Healthcare
NAICS 62

Insiders? What Insiders?

Healthcare is the industry where the internal actor has figured prominently in breaches since we first began collecting and reporting data. While the make-up of the insider breach has moved from being largely malicious Misuse incidents to the more benign (but no less reportable) Miscellaneous Errors, we have always been able to rely on this industry to tell the insider threat story. With the rise of the Basic Web Application Attacks pattern in this vertical, those inside actors no longer hold sway. Move over Insiders, the big dogs are here. 

Make no mistake (no pun intended) your employees are still causing breaches, but they are over 2.5 times more likely to make an error than to maliciously misuse their access. Misdelivery and Loss are the most common errors (and they are so close, we’d need a photo finish to determine a winner). 

Figure 87 illustrates the change over time in patterns for healthcare. Back in 2015, the top pattern was Privilege Misuse, followed by Miscellaneous Errors. It wasn’t until 2019 that we started to see the rise of Basic Web Application Attacks, and they have clearly become a serious problem for everyone, not just this industry. Healthcare has increasingly become a target of run-of-the-mill hacking attacks and the more impactful ransomware campaigns (both from the System Intrusion pattern, which came in third). With the increase in ransomware, comes the associated increase of the discovery method of Actor Disclosure. It is a bad day when that ransom note pops up after the encryption has been triggered, providing convenient methods of payment for these customer service-focused threat groups. (And really, who doesn’t want to make it easy for their “customers” to pay them?) 

For the second year, Personal data is compromised more often than Medical. Do we consider this the norm now for the one industry with a plethora of medical data? Is this because the actors are just getting in and getting their encryption game on without regard to the type of records they are rendering inaccessible? Only those in the industry know for certain if they have increased their controls around their Medical data but left Personal data in the waiting room.