More than 75 million records have been compromised this year in approximately 568 breaches, according to the most recent breach report by the Identity Theft Resource Center.
Last year at this time, only 439 breaches had been reported, representing a 29.4 percent increase. The breach count was last updated on September 23 and includes Home Depot's incident, which affected at least 56 million records. The nonprofit group counts Social Security Numbers, driver's license numbers, medical records, or payment card information as a record.
Medical and health care organizations accounted for the majority of breaches, at 43.5 percent. Last year, businesses accounted for 84 percent of breaches. The dramatic switch in targets, or impacted industries, could be indicative of a lack of education or resources in the health care field.
Canh Tran, CEO of RippleShot, a Chicago fraud prevention vendor, said as compared to the finance industry, hospitals don't see their primary purpose as investing in security solutions. Banks, however, are, “in the business of protecting their data and finances,” Tran said in a Monday interview with SCMagazine.com.
“They [electronic financial records] are the equivalent of a 21st century vault,” Tran said. “For hospitals, they might not have the resources," which might make them a target for attackers, "because they're not going to be as vigilant [as banks].”
Plus, with health records, cyber gangs or attackers can open multiple accounts or receive multiple cards, instead of just one, Tran added. The newly issued cards are also harder to detect.
Even as data breaches grow year over year, as the report indicates, Tran thinks fraud will never totally dissipate.
“I look at fraud like it's a balloon,” he said. “You squeeze one end and it comes out somewhere else.”
If point-of-sale (POS) systems are ever completely secured, the attacks on their systems will shift to something else, for instance.
Marc Malizia, CTO of RKON Technologies, an IT consulting company, seconded Tran's thoughts on data breaches not being stopped any time soon.
“I think it will escalate from here until companies start taking the threat seriously and put the resources and cutting edge technologies in place to protect these devices” Malizia said in a Monday email to SCMagazine.com. “The market for stolen data or compromised server access is growing, providing a perfect haven for these criminals."