The two most common sources of Health Insurance Portability and Accountability Act (HIPAA) breaches are unintended disclosure, such as misdirected emails and faxes (31%) and the physical loss of paper records (24%), which is particularly prevalent among healthcare organizations.
Those findings come from Beazley Breach Response (BBR) Services, an Atlanta company providing breach response insurance. It recently announced findings from an analysis of more than 1,500 data breaches at a meeting of the International Association of Privacy Professionals (IAPP). Breaches handled by the company have affected more than 14 million people.
These are expensive
Among the data breaches serviced by Beazley in 2013 and 2014, breaches due to malware or spyware represented only 11% by number of breaches in 2013 and 2014. However, they have been increasing, with the total number of breaches in this category growing by 20% between i2013 and 2014. Due to heavy forensics costs (money spent to find out exactly how the breach occurred), these breaches are on average 4.5 times more costly than the largest loss category, unintended disclosure, explains Katherine Keefe, JD, head of Beazley Breach Response.
"With more information being stored electronically and in the cloud, the risk of data breaches is growing," Keefe says. "Consumers expect their privacy will be protected, and a data breach can have serious reputational and financial impact."
Most breaches are avoidable with appropriate training and security measures, says Keefe, noting the particular need for encryption services for large-scale computer networks and mobile services. (See p. 4 for tips on avoiding a data breach.)
