Healthcare
Healthcare is a data-rich industry sector and as such has some extensive security regulations to adhere to. The main body of regulations used within this sector is the Health Insurance Portability and Accountability Act (HIPPA) and the Health Information Technology for Economic and Clinical Health Act (HITECH).
HIPPA

HITECH
HITECH was introduced in 2009 as a way of encouraging the use of Electronic Health Records (EHR). HITECH is a separate law to HIPPA but they work in symbiosis. HITECH, for example, has set fines for non-compliance of HIPPA security regulations.
The HIPPA Omnibus rule, introduced in 2013, strengthens the main security requirements of HIPPA and sets the expectations of the breach notification rule to cover any breach of over 500 individuals. The breach must be reported to the U.S. Department of Health and Social Services, and the details made publicly accessible.
Statistics:
Frequency |
655 incidents, 472 with confirmed data disclosure |
Top Patterns |
Ransomware, Miscellaneous Errors, Basic Web Application Attacks and System Intrusion represent 86% of breaches |
Threat Actors |
External (61%), Internal (39%) (breaches) |
Actor Motives |
Financial (91%), Fun (5%), Espionage (4%), Grudge (1%) (breaches) |
Data Compromised |
Personal (66%), Medical (55%), Credentials (32%), Other (20%), (breaches) |