Numerous industries experience patient data breaches
Patient data breaches extend beyond the healthcare sector, with a recent study of businesses in countries including Australia finding that the breaches affect 90% of the industries examined.
The study by Verizon Enterprise Solutions found that despite the ubiquity of such breaches, companies in many industries are not even aware they retain patient data, let alone that this data is at risk.
But patient data is often held in sources including employee records, including workers compensation claims, or information for corporate wellness programs.
The report analysed more than 1900 data breaches in 25 countries including Australia and New Zealand and found that 18 of the 20 industries examined fell victim to such a breach.
It found that 392 million combined patient records were exposed in breaches which spanned industries including health care, agriculture, manufacturing, retail, finance, education and public service.
Uniquely among personal health information breaches, attacks are carried out by external and internal actors in roughly equal proportion.
The primary action of attack is lost portable devices, while the second most common cause of data breach is administrative error, such as sending a medical report to the wrong recipient. Combined with employees abusing their privileges to access the data, these three actions account for 86% of health data breaches.
Report lead author Suzanne Widup said there could be major consequences for the healthcare sector if patients lose faith in the security of their private information.
“Healthcare organisations need to realise that patients trust them with their data, and if that trust is broken, the implications can be huge,” she said.
“[Patient data breaches] can lead to significant consequences impacting an individual and their family and increasing healthcare costs for governments, organisations and individuals. Protected health information is highly coveted by today’s cybercriminals.”
Cyber lessons from 2025: why human risk will define 2026
Success in 2026 will come from building security into the rhythm of business, where technology,...
2026 will be the year identity defines cyber defence
2025 gave us an initial look at what happens when AI scales faster than identity controls.
How to harness AI to advance cybersecurity
Organisations that prioritise AI-enabled security and a culture of continuous learning...
