6 Most Common Types of Healthcare Data Security Breaches

With all of the media hype around breaches, and pressure from your stakeholders to avoid being the  next headline, it is easy to focus too much on one or another type of breach, perhaps the one that caused the latest headline. This risks missing many other common types of breaches, and being blindsided by a breach you did not anticipate, and therefore are unprepared for. In this blog, I look at six of the most common types of data security breaches in health and life sciences organizations.

1. Cybercrime Hacking: In this type of breach, an external hacker accesses your organizations network and obtains unauthorized access to sensitive patient information. A common example of this type of breach starts with the hacker spear-phishing a worker in your organization, resulting in that worker clicking on a malicious link, and leading to drive-by download of malware. The malware then proliferates inside your intranet and key-logs the database administrator database credentials, at which point it turns into a bot that logs into your database containing sensitive patient data and exfiltrates this data "low and slow" to evade detection.

2. Loss or Theft of Mobile Device or Media: In this type of breach, a worker either loses or has stolen a mobile device or media containing sensitive patient data, resulting in potential unauthorized access to that data and a breach.

3. Insider Accidents or Workarounds: In this type of breach, a worker performs a well-intentioned action that results in unauthorized access to sensitive patient information. A common example of this type of breach involves a worker emailing unsecured sensitive patient information, resulting in potential unauthorized access to this information, and a breach. This type of breach can involve the use of either corporate or BYOD devices by workers.

4. Business Associates: In this type of breach, a third party organization contracted by your organization experiences a breach event involving unauthorized access to sensitive patient information. In this case the patient information impacted originates from your organization and was previously shared for the purpose of the third party organization fulfilling its contractual obligations. In the United States these entities are known as Business Associates, while in Europe they are typically referred to as Data Processors.

5. Malicious Insiders or Fraud: In this type of breach, a worker performs a malicious action that results in unauthorized access to sensitive patient information. This could be a disgruntled worker, or done for the purpose of committing fraud. A common example of this type of this breach involves medical claims fraud where a worker files dishonest healthcare claims in order to turn a profit, or sells sensitive patient information on the black market. Prescription fraud and financial fraud are other examples of this type of breach.

6. Insider Snooping: Insider snooping involves a worker accessing the records of patients of your organization without any legitimate need to do so, for example where a patient is not under the direct care of the worker.

Only by understanding all the types of breaches your organization is at risk of and how to defend against these can you achieve effective security and adequately mitigate your risk of breaches.

What other kinds of breaches are you considering to protect your health and life sciences organization from breaches?