Reports of data breaches rose more than 40 percent in 2016, with 72 percent caused by hacking, skimming or phishing and the majority of records were stolen from the health care industry, according to a report released by the Identity Theft Resource Center on Jan. 20.
Using public breach reports and information provided by more than a dozen state agencies—along with Freedom of Information Act (FOIA) requests, the ITRC identified more than 1,093 incidents, up from 780 in 2015. The business sector encountered the greatest number of breaches, accounting for 45.2 percent in 2016, followed by the health care and medical sector at 34.5 percent.
While some of the increase may be due to ITRC’s more extensive sources of information, much of the rise in reports is likely due to organizations seeing a greater number of attacks, Adam Levin, founder of CyberScout, told eWEEK.
“I know, based on my experience being out there, that more and more people are experiencing attacks,” Levin said. “And a lot of them don’t report; a lot of organizations do everything they can to avoid reporting an attack.”
More than 36 million records were put at risk in the breaches reported in 2016, according to the survey. CyberScout collaborated with the ITRC on the report.
The most prominent trend is the continued increase in breaches caused by hacking, skimming and phishing. Breaches caused by those three tactics caused 55.5 percent of the overall compromises, increasing for eight consecutive years, according to the survey. Breaches caused by accidental exposure of information through email and the internet occurred in 9.2 percent of cases.
Attackers are increasingly going after medical records because the files contain so much valuable information, including health insurance numbers and often Social Security Numbers. The study found that Social Security Numbers were the most compromised information, with 52 percent of all breaches in 2016 putting SSNs at risk of exposure and misuse.
Medical records are also proving a popular target of attack. And, with the move to electronic health records, health care organizations are putting all of their information in attackers’ sights, Levin said.
“It’s a double-edged sword: More people have access to your information to save your life, but then more people have access to your information in general,” he said.
In the most recent example of attackers’ focus on the medical industry, a ransomware attack against two subcontractors of health care insurer Highmark Blue Cross Blue Shield of Delaware compromised 19,000 members' medical records, according to reports.