The UK suffered as many as 40 reported data breaches in the first half of 2017, losing more than 28 million data records to hackers in the process.
The government, tech firms and healthcare organisations, particularly NHS trusts, bore the brunt of data breaches so far this year.
The eye-opening Breach Level Index compiled by digital security firm Gemalto for the first half of 2017 brings some not-so-encouraging news for the cyber security industry. Even though the government has made the right noises and a number of firms have stepped up investments in cyber security, the UK saw the number of data breaches rise by 164% compared to the second half of 2016.
Out of the 28,331,861 data records that business organisations, healthcare firms and tech companies lost to data breaches in the first half of 2017, 26 million were lost in a single incident suffered by the NHS.
As far as the NHS is concerned, the data breach incident report for the second half of the year may not look pretty as well, considering that the NHS has suffered several incidents of data breach in the past couple of months.
Last month, personal details of as many as 500 NHS doctors were exposed after an internal spreadsheet containing their details was published online. Details in the spreadsheet included National Insurance numbers, email addresses, and home addresses of the 500 doctors.
Two weeks later, hackers managed to steal sensitive information of 1.2 million patients from an NHS contractor’s systems. The compromised details included names, phone numbers, email addresses, and passwords of 1.2 million NHS patients.
A report published by an independent panel of experts including Dr Julian Huppert, a former researcher at the University of Cambridge, also confirmed that NHS doctors were using SnapChat to sent patient scans to one another, thereby endangering such sensitive data.
The Breach Level Index published by Gemalto also reveals that of all data breach incidents that took place in the UK in the first half of this year, half of them were caused by malicious outsiders and 38% of them were caused due to accidental loss, invariably caused by human error.
65% (nearly two-thirds) of all data breach incidents have also been classified as identity theft by the report, with the government suffering as many as 12 out of the 40 reported incidents of data breach. In June, hackers had infiltrated as many as 90 email accounts belonging to MPs including Prime Minister Theresa May as well as several of her cabinet colleagues. A parliamentary spokesman confirmed that these accounts were protected by weak passwords and were thus exploited by hackers.
Technology firms and healthcare organisations suffered 7 and 6 incidents of data breach respectively in the same period.
“Cyber-attacks are still costing businesses in the UK time, money and investment to defend against and rectify,” says Joe Pindar, Director of Product Strategy, CTO at Gemalto.
“Despite this, there has been an overall decrease in reported data breaches in the UK in the last six months, signalling the ongoing efforts of businesses to improve their cybersecurity. It’s important to remember that no business ever sets out to suffer a data breach, and that they are ultimately victims of the efforts of malicious attackers.”
“With the UK Government’s newly proposed Data Protection bill aiming to implement GDPR into UK law, it’s time consumers and governments began to recognise the efforts of those businesses going the extra mile to keep their data secure. No matter how compliant a business is, or what measures they have in place, it only takes one mistake to allow a hacker access to vulnerable data,” he adds.