Health organisations most likely to suffer data breaches ICO figures show
Healthcare organisations are the most likely to be investigated by the Information Commissioner’s Office (ICO) due to breaches of the Data Protection Act, new figures have revealed.
The data, obtained by NCC Group through freedom of information requests, showed that there were 260 separate ICO investigations into healthcare organisations between 1st April 2012 and 3rd February 2016, with the number growing each year.
The next most-investigated industries were “general business” at 169, local government at 159 and lenders at 146 investigations over the period.
Investigations are opened by the ICO if an organisation suffers a data breach or is responsible for data loss, therefore falling foul of the Data Protection Act.
“This is an unenviable trophy for the healthcare sector,” said NCC Group CEO Rob Cotton. “Consumers often implicitly trust healthcare providers with their data – and in most cases cannot simply opt out of giving it to them.
“It’s an industry that’s facing budgetary pressures, which means sound security defences and cyber resilience may be lower down the priority list than they should be.
“It’s also a sector increasingly looking to highly-connected technology to provide increasingly life-critical healthcare services. This drive to technology coupled with budgetary challenges carries with it the risk of creating a perfect storm with real-life impact in the near term.
“The healthcare industry is often seen as an easy target due to a wealth of legacy infrastructure, which can at times make data breaches trivial for cyber criminals, but also low levels of training and awareness within the staff base coupled with a need to ‘just get the job done’ can lead to inadvertent exposures.
“Medical records will always have value on the black market and the victims are often vulnerable, so the attraction of healthcare is unlikely to disappear any time soon.”
Overall, there were 1,592 ICO investigations between April 2012 and February 2016. The number is rising each year, from 293 in 2012/13 to 499 in 2015/16.