Data breaches caused by either hacking or malware nearly doubled in relative frequency over the past year, according to Beazley, with the healthcare sector increasingly in criminals’ sights.
Its Breach Response (BBR) Services unit responded to 60% more data breaches in 2015 compared to 2014, with a concentration of incidents in the healthcare, financial services and higher education sectors. Beazley’s Breach Insights 2016 survey findings are based on 777 incidents in 2014 and 1,249 in 2015.
- In 2015, 32% of all incidents were caused by hacking or malware vs. 18% in 2014
- Unintended disclosure of records - such as a misdirected email - accounted for 24% of all breaches in 2015, which is down from 32% in 2014
- The loss of non-electronic physical records accounted for 16% of all breaches in 2015, which is unchanged from 2014
- The proportion of breaches involving third party vendors more than tripled over the same period, rising from 6% of breaches in 2014 to 18% of breaches in 2015.
"We saw a significant rise in incidents caused by hacking or malware in the past year,” said Katherine Keefe, global head of BBR Services, in a statement. "This was especially noticeable in healthcare where the percentage of data breaches caused by hacking or malware more than doubled."
Hackers are increasingly employing ransomware to lock up an organization's data, holding it until a ransom is paid in nearly untraceable Bitcoin, Beazley said. Hollywood Presbyterian Hospital in Los Angeles was hit with a ransomware attack in February 2016 and ultimately paid the hackers $17,000 in Bitcoin. A year earlier, the FBI had issued an alert warning that ransomware attacks were on the rise.
Beazley says the trend is borne out by Beazley's data. Breaches involving ransomware among Beazley clients more than doubled to 43 in 2015 and the trend appears to be accelerating in 2016. Based on figures for the first two months of the year, ransomware attacks are projected to increase by 250% in 2016.