has been among the more common themes throughout that time is the fact that breaches are almost always viewed as avoidable, with analysts suggesting that more common-sense controls would directly lead to fewer instances of information theft and subsequent fraud. 

However, this does not mean that cybersecurity is an easy or straightforward matter for any company, nor that events can be completely avoided all the time. Rather, it has become clear that a more engaged and committed approach among leaders needs to be seen soon, and this is especially true for those sectors that are under the strictest regulatory compliance requirements and at the highest threat of experiencing a major attack, including health care. 

In the past few years, hackers have increasingly targeted medical firms given how sensitive their data is, as well as how much can be earned on the black market from just a small bank of these files. At the same time, health care providers have appeared to struggle when trying to prevent all forms of breach and exposure, while the types of challenges and risks they face are only continuing to become more difficult to follow. 

A new top threat
Dark Reading recently reported that the Ponemon Institute has released its latest study on health care data security and privacy, which revealed that the most common cause of breach in this industry is now hacker-based, rather than negligence. The source pointed out that this was the first time in the history of the report that errors made by workforce members were fewer and further between than hacking incidents, further proving that threats are evolving and more cybercriminals are looking to target these entities. 

According to the news provider, the Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data recorded a 125 percent rise in hacking-related databreaches among healthcare firms this year compared to last, while 90 percent of the firms experienced at least one event in the past 12 months. 

"For the first time, criminal attacks constitute the number one root cause [of data breaches], versus user negligence/incompetence or system glitches," Ponemon Institute Chairman and Founder Larry Ponemon told the source. "Ninety-one percent had one or more breach in the last two years, and some of these are tiny, less than 100 records, but they are still not trivial."

As for the specific types of attacks taking place, Dark Reading pointed out that 96 percent of respondents felt as though the loss or theft of devices was the most pressing issue, while 88 percent affirmed spear phishing was rising in prominence.

More protection needed
The only piece of good news here is that health care firms do appear to be better prepared in terms of awareness and refinement to policies for cybersecurity threats that originate internally. However, more progressive and effective controls are needed to begin cutting back on the effectiveness of popular cybercriminal tactics, and this begins with seamless solutions such as email encryption, secure cloud services and similar investments. 

Hackers will always look for the weakest link in any system and target it in an attack. Poor management of data storage environments and access to the information contained therein, as well as a lack of control over email security, can quickly lead to problems for medical firms. The time is now to deploy protective tools.