Biglaw

BakerHostetler Report Reveals Employee Negligence is Primary Cause of Security Breaches
Download PDF
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

A report recently released by BakerHostetler shows that employee carelessness was a leading cause of security breaches in 2014.

Summary: A report recently released by BakerHostetler shows that employee carelessness was a leading cause of its clients security breaches in 2014.

BakerHostetler’s Privacy and Data Protection team has released a report stating that the primary cause of its clients’ security breaches in 2014 was human error. According to CSO Online, employee negligence was a primary cause of breaches in 36 percent of its clients’ cases. Outside theft was responsible for 22 percent, insider theft for 16 percent, malware for 16 percent, and phishing for 14 percent of the breaches. The data is based on over 200 incidents, and, although the sample size of the group is fairly small, the numbers reflect what bigger reports have also found. The chair of the U.S. Securities and Exchange Commission, Mary Jo White, has said that cyber-attacks against the United States are the “biggest risk we face,” according to Bloomberg.

  
What
Where


No industry is immune to such a breach, but the healthcare industry suffered the most incidents in 2014, primarily due to strict notification requirements.

BakerHostetler just added a 30-attorney team to its firm.

The healthcare industry is followed by retail and hospitality, financial services, professional services, and education in the amount of breaches suffered. Although the healthcare industry had the largest number of incidents, the types of incidents that hit the professional services industry were the most severe in nature.

Get JD Journal in Your Mail

Subscribe to our FREE daily news alerts and get the latest updates on the most happening events in the legal, business, and celebrity world. You also get your daily dose of humor and entertainment!!






Are you surprised that employee negligence is the primary cause of these breaches?

View Results

Loading ... Loading ...

The report read, “While PHI incidents are disclosed more frequently, driven in part by HIPAA presumption that a breach occurred, the severity when measured by number of affected individuals is often less (many incidents affect less than 10 people). It is also not surprising that professional services and retail/hospitality services providers top the list when it comes to severity. And because incidents affecting these sectors often require forensic investigation and draw more media coverage, the cost and potential financial consequences are dramatically higher on a per-incident basis.”

Interestingly, most incidents are not self-detected, but BakerHostetler’s clients discovered the breaches 64 percent of the time.

Most of the clients dealt with electronic breaches, but 21 percent were paper-related, which is not surprising, considering most medical offices and law firms use paper records.

In 2013, the firm merged with Woodcock Washburn.

Most of the clients offered credit monitoring after the breaches occurred. The report noted, “Whether paper or electronic, the data at risk that led to the decision to notify in 58 percent of our incidents was data subject to state breach notification laws, such as Social Security or driver’s license numbers and financial account information. Health information was affected in 34 percent of the incidents and eight percent involved payment card data.”

As for regulatory action, less than five percent called for multi-state inquiries, and just 59 cases required notifying the state attorney general. According to the Wall Street Journal, new laws are being proposed that would not require companies to disclose minor breaches.

Retail clients suffered fines and assessments from four credit card brands that ranged from $5,000 to $50,000. The initial demand for fraud assessment and operating expense ranged from $3 to $25 per card.

Legislators met to discuss online security after Healthcare.gov was hacked.

Gerald Ferguson, the co-leader of BakerHostetler’s Privacy and Data Protection Team, said, “While sophisticated software and monitoring/detection systems have become more widely adopted, our data suggests that many security breaches still result from low-tech missteps. Chief information security officers should combine general security awareness training with state-of-the-art data security architecture, to minimize vulnerabilities.”

Clearly, humans are still the highest risk for such breaches, and the issue unfortunately does not have a simple fix.

Source: CSO Online

Photo credit: lasclev.org

 



 

Interesting Legal Sites You May Like


BCG FEATURED JOB

Locations:

Keyword:



Search Now

Business Litigation Attorney

USA-CA-Santa Monica

Santa Monica office of our client seeks business litigation attorney with 1-3 years of experience. T...

Apply Now

Intellectual Property Litigation / Enforcement Associate Attorney

USA-CA-San Francisco

San Francisco office of our client seeks intellectual property litigation / enforcement associate at...

Apply Now

Corporate Attorney

USA-CA-Menlo Park

Menlo Park office of sophisticated boutique firm is seeking a corporate attorney with experience in ...

Apply Now

Mid-level Computer Science Patent Attorney

USA-CA-San Francisco

San Francisco office of our client seeks mid-level patent attorney with 3-5 years of intellectual pr...

Apply Now

RELEVANT JOBS

Associate Attorney

USA-OK-Oklahoma City

Hobbs Straus Dean & Walker, LLP, a national law firm with offices in Washington D.C., Portland, Okla...

Apply now

Oil and Gas Attorney – Houston or The Woodlands

USA-TX-Houston

Position requirements: JD with a strong academic record Must be licensed to practice law in th...

Apply now

PARALEGAL

USA-AZ-Tucson

Paralegal preferably with experience in Workers\' Compensation and other Civil Litigation.  Job...

Apply now

Litigation Secretary

USA-CA-Los Angeles

$25 - $30 an hour Part-time Downtown Los Angeles law firm with offices in San Diego and West P...

Apply now

SEARCH IN ARCHIVE

To Top