If you have any departmental or Trust news you'd like to share, please get in touch.

More than 60% of personal data breaches reported to the Information Commissioner’s Office (ICO) this year were caused by human error, with healthcare the most-affected sector.

Figures obtained by data security solutions firm Egress via a Freedom of Information (FOI) request reveal that 4,856 breaches were reported to the ICO between 1st January and 20th June 2019.

Of those incidents, nearly half (43%) was the result of incorrect disclosure – made up of 20% posting or faxing data to the incorrect recipient, 18% emailing information to incorrect recipients or failing to use Bcc, and 5% providing data in response to a phishing attack.

The remaining 17% was due to data or wrong data shown in a client portal, failure to redact, incorrect disposal of paperwork, loss/theft of paperwork left in insecure location or verbal disclosure of personal data.

Healthcare topped the list of industries most likely to suffer a personal data breach, with the ICO reporting that 18% of all breaches were reported within the sector, compared with 16% within central and local government, 12% within education, 11% within justice and legal, and 9% within financial services.

Tony Pepper, CEO of Egress, said: “The healthcare sector persistently tops the list when analysing the sectors affected by data breaches. This is very concerning, especially given the nature of the data. Why this particular industry continues to suffer from internal breaches is worrying and the sector must quickly take action to identify how it can work towards mitigating the insider threat.”

“These statistics are alarming. All too often, organisations fixate on external threats, while the biggest cause of breaches remains the fallibility of people and an inherent inability of employees to send emails to the right person,” said Pepper. “Not every insider breach is the result of reckless or negligent employees, but regardless, the presence of human error in breaches means organisations must invest in technology that works alongside the user in mitigating the insider threat.”


Like what you see?

Hit the buttons below to follow us, you won't regret it...