we losing the war on cyber criminals. One of the newer reasons is "wetware" as noted in the article below.
Wetware: The Major Data Security Threat You've Never Heard Of
Posted: 05/14/2015 7:06 am EDT Updated: 05/14/2015 9:59 am EDT
For the first time, according to a recent study, criminal and state-sponsored hacks have surpassed human error as the leading cause of health care data breaches, and it could be costing the industry as much as $6 billion. With an average organization cost of $2.1 million per breach, the results of the study give rise to a question: How do you define human error?
More than half of the respondents in the Ponemon Institute's Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data, said their organization's incident response team was underfunded or understaffed and roughly one third of respondents had no incident response plan in place at all--zip, nada, zilch--a fact that beggars the imagination at a moment when breaches have become the third certainty in life, and one that highlights the seeming no-show of the "first do no harm" approach to patients on the data breach-prone operations side of the health care industry.
While it is disconcerting that there isn't a more robust incident response culture out there, perhaps more worrisome is the seeming lack of best practices pointed at heading off the problem before it happens. That's where a new term comes into play.
Wetware is a term of art used by hackers to describe a non-firmware, hardware or software approach to getting the information they want to pilfer. In other words, people. (The human body is more than 60 percent water.) Wetware intrusions happen when a hacker exploits employee trust, predictable behavior or the failure to follow security protocols. It can be a spearphishing email, a crooked employee on the take or a file found while Dumpster diving -- and, of course, all stripe of things in between. Whatever it is, there's a human being involved.
The findings of the Ponemon Institute study point to the dire need for better wetware precautions when it comes to the security of health care records. Consider that 40 percent of the health organizations in the study reported more than five breaches in the past two years.
According to the study, since 2010 "the percentage of respondents who said their organization had multiple breaches increased from 60% to 79%." Also by no means inconsequential is the fact that medical identity theft -- where an imposter uses a victim's credentials to obtain health care--nearly doubled in the past five years, from 1.4 million adult victims to more than 2.3 million in 2014.
The breaches comprising these figures were not all the size or severity of Anthem or Premera, which combined leaked extremely sensitive personally identifiable information like Social Security numbers, birth dates and bank account numbers belonging to more than 91 million consumers. While the $2.1 million average cost to health care organizations is eye-catching, it involved incidents with an average of 2,700 lost or stolen records, a figure that runs the gamut from Anthem and Premera to breaches that were decidedly on the smaller side.
As Larry Ponemon rightly pointed out in an interview with Dark Reading, while many of the incidents involved the exposure of "less than 100 records," that in no way trivializes those events. According to the study, "Many medical identity theft victims report they have spent an average of $13,500 to restore their credit, reimburse their health care provider for fraudulent claims and correct inaccuracies in their health records."
With 91 percent of the health care companies who responded to the study's questions reporting at least one incident in the preceding two years, it's clear that whatever we're doing to address the health care breach problem is woefully inadequate. What's more, it is clear that the problem is wetware. Better practices need to become part of the work culture in the health care industry.
When participating organizations in the study were asked what worried them the most (with three responses permitted), 70 percent said the biggest concern was a negligent or careless employee. That figure was followed by 40 percent of respondents who thought cyber attackers were the bigger worry and 33 percent who were worried about the security of public cloud servers. Respondents also cited insecure mobile apps (13 percent) and insecure medical devices (6 percent).
With 96 percent of respondents saying that they had a security incident involving lost or stolen devices, the fact that cyber attacks -- state-backed and criminal -- are the leading cause of breaches should keep you up at night, but the more terrifying take-away here is that doubtless many of those attacks wouldn't be possible were it not for the human factor. There is plenty of overlap between the proactive criminal and the clumsy employee to make these figures start to seem like so much digital rain in a lost scene from "The Matrix."
These days, smartphones and tablets are on the most-compromised or stolen list. Earlier on in the data breach pandemic, laptop computers and desktops were at the top of that list. While it is interesting on some level how the information gets compromised, at the end of the day, a breach is a breach is a breach. Health care industry: you're all wet.
The bottom line here is that hackers of all stripe are having a field day because the wetware problem has been largely unaddressed, and until people become the alpha and omega of the process that leads to a zero tolerance solution, data breaches will continue apace.
Good Netiquette And A Green Internet To All!
Great Reasons for Purchasing Netiquette IQ
· Get more email opens. Improve 100% or more.
· Receive more responses, interviews, appointments, prospects and sales.
· Be better understood.
· Eliminate indecision.
· Avoid being spammed 100% or more.
· Have recipient finish reading your email content.
· Save time by reducing questions.
· Increase your level of clarity.
· Improve you time management with your email.
· Have quick access to a wealth of relevant email information.
Enjoy most of what you need for email in a single book.
**Important note** - contact our sister company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.