The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

California Attorney General Publishes 4-Year Data Breach Report

Posted By on Feb 17, 2016

California Attorney General Kamala D. Harris has released a new data breach report on the security incidents reported to her office over the past four years. She criticizes organizations that have allowed the privacy of Californians to be violated.

She points out that in almost all cases the data breaches reported to her office since 2012 occurred as a result of tardiness in the application of patches to address known security vulnerabilities. She also said that in the majority of cases, patches to address exploited vulnerabilities had been available for more than a year.

The Majority of Data Breaches Could Easily Have Been Prevented

Harris is under no illusions that the threat of attack from skilled cybercriminals and foreign-government-backed hacking groups is greater than ever before and security risk cannot be reduced to zero. However, she points out that companies doing business in California must do more to protect the privacy of state residents.  She wrote, “It is clear that many organizations need to sharpen their security skills, training, practices, and procedures to properly protect consumers.”

By adopting industry best practices and applying basic cybersecurity measures the majority of data breaches can easily be prevented. She also points out that companies voluntarily choosing to store sensitive consumer data have a legal responsibility to implement security controls to ensure those data are secured and remain private.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Harris says that the data breach report is a starting point that should serve as a “call to action” for all companies doing business in the State of California to improve security controls to protect the privacy of state residents.

In the four years under study, the private and confidential data of almost 50 million Californians have been exposed or stolen by cybercriminals.

The data breach report covers the period from 2012 to the end of 2015. During that time, the California Attorney General’s office received 657 reports of data breaches that affected more than 500 individuals.

The data breach report shows that instead of improving the situation is getting worse. One in three Californians had their confidential data exposed in 2015 alone. Over 24 million records were exposed in 178 data breaches last year. In 2012, when the attorney general’s office introduced new state legislation requiring data breaches to be reported, 131 data breaches occurred exposing 2.6 million records.

Hacking and Malware Compromised the Most Records and Caused the Majority of Data Breaches

In the majority of cases, data breaches were the result of hacks, malware, and the actions of cybercriminals, although breaches also occurred as a result of lost and stolen devices, the actions of malicious insiders, and negligence.

Medical data were exposed in 19% of all reported data breaches, and 24 million Social Security numbers were exposed over the four-year period. Healthcare data breaches accounted for 16% of the total. 18% of data breaches affected companies operating in the financial sector, although it was the retail industry that was hardest hit, accounting for 25% of all data breaches and 42% of all exposed records.

The report points out that data breaches can affect organizations of all sizes. Hackers do not only go after the big players in each industry sector, Smaller organizations can just as easily be targeted. They are often attacked because they are the easiest targets, typically having less robust security controls. 15% of all data breaches over the four-year period were reported by small businesses.

The biggest threat to data security is hacking and malware. 365 of the 657 data breaches (54%) were the result of hacks and malware infections. It is these cyberattacks that tend to expose the most data. 90% of all records were exposed or stolen as a result of hacks and malware. 17% of data breaches in 2015 were the result of physical breaches such as lost and stolen devices, while errors caused around 17% of data breaches. Half of all government breaches were the result of human error.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist