14 DAY TRIAL // It may not come as a surprise, but compared to other sectors, health care providers in New York have recorded the largest amount of personal information loss as a result of security breaches, since 2006.
The numbers come from a recent report published by the New York Attorney General Office. The document focuses on the damage caused by cyber-attacks on New York entities and reveals that over $1.37 / €1 billion has been spent in the wake of this sort of incidents, by both the private and the public sector.
A special section in the paper is dedicated to the industries that have been most affected by cyber-attacks in the past eight years.
The information gathered by the Attorney General Office of the state of New York was compiled in a report called “Information Exposed: Historical Examination of Data Breaches in New York State.”
According to the document, more than 1 million records containing personal information of individuals have been exposed in cyber-security incidents targeting the health care sector since 2006.
In New York, a reported total of 29 health care providers have suffered more than three breaches; and although the largest number (54) of companies whose systems have been penetrated activate in the retail sector, the amount of personal records exposed in this sector is just 163,319.
Financial services have also been targeted by cybercriminals, who managed to extract a total of 624,000 records from their systems.
As far as the data loss figure for the health care providers is concerned, it represents a certainty, but it is very likely that it is only the tip of the iceberg, as many cases have been reported where administrators found about a breach months after the incident, which made the investigators’ task to determine the affected individuals more difficult.
Towards the end of June, CORL Technologies issued a survey conducted on 150 health care vendors in the U.S. focusing on their attitude to security and on how prepared they were in front of cyber-attacks.
The conclusion was that most of these companies failed to meet the minimum standards imposed through the HIPAA (Health Insurance Portability and Accountability Act).
In 68% of the cases, there were no security certificates to validate the measures in place for protecting sensitive data. Moreover, the study revealed that healthcare organizations had no idea about how many vendors had access to health information on their systems.
“As the health care industry moves toward increasing digitization, it has become a repository for large troves of sensitive information, making the industry uniquely susceptible to data loss, particularly through lost or stolen electronic storage equipment,” says the NY Attorney General report.
