In a world where data is power, it is important to know which industries are at high risk of data breaches. You probably think banks and financial services firms are the number one targets for hackers, right? Wrong. Cyber-crime is on the rise and no corporation or government agency is immune to data breaches. According to Recent research the 4 most breached industries are:
TOP 4 INDUSTRIES
2017 figures put healthcare at the top of the list when it comes to industries with the highest data breaches. According to the Information Commissioners Office the health sector accounts for 43% of all data breach related incidents.
Perhaps this sector’s vulnerability can be seen in the slow uptake in IT security, as well as spending cuts making it hard for healthcare to make room in budgets for IT investment. In addition, this sector could be a red-hot target due to the wealth of personal information they hold onto, patient records sell for a premium on the black market.
The PWC Health Research Institute states the estimated cost per patient record is $200, this includes post-breach costs such as lost business due to reputational damage. The cost to prevent a breach however, is only $8 per patient record, this is a strong motivational point for healthcare institutions to spend more to prevent cyber intrusions.
Here is the perceived favourite! Due to the sector’s long history of cyber-incidents, many have invested extensively in upping their security. A recent case that shows despite their efforts attacks still occur is the attack on Tesco Bank. This is where hackers stole £2.5 million from customer accounts.
One of the biggest threats facing the financial sector unfortunately is from careless or compromised users. According to the Threat Intelligence Index 2017, this sector suffered more breaches than any other industry, with more than half of these coming from internal sources. Internal sources aren’t secluded to just employees, contractors or third-party suppliers also have access to sensitive data so are just as liable to blame.
According to a recent Fraud & Risk Report, 88% of manufacturing CEO’s reported their company fell victim to at least one instance of fraud in the last 12 months. This is far from a shock. Within manufacturing sits the likes of automotive, pharmaceuticals, chemical and defence organisations who all hold onto large amounts of critical data.
Most of this data is in the form of research & development, trade secretsand intellectual property patents, thus proving it to be extremely valuable information for anyone engaging in corporate espionage. Information theft and loss of attack were the most common forms of fraud experienced by this sector.
Transport networks are connected internationally to streamline processes, however, while internet-based tracking, navigation and communication tools are most certainly efficient they also create entry points for hackers.
For instance, the NotPetya malware on Maersk in 2017 cost the shipping mogul roughly $300 million. It’s not always external hackers whom are to blame.
NOTABLE DATA BREACHES 2018
CAREPLUS HEALTH PLANS
CarePlus Health Plans, a Florida-based health insurance provider is notifying customers of a privacy breach which occurred in January. This breach occurred due to programming and printing errors, leading to Explanation of Benefits letters being mailed to the wrong CarePlus members. This disclosed information including personal financial information and Social Security numbers. More specifically individual’s member name, identification number, plan name, date of service, provider of service and services provided. Roughly 11,200 members were exposed as a result of this breach.
Researchers from Kromtech Security discovered the personal information of 119,000 FedEx customers sitting on an unsecured Amazon Web Services cloud storage server. These customers had their passports, driver’s licenses and other documentation accessed. The scanned ID’s originated from countries all over the world, as well as being attached to personal information such as, names, home addresses, phone numbers and post codes.
BJC HealthCare discovered a wrongly configured server exposing the scanned document images of 33,420 patients. This company includes 15 hospitals and other health service organisations. This server was left unsecured from May 2017 through to January 2018, revealing driver’s licenses, insurance cards, addresses, social security numbers, telephone numbers, treatment records, and other personal information.
HACKER RING BACKED BY IRAN
A government backed hacker ring was discovered by the U.S. Justice Department. The hackers systematically hacked into the computer networks of 144 U.S. universities, by performing a phishing scam and breaching email accounts of roughly 4,000 professors. Once access was gained the hackers stole 31 terabytes of intellectual property, totalling $3.4 billion worth of damages. In addition, the Iranian hackers attacked 36 private American companies and infiltrated 5 U.S. government agencies, stealing the emails associated with thousands of accounts.
Roughly 150 million users of MyFitnessPal app owned by Under Armour have had their personal details leaked in a data breach, including usernames, passwords and email addresses, the kind of information that leads to identity theft. The app not only tracks calories and the number of steps an individual has done in a day, it also knows where they are and at what time.
ST. PETER’S SURGERY & ENDOSCOPY CENTRE
St. Peter’s Surgery & Endoscopy Centre, has reported a data breach discovered on January 8th, according to their report 134,5112 individuals have been impacted after a third party gained access to hospital servers. The compromised info included patient names, date of birth, addresses, dates of service, diagnosis codes, procedure codes, insurance information, Medicare and social security numbers.
Bakery-café Panera Bread has left the information of up to 37 million customers in plain text accessible from its website. Customers who have created an account to order online can expect their full name, email and physical address, phone number, birthday and last four digits of credit or debit card to have all been compromised. Additionally, the companies catering application was also impacted.
SAK’S FIFTH AVENUE
Owner of retail stores Saks Fifth Avenue and Lord & Taylor, Hudson’s Bay Company confirmed that hackers stole the data of more than 5 million credit and debit cards. Analysis shows that the breach of payment systems began in May 2017. Those responsible have begun selling customers’ credit and debit card information on the dark web, 125,000 payment cards have been released so far.
Atlanta bank, SunTrust experienced a data breach impacting 1.5 million clients. This breach occurred due to a former employee whom exposed customer names, addresses, phone numbers and account balances.
UnityPoint Health, a network of hospitals, clinics and home care services announced that 16,000 people have been affected in this incident. Several employees’ email accounts were compromised after a successful phishing attack, these accounts could have been accessed since 1st November 2017. This information exposed included patients Social Security numbers and Financial information.
HOW MOBLICITI CAN HELP YOU
The industries above are just the top four, no sector is 100% data breach free, this is where Mobliciti come in, we can mitigate the stress of dealing with these challenges. We can offer you an abundance of fully managed services to suit your business’ specific needs. Mobliciti harnesses the most innovative and secure technologies to make your business secure and give you piece of mind.
Our managed services are Secure, Flexible, Scalable, built using our best of breed technology solutions and delivered by our experienced support and delivery teams. We allow customers to remove the risk and retain the control over the increasingly complex worlds of Mobile, Wireless and Cloud. Get in touch today to find out more.