A new report by Verizon Enterprise Solutions says more than half of all Americans have been the subject of health care data breaches since 2009. The information has been used for everything from identity theft to access to critical infrastructure.
The company’s annual Protected Health Information Data Breach Report focuses on incidents from across 25 countries–87% of which involved American records. Verizon found that the health care sector, as a whole, has cyberattack rates that are far higher than in any other sector; since 1994, there have been about ten times as many attacks on servers belonging to health entities than on those associated with industries like finance and government.
According to study author Suzanne Widup, approximately 45% of intrusions are due to hackers breaking into systems or data being lost (like when researchers leave laptops in public places or lose their phones in taxis)–while another 20% stem from people who already have access to systems snooping on patient information. This can be the result of seemingly innocuous breaches of privacy, like hospital employees looking up celebrities’ health records for fun.
One of the most concerning issues, Verizon noted, was that most companies that store health care data use little to no encryption, and one in five breaches takes years to spot.