New IBM Cyber Security Report: Healthcare and Financial Institutions Among the Most Attacked

A recent report published by IBM’s Security Services offers valuable insight into the current landscape of cybersecurity risk. Through the aggregation of client data from 2015, the report provides topical information on subjects ranging from the most frequently attacked industries to the commonality found between types of attackers and their attacks. As the report makes abundantly clear, no business, especially those in the healthcare and financial sectors, remains exempt from cybersecurity threats.

According to the report, the five most attacked industries in 2015 were as follows:

  1. Healthcare
  2. Manufacturing
  3. Financial Services
  4. Government
  5. Transportation


Healthcare’s occupation of the top spot should come as no surprise. 2015 was so replete with healthcare data breaches that many, IBM included, described it as “the year of the healthcare breach.” Subsumed within the United States Health and Human Services (HHS), the Office of Civil Rights (OCR) enforces the Healthcare Insurance Portability and Accountability Act (otherwise known as HIPAA). As part of its enforcement duties, the OCR provides online notification for every breach of unsecured protected health information affecting 500 or more individuals. In 2015 alone, the OCR received notification from over 250 covered entities asserting a loss in excess of over 100 million records. Don’t believe me? Check out the public wall of shame for yourself. As alluded to within IBM’s report, this widespread cyber assault on the healthcare industry derives from the money criminals stand to collect from sale of stolen records on the black market. Featuring sensitive information as wide-ranging as one’s name, home address, social security/credit card numbers, and medical history, a breach of confidential electronic health records can be financially detrimental to the offending company and devastating to its victims, e.g.,  the unresolved Anthem and Premera Blue Cross class actions).


Healthcare dethroned the financial industry from its previous perch atop the IBM’s Most Attacked list, dropping it from first in 2014 to third in 2015. In IBM’s opinion, this is in large part attributable to the financial industry making a more concerted effort to enact preventable cybersecurity measures in lieu of major breaches in the preceding years. Yet, this concerted effort leaves a lot to be desired. According to the report, 2015 marked an 80% rise in the number of extortion-like breaches. With financial institutions implementation of consumer-friendly features like automated teller machines and apps for credit cards and mobile banking, the opportunity is rife for cyber attacks. Because of such opportunity for wrong-doing, federal, state, and private regulatory entities continue to promulgate cybersecurity rules and resources for financial institutions at a frightening speed. The Securities and Exchange Commission (SEC), the Federal Financial Institutions Examination Council (FFIEC), the Federal Deposit Insurance Corporation (FDIC), the Financial Industry Regulatory Authority (FINRA), and the New York Department of Financial Services (NYDFS) just to name a few. Navigating these various entities and their requirements is an arduous and often overwhelming process for any leader of a financial institution.


Any business in the health care or financial industries should be wary of cyber attacks. Personally identifiable information as it relates to both health and financial records continues to be in high demand on the black market and dark web. With hackers becoming more adept at discovering methods of infiltration, now is the time for companies to expend the time and resources necessary to implementing the appropriate safeguards.


Want to discuss cybersecurity or talk about what your company needs to do to be legally compliant with rapidly-evolving industry standards? Contact me today.