Incomplete report shows trend for most targeted sectors

Nov 5, 2014 17:57 GMT  ·  By

It comes as no surprise that medical-related organizations and retail businesses have been most impacted by data breach incidents this year, each of them recording at least 200 events and together exposing over 72 million personal records, according to a partial report.

The information has been collected from public resources by the Identity Theft Resource Center (ITRC) and sums up only the numbers that have been disclosed by the affected party.

Businesses and healthcare entities need to increase security

In many cases, the amount of affected individuals is not disclosed, which has a direct impact on the total of records that have been put at risk. However, the report is useful in showing the sectors most affected by cyber-attacks.

According to the ITRC document last updated on Monday, the business sector in the US was involved in 206 data breach incidents in 2014, which makes for 32% of all events.

Probably because of more relaxed security policies, the medical and healthcare sector was hit by 273 breaches, accounting for 42.4% of the total.

These figures may not be accurate, since some entities may have suffered such an incident and have not reported it yet; but it is clear that more emphasis should be put on protecting the computer systems in medical facilities and healthcare centers.

Recently, Jessie Trice Community Health Center announced that records on 7,888 patients have been exposed as a result of a cyber-intrusion aiming at stealing identities.

In the case of retailers, although security measures are definitely higher, the information stored on the systems is a prize valuable enough for cybercriminals to devise ways of compromise.

Number of records exposed is not relevant for the moment

The difference in that the amount of data revealed to unauthorized individuals is not too relevant, since it is based on incomplete data.

Furthermore, the report from ITRC counts as a data breach only incidents risking the exposure of social security numbers, credit or debit card numbers, credentials or medical records.

In some cases, such as the attack on JP Morgan Chase systems, only names, addresses, phone numbers and emails have been exposed, which are not taken into consideration by ITRC as data breach. If it did, this incident alone would have increased the number of leaked records by 83 million.

The report for 2013 from ITRC shows that nearly 92 million records have been compromised in 614 incidents. Again, many of the entries show zero records because the affected entities did not make the information public; also, not all entities have disclosed a cyber-attack on their network in the course of the year and attacks are often announced with a delay of a few months.

On the other hand, an analysis from Risk Based Security reveals that in 2013 there have been over 546 million records exposed in the US in a total of 1054 incidents.