India amongst list of 25 countries where a breach has been reported
A first-time report from Verizon’s Data Breach Investigations Report (DBIR) team provides a detailed analysis of confirmed protected health information (PHI) breaches involving more than 392 million records and 1,931 incidents across 25 countries.
It reveals that stolen medical information is a much more widespread issue than previously thought, affecting 18 out of 20 industries examined. Yet, most organisations outside of the healthcare sector do not realise they even hold this type of data. Common sources of protected health information are employee records (including workers’ compensation claims) or information for wellness programmes and are generally not well protected.
This report analyses PHI breaches with a focus on the healthcare industry including ambulatory healthcare services, hospitals, nursing and residential care; and social assistance across North America, Europe and the Asia-Pacific region.
Portable devices including laptops and flash drives continue to be a favoured target of criminals, and while encryption offers a safe harbor by protecting the data even when the asset is compromised, we still see this as a leading cause of incidents year after year.
“We believe that to achieve true information security, it is essential that a company implements an ongoing information security program which incorporates people, processes, and technology to address its enterprise-wide business operations and employs appropriate measurements to manage and improve program effectiveness on a continual basis. Reliable and high-fidelity cyber-intelligence, which can be attained from network intelligence is critical to detecting targeted cyber attacks and to implementing a timely and effective response.” said Ashish Thapar, Managing Principal, RISK Services – APAC, Verizon Enterprise Solutions.
Breaches have been reported in 25 countries namely Australia, Belgium, Canada, China, France, Germany, Hong Kong, India, Ireland, Israel, Japan, Kuwait, Lebanon, Malaysia, Netherlands, New Zealand, Puerto Rico, Romania, Russian Federation, Sweden, Switzerland, Turkey, Ukraine, United Kingdom and United States.
For this report, PHI is defined as personally identifiable health information on an individual covered by one of the state, federal or international data breach disclosure laws.