The Identity Theft Resource Center released an analysis of the number of publicly reported data compromises in the United States.
The Identity Theft Resource Center (ITRC) is a non-profit organization created to help prevent identity theft and help victims who have been impacted.
The organization released its quarterly report and had the following overall findings:
- There were fewer data compromises in 2023 Q1 (445) than in 2022 Q4 (512). However, according to the report, this quarter showed an increase in breaches with "no actionable information about the root cause."
- 60% of the Top Ten Compromises reported did not include information about the incident's root cause. The health sector reported the most compromises this quarter, as they have for the third quarter in a row.
- It's estimated that there were 89 million victims of data compromise in Q1.
- Supply chain attacks continue to be a common attack vector for personal information, as are ransomware attacks. Phishing also remains a prevalent cause of data breaches.
Why it matters
In this quarter, healthcare was listed as the most heavily impacted sector, with 81 compromises. Organizations like Independent Living Systems, LLC and Regal Medical Group, Inc had data breaches contributing to a large number of victims.
ITRC's report also outlined the major vectors of attack, listing cyberattacks, system and human errors, and supply chain attacks leading to the most potential identity theft victims.
Those in the healthcare sector should be concerned with the high level of threats the industry is facing and what they can do to ensure the security of their processes and networks.
What was said
According to a statement made by Eva Velasquez, President and CEO of ITRC, it's normal to see a drop in victims and compromises in Q1, as seen in this report. "It is troubling to see the trend of a lack of actionable information in data breaches continue from 2022," Velasquez added. Without a determined root cause of a risk, it can be difficult to secure vulnerabilities and prevent future attacks.
According to James E. Lee, Chief Operating Officer, there is also a trend about what information is being released. Lee said that some companies provide less information to patients and customers because "it's not required under state law," which can increase confusion and anxiety for potential victims.
The bottom line
The report outlines some of the concerns healthcare companies should be considering. Issues like human error and phishing can be resolved with in-depth training and protocols to limit vulnerabilities.
With the rise in attacks on healthcare data and the potential for negligence lawsuits, companies should be extremely vigilant when preparing for possible threats.