Trial Today Get in touch
ICO data shows health sector accounts for 43 percent of all data breach incidents

ICO data shows health sector accounts for 43 percent of all data breach incidents

Jun 1, 2017
Share this story:

London - June 2017 – Egress Software Technologies, a leading provider of data security services, has revealed that the UK health sector suffered a disproportionate number of data breach incidents between January 2013 and December 2016. In total, healthcare organisations suffered 2,447 incidents and accounted for 43 percent of all reported incidents in the time period. By comparison, the second highest was local government, with 642 reported incidents – an 11 percent share. The data, received from the Information Commissioner's office, also shows that human error accounts for the almost half of these incidents across every sector.

In its analysis of the data, Egress found a clear spike in data breach incidents within UK healthcare organisations. Comparing the last quarter (October – December) of the past three years, healthcare organisations were found to consistently top the list for data breach incidents. Furthermore, the number of incidents rose year on year, with a 20 percent increase, from 184 incidents in the last quarter of 2014, to 221 in the last quarter of 2016.

Critically, the findings showed that the many of these incidents are attributed to human error, rather than external threat. Taking the 221 incidents occurring between October and December 2016, the top-ranking incident types were:

  1. Theft or loss of paperwork – 24 percent

  2. [Other principle 7 failure] – 22 percent[1]

  3. Data faxed/posted to incorrect recipient – 19 percent

  4. Data sent by email to incorrect recipient – 9 percent

  5. Failure to redact data – 5 percent

“Following the WannaCry exploit, the vulnerability of the healthcare industry, and the critical importance of improving its cybersecurity, has come into sharp focus,” said Tony Pepper, CEO and co-founder of Egress Software Technologies. “While it’s clear there is a security problem in healthcare, these figures show that it is as much about internal activity as external threat.

“There’s no doubt that someone inadvertently emailing a spreadsheet containing sensitive patient details to the wrong person isn’t as good a headline as a ransomware attack, but that does not diminish the threat it poses.

Additional findings:

  • While healthcare had the highest volume of incidents, others are increasing more rapidly. Across all sectors, the total number of security incidents reported has increased by almost one-third (32 percent) since 2014.

  • The courts and justice sector has experienced the most significant increase in incidents, a 290 percent hike since 2014, placing it in the top five worst affected industries by the last quarter of 2016.

  • Other significant increases can be seen in the central government and finance industries, with 33 percent and 44 percent increases, respectively.

  • The ‘human element’ – where internal staff have made mistakes – accounted for almost half of total data breach incidents: 44 percent October-December 2014, 43 percent 2015, 49 percent 2016.[2]

  • Data shared in error is the single highest contributor to breaches year-on-year resulting from human error, annually, causing roughly one-third of incidents (31 percent 2014, 34 percent 2015, 31 percent 2016).

“We are all aware that security incidents are rising, but many may not suspect how large a proportion of these are down to error and lack of control over sensitive data,” continued Pepper. “What the information from the ICO makes clear is that all businesses need to do more to better protect sensitive information. Meeting this challenge requires a combination of improved employee training and the communication of risks, and the deployment of the right technologies to minimise the number opportunities available for human error to take hold.”

For press enquiries, please contact FieldHouse Associates:

Tel: +44 (0) 7961 311080


For more information about Egress Software Technologies, please contact Rebecca Bailey - Marketing and Communications:

Tel: +44 (0) 207 624 8500


About Egress Software Technologies Inc.

Egress Software Technologies is the leading provider of data security services designed to protect shared information throughout its lifecycle.

Offering Public Sector and Enterprise customers a portfolio of complementary services, the Egress Switch platform enables end-users to share and collaborate securely, while reducing the risk of loss and maintaining compliance. These award-winning integrated services include email and document classification, email and file encryption, secure managed file transfer, secure online collaboration and secure email and file archiving.

Certified by UK Government, Switch offers a seamless user experience, powerful real-time auditing and patented information rights management, all accessible using a single global identity.

[1] Other principle 7 failure is a catch-all for reported incidents that do not fit defined categories

[2] Categories including: data shared in error, verbal disclosure, insecure disposal, failure to redact data, cybersecurity misconfiguratio

footer_cesg_2018_258x100 footer_skyhigh_89x100 NATO Common Criteria footer_bsi_iso_178x100