Data breaches in 2015

The numbers are in for our data breach report 2015. Breaches identified in this report have been tracked since 2005 by the ID Theft and Resource Center. Breaches occur electronically or in paper format and include only those instances that were reported. Some businesses don’t report data breaches because of the embarrassment it causes, loss of goodwill, and the liability involved. However, the government is taking steps to get these incidents reported so we understand how thieves are using the data in order to help prevent breaches from occurring.

A shift occurred during the last six months of 2015 that was reported  in the first six months of 2015. Data sold on the black market is increasing and many times networks go undetected for as long as 24 months before companies realize an  intrusion took place. The data stolen is no longer used for  financial gain, but hackers are using security breaches to embarrass the government, and our nation as a whole. This is evident from security breaches that occurred last year beginning with the White House in April, the Office of Personnel Management in June, the FBI in December of 2015, and the Department of Homeland Security in January of this year.

Business tops security breach list 2015

Hackers are not targeting just our government. The government and our military only represent 8.1% of all reported data breaches last year. The shift this year is the increased number of data breaches to our business sector. Breaches to businesses jumped 8% in 2015 to represent 39.9% of all data breaches. Small businesses like pizza places and delis, as well as large retailers like Kohl’s and Amazon have all fallen victim to security breaches in 2015. Resorts, casinos, and vacation spots were also hit hard because they obvious places where large numbers of people use credit cards.

Private Medical Practice security breaches “common”

The medical and healthcare industry was the second hardest hit number of breaches in 2015. Nearly 113 million PHI records were lost or stolen despite strong HIPPA laws. Employee error and theft of devices still remains the highest cause of breaches; however, hacking and unauthorized access to network has doubled over the past 3 years (US Dept. of Health and Human Services, 2016). In 2015, the OCR resolved over 24,000 HIPPA cases requiring changes to privacy laws; 29 of those cases resulted in fines of over $27,974,400. Each incident can cost as much as $1.5 million. The most common type of entity required to take corrective action was private practices (US Dept. of Health and Human Services, 2016.)

It would seem that no one is immune to data breaches; and hefty fines and the high cost of losing a client’s trust is a risk that every entity should try to prevent. The question is, are you doing everything you possibly can to prevent a security breach?