Email Data Breaches Are the Most Common Incident Location According to OCR Data

November 4th, 2019

Email data breaches were the most common incident location listed in breach notification data from the Office of Civil Rights, a subbranch of the Department of Health and Human Services. From the first of June, 2019 until the time of writing, 178 different breaches had been reported to the authorities.

Of these breaches, 69 involved email as their “Location of Breached Information”. In total, these email-related breaches affected almost 850,000 individuals – that’s almost a million people who had their data exposed or stolen due to either hacking or improper use. All in just six months.

Email data breaches were the clear frontrunner, with network servers following a reasonable distance behind them as the second most common location of breached information. Network servers were involved in 54 of the cases.

So what do these figures tell us?

Email Is Still the Weakest Link in Security & Data Breaches

If the OCR data reveals that email is the most common location of data breaches in recent times, then it insinuates that we have major issues in our approach to using email.

The data doesn’t necessarily mean that email technology is inherently less secure than network servers or the other incident locations – the results may be caused by how ubiquitous email is for communication, how easy it is for hackers to trick us over email, or how cavalier our attitudes are towards it.

However, the data does indicate that email is still a major source of problems, and we need to take the necessary steps to minimize its role in the cavalcade of data breaches we seem to experience.

Preventing Email Data Breaches

Data breaches are a concern for all businesses, because they can result in business disruption, damage a brand’s reputation, and result in huge compensation costs as well as fines.

This is especially true for organizations in the health sector and their business associates who deal with ePHI. Not only is the data they possess valuable and attractive to hackers, but they are also governed by strict HIPAA laws and the harsh penalties that come alongside them.

This makes email data breach prevention incredibly important for those both inside and outside of the health sector. The good news is that there are several things businesses can do to reduce the risks they face.

One of the first steps should be to adopt a secure email service like LuxSci’s HIPAA-compliant email hosting. Our solution offers a high degree of security configuration options that help organizations protect their data according to their own unique needs. These include support for PGP, S/MIME, portal pickup and TLS, providing protection for email both in transit and in storage.

LuxSci’s premium email filtering also helps to stop attackers from ever making their way into employee inboxes, preventing them from gaining footholds that they can use to cause email data breaches.

Although the OCR’s notification data doesn’t go into depth, it’s likely that many of the affected businesses either weren’t using secure email software, or were using it inappropriately. Our HIPAA-compliant service can help to cut down on the risks that organizations face, reducing the likelihood of them ending up on the OCR’s list in the future.

While the majority of email data breach incidents in the OCR figures were due to hacking, some were the result of unauthorized access or disclosure. These acts are often overlooked, but they still contribute to costly and disruptive breaches.

LuxSci’s email hosting can help to cut down on accidental email data breaches because we offer features like opt-out encryption. When our clients enable it, it means that their employees have to actively opt-out when they don’t want encryption to protect a message.

This almost completely eliminates incidents where employees simply forget to encrypt sensitive data. They would have to go out of their way to do so, which makes opt-out encryption a simple way for organizations to reduce the risks they face.

Email data breaches are one of the huge risks that businesses face in our internet age. Thankfully, there are straightforward steps that organizations can take to minimize them, which helps to save money in the long run. LuxSci’s email service is just one of them. We also offer a wide range of other secure services such as hosting and forms.