Health Care, Ransomware Face Extra Scrutiny in Annual Verizon Data Breach Report


Data Breach
James Anderson

James Anderson

Ransomware accounted for 39 percent of malware-related data breaches last year, according to a new study by Verizon.

The continued rise of ransomware was one of the many findings of the 11th annual Verizon Data Breach Investigations Report (DBIR). The 68-page study examined more than 2,200 data breaches and more than 53,000 security incidents. The findings reveal an increasingly common and elegant form of ransomware.

David Hylender, senior network analyst and principal with Verizon, tells Channel Partners that ransomware began appearing in the DBIR case load approximately three years ago. The number doubled in 2016 and doubled again in 2017 to 39 percent of malware breaches.

“That’s getting pretty close to half,” Hylender said. “That’s a big deal. And in addition to becoming more common, it is becoming somewhat more advanced.”

Source: Verizon DBIR

Source: Verizon DBIR

The report concluded that ransomware incidents are more increasingly going into “business critical” systems like servers and databases. The monetary demands of cybercriminals are, in turn, growing.

Health Care an Outlier

While ransomware affects every industry, Hylender notes that it accounts for 85 percent of malware in health care. He cited strict compliance measures like HIPAA and HITECH that subject health organizations to scrutiny similar to that of government agencies.

“They have to disclose things that other organizations may not have to report publicly,” he said. “Therefore, the number goes up.”

This vertical yielded different results in multiple categories compared to its counterparts. In addition to reporting a higher proportion of ransomware, health care was the only industry in which more incidents came from the inside (56 percent) than from the outside.

The study called human error one of the major factors for the prevalence of insider threats. Bryan Sartin, Verizon’s executive director, security professional services, said businesses must better educate their employees about cyber-related crime.

“Employees should be a business’ first line of defense, rather than the weakest link in the security chain. Ongoing training and education programs are essential,” Sartin said. “It only takes one person to click on a phishing email to expose an entire organization.”


Health care’s insider-threat problem was a major contrast to the rest of the overall study, in which Verizon found that outsiders perpetrated 73 percent of breaches.

The conclusions of the study disagree with other reports that say …

Pages:  1 2 Next

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 98860