Human error to blame for almost half of all data breaches: report

Human error accounts for almost half of all data breach incidents, a review of data from the Information Commissioner’s Office has suggested.

Analysis by Egress Software Technologies also revealed that the healthcare sector suffered – with 2,247 – the highest number of incidents between January 2013 and December 2016. These accounted for 43% of all reported incidents in the time period.

The sector with the second highest number of reported incidents was local government, with 642 or 11% of the total.

Egress said that while healthcare had the highest volume of incidents, others were increasing more rapidly. The courts and justice sector experienced the most significant increase in incidents, up 290% since 2014, placing it in the top five worst affected sectors by the last quarter of 2016.

Egress said analysis of the 221 incidents occurring between October and December 2016 revealed that the top-ranking incident types were:

• Theft or loss of paperwork – 24%
• [Other principle 7 failure] – 22%
• Data faxed/posted to incorrect recipient – 19%
• Data sent by email to incorrect recipient – 9%
• Failure to redact data – 5%

Tony Pepper, CEO and co-founder of Egress, said: “While it’s clear there is a security problem in healthcare, these figures show that it is as much about internal activity as external threat.

“There’s no doubt that someone inadvertently emailing a spreadsheet containing sensitive patient details to the wrong person isn’t as good a headline as a ransomware attack, but that does not diminish the threat it poses.”

Earlier this week the ICO imposed a £150,000 monetary penalty on Basildon Council after it published sensitive personal information about a family in planning application documents that were made publicly available online.