Biglaw

BakerHostetler Report Reveals Employee Negligence is Primary Cause of Security Breaches
Download PDF
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

A report recently released by BakerHostetler shows that employee carelessness was a leading cause of security breaches in 2014.

Summary: A report recently released by BakerHostetler shows that employee carelessness was a leading cause of its clients security breaches in 2014.

BakerHostetler’s Privacy and Data Protection team has released a report stating that the primary cause of its clients’ security breaches in 2014 was human error. According to CSO Online, employee negligence was a primary cause of breaches in 36 percent of its clients’ cases. Outside theft was responsible for 22 percent, insider theft for 16 percent, malware for 16 percent, and phishing for 14 percent of the breaches. The data is based on over 200 incidents, and, although the sample size of the group is fairly small, the numbers reflect what bigger reports have also found. The chair of the U.S. Securities and Exchange Commission, Mary Jo White, has said that cyber-attacks against the United States are the “biggest risk we face,” according to Bloomberg.

  
What
Where


No industry is immune to such a breach, but the healthcare industry suffered the most incidents in 2014, primarily due to strict notification requirements.

BakerHostetler just added a 30-attorney team to its firm.

The healthcare industry is followed by retail and hospitality, financial services, professional services, and education in the amount of breaches suffered. Although the healthcare industry had the largest number of incidents, the types of incidents that hit the professional services industry were the most severe in nature.

Get JD Journal in Your Mail

Subscribe to our FREE daily news alerts and get the latest updates on the most happening events in the legal, business, and celebrity world. You also get your daily dose of humor and entertainment!!






Are you surprised that employee negligence is the primary cause of these breaches?

View Results

Loading ... Loading ...

The report read, “While PHI incidents are disclosed more frequently, driven in part by HIPAA presumption that a breach occurred, the severity when measured by number of affected individuals is often less (many incidents affect less than 10 people). It is also not surprising that professional services and retail/hospitality services providers top the list when it comes to severity. And because incidents affecting these sectors often require forensic investigation and draw more media coverage, the cost and potential financial consequences are dramatically higher on a per-incident basis.”

Interestingly, most incidents are not self-detected, but BakerHostetler’s clients discovered the breaches 64 percent of the time.

Most of the clients dealt with electronic breaches, but 21 percent were paper-related, which is not surprising, considering most medical offices and law firms use paper records.

In 2013, the firm merged with Woodcock Washburn.

Most of the clients offered credit monitoring after the breaches occurred. The report noted, “Whether paper or electronic, the data at risk that led to the decision to notify in 58 percent of our incidents was data subject to state breach notification laws, such as Social Security or driver’s license numbers and financial account information. Health information was affected in 34 percent of the incidents and eight percent involved payment card data.”

As for regulatory action, less than five percent called for multi-state inquiries, and just 59 cases required notifying the state attorney general. According to the Wall Street Journal, new laws are being proposed that would not require companies to disclose minor breaches.

Retail clients suffered fines and assessments from four credit card brands that ranged from $5,000 to $50,000. The initial demand for fraud assessment and operating expense ranged from $3 to $25 per card.

Legislators met to discuss online security after Healthcare.gov was hacked.

Gerald Ferguson, the co-leader of BakerHostetler’s Privacy and Data Protection Team, said, “While sophisticated software and monitoring/detection systems have become more widely adopted, our data suggests that many security breaches still result from low-tech missteps. Chief information security officers should combine general security awareness training with state-of-the-art data security architecture, to minimize vulnerabilities.”

Clearly, humans are still the highest risk for such breaches, and the issue unfortunately does not have a simple fix.

Source: CSO Online

Photo credit: lasclev.org

 



 

RELEVANT JOBS

Associate Attorney

USA-PA-Exton

ASSOCIATE ATTORNEY McKenna Snyder LLC, a law firm in Exton, PA has an immediate opening for an ex...

Apply now

Attorney

USA-MI-Sturgis

Qualifications: HaasCaywood is seeking associate attorneys for our Coldwater and Sturgis, Michiga...

Apply now

Attorney

USA-MI-Coldwater

Qualifications: HaasCaywood is seeking associate attorneys for our Coldwater and Sturgis, Michiga...

Apply now

Deputy General Counsel / Senior Deputy General Counsel

USA-CA-Sacramento

Cal Cities Culture and Mission Cal Cities is dedicated to creating a collaborative and inclusive ...

Apply now

BCG FEATURED JOB

Locations:

Keyword:



Search Now

Education Law Attorney

USA-CA-El Segundo

El Segundo office of a BCG Attorney Search Top Ranked Law Firm seeks an education law attorney with ...

Apply Now

Education Law Attorney

USA-CA-Carlsbad

Carlsbad office of a BCG Attorney Search Top Ranked Law Firm seeks an education law attorney with 4-...

Apply Now

Education Law and Public Entity Attorney

USA-CA-El Segundo

El Segundo office of a BCG Attorney Search Top Ranked Law Firm seeks an education law and public ent...

Apply Now

SEARCH IN ARCHIVE

To Top